fortinet.fortimanager.fmgr_fsp_vlan module – FortiSwitch VLAN template.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

fsp_vlan

dictionary

The top level parameters set.

_dhcp_status

aliases: _dhcp-status

string

Dhcp status.

Choices:

  • "disable"

  • "enable"

auth

string

Auth.

Choices:

  • "radius"

  • "usergroup"

color

integer

Color.

comments

string

Comments.

dhcp_server

aliases: dhcp-server

dictionary

Dhcp server.

auto_configuration

aliases: auto-configuration

string

Enable/disable auto configuration.

Choices:

  • "disable"

  • "enable"

auto_managed_status

aliases: auto-managed-status

string

Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.

Choices:

  • "disable"

  • "enable"

conflicted_ip_timeout

aliases: conflicted-ip-timeout

integer

Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.

ddns_auth

aliases: ddns-auth

string

DDNS authentication mode.

Choices:

  • "disable"

  • "tsig"

ddns_key

aliases: ddns-key

any

(list or str) DDNS update key

ddns_keyname

aliases: ddns-keyname

string

DDNS update key name.

ddns_server_ip

aliases: ddns-server-ip

string

DDNS server IP.

ddns_ttl

aliases: ddns-ttl

integer

TTL.

ddns_update

aliases: ddns-update

string

Enable/disable DDNS update for DHCP.

Choices:

  • "disable"

  • "enable"

ddns_update_override

aliases: ddns-update-override

string

Enable/disable DDNS update override for DHCP.

Choices:

  • "disable"

  • "enable"

ddns_zone

aliases: ddns-zone

string

Zone of your domain name

default_gateway

aliases: default-gateway

string

Default gateway IP address assigned by the DHCP server.

dhcp_settings_from_fortiipam

aliases: dhcp-settings-from-fortiipam

string

Enable/disable populating of DHCP server settings from FortiIPAM.

Choices:

  • "disable"

  • "enable"

dns_server1

aliases: dns-server1

string

DNS server 1.

dns_server2

aliases: dns-server2

string

DNS server 2.

dns_server3

aliases: dns-server3

string

DNS server 3.

dns_server4

aliases: dns-server4

string

DNS server 4.

dns_service

aliases: dns-service

string

Options for assigning DNS servers to DHCP clients.

Choices:

  • "default"

  • "specify"

  • "local"

domain

string

Domain name suffix for the IP addresses that the DHCP server assigns to clients.

enable

string

Enable.

Choices:

  • "disable"

  • "enable"

exclude_range

aliases: exclude-range

list / elements=dictionary

Exclude range.

end_ip

aliases: end-ip

string

End of IP range.

id

integer

ID.

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means default lease time.

start_ip

aliases: start-ip

string

Start of IP range.

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

filename

string

Name of the boot file on the TFTP server.

forticlient_on_net_status

aliases: forticlient-on-net-status

string

Enable/disable FortiClient-On-Net service for this DHCP server.

Choices:

  • "disable"

  • "enable"

id

integer

ID.

ip_mode

aliases: ip-mode

string

Method used to assign client IP.

Choices:

  • "range"

  • "usrgrp"

ip_range

aliases: ip-range

list / elements=dictionary

Ip range.

end_ip

aliases: end-ip

string

End of IP range.

id

integer

ID.

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means default lease time.

start_ip

aliases: start-ip

string

Start of IP range.

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

ipsec_lease_hold

aliases: ipsec-lease-hold

integer

DHCP over IPsec leases expire this many seconds after tunnel down

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means unlimited.

mac_acl_default_action

aliases: mac-acl-default-action

string

MAC access control default action

Choices:

  • "assign"

  • "block"

netmask

string

Netmask assigned by the DHCP server.

next_server

aliases: next-server

string

IP address of a server

ntp_server1

aliases: ntp-server1

string

NTP server 1.

ntp_server2

aliases: ntp-server2

string

NTP server 2.

ntp_server3

aliases: ntp-server3

string

NTP server 3.

ntp_service

aliases: ntp-service

string

Options for assigning Network Time Protocol

Choices:

  • "default"

  • "specify"

  • "local"

option1

any

(list) Option1.

option2

any

(list) Option2.

option3

any

(list) Option3.

option4

string

Option4.

option5

string

Option5.

option6

string

Option6.

options

list / elements=dictionary

Options.

code

integer

DHCP option code.

id

integer

ID.

ip

any

(list) DHCP option IPs.

type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

  • "ip"

  • "fqdn"

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

value

string

DHCP option value.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

relay_agent

aliases: relay-agent

string

Relay agent IP.

reserved_address

aliases: reserved-address

list / elements=dictionary

Reserved address.

action

string

Options for the DHCP server to configure the client with the reserved MAC address.

Choices:

  • "assign"

  • "block"

  • "reserved"

circuit_id

aliases: circuit-id

string

Option 82 circuit-ID of the client that will get the reserved IP address.

circuit_id_type

aliases: circuit-id-type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

description

string

Description.

id

integer

ID.

ip

string

IP address to be reserved for the MAC address.

mac

string

MAC address of the client that will get the reserved IP address.

remote_id

aliases: remote-id

string

Option 82 remote-ID of the client that will get the reserved IP address.

remote_id_type

aliases: remote-id-type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

type

string

DHCP reserved-address type.

Choices:

  • "mac"

  • "option82"

server_type

aliases: server-type

string

DHCP server can be a normal DHCP server or an IPsec DHCP server.

Choices:

  • "regular"

  • "ipsec"

shared_subnet

aliases: shared-subnet

string

Enable/disable shared subnet.

Choices:

  • "disable"

  • "enable"

status

string

Enable/disable this DHCP configuration.

Choices:

  • "disable"

  • "enable"

tftp_server

aliases: tftp-server

any

(list) One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.

timezone

string

Select the time zone to be assigned to DHCP clients.

Choices:

  • "00"

  • "01"

  • "02"

  • "03"

  • "04"

  • "05"

  • "06"

  • "07"

  • "08"

  • "09"

  • "10"

  • "11"

  • "12"

  • "13"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "22"

  • "23"

  • "24"

  • "25"

  • "26"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

  • "32"

  • "33"

  • "34"

  • "35"

  • "36"

  • "37"

  • "38"

  • "39"

  • "40"

  • "41"

  • "42"

  • "43"

  • "44"

  • "45"

  • "46"

  • "47"

  • "48"

  • "49"

  • "50"

  • "51"

  • "52"

  • "53"

  • "54"

  • "55"

  • "56"

  • "57"

  • "58"

  • "59"

  • "60"

  • "61"

  • "62"

  • "63"

  • "64"

  • "65"

  • "66"

  • "67"

  • "68"

  • "69"

  • "70"

  • "71"

  • "72"

  • "73"

  • "74"

  • "75"

  • "76"

  • "77"

  • "78"

  • "79"

  • "80"

  • "81"

  • "82"

  • "83"

  • "84"

  • "85"

  • "86"

  • "87"

timezone_option

aliases: timezone-option

string

Options for the DHCP server to set the clients time zone.

Choices:

  • "disable"

  • "default"

  • "specify"

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

wifi_ac1

aliases: wifi-ac1

string

WiFi Access Controller 1 IP address

wifi_ac2

aliases: wifi-ac2

string

WiFi Access Controller 2 IP address

wifi_ac3

aliases: wifi-ac3

string

WiFi Access Controller 3 IP address

wifi_ac_service

aliases: wifi-ac-service

string

Options for assigning WiFi Access Controllers to DHCP clients

Choices:

  • "specify"

  • "local"

wins_server1

aliases: wins-server1

string

WINS server 1.

wins_server2

aliases: wins-server2

string

WINS server 2.

dynamic_mapping

list / elements=dictionary

Dynamic mapping.

_dhcp_status

aliases: _dhcp-status

string

Dhcp status.

Choices:

  • "disable"

  • "enable"

_scope

list / elements=dictionary

Scope.

name

string

Name.

vdom

string

Vdom.

dhcp_server

aliases: dhcp-server

dictionary

Dhcp server.

auto_configuration

aliases: auto-configuration

string

Enable/disable auto configuration.

Choices:

  • "disable"

  • "enable"

auto_managed_status

aliases: auto-managed-status

string

Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.

Choices:

  • "disable"

  • "enable"

conflicted_ip_timeout

aliases: conflicted-ip-timeout

integer

Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.

ddns_auth

aliases: ddns-auth

string

DDNS authentication mode.

Choices:

  • "disable"

  • "tsig"

ddns_key

aliases: ddns-key

any

(list or str) DDNS update key

ddns_keyname

aliases: ddns-keyname

string

DDNS update key name.

ddns_server_ip

aliases: ddns-server-ip

string

DDNS server IP.

ddns_ttl

aliases: ddns-ttl

integer

TTL.

ddns_update

aliases: ddns-update

string

Enable/disable DDNS update for DHCP.

Choices:

  • "disable"

  • "enable"

ddns_update_override

aliases: ddns-update-override

string

Enable/disable DDNS update override for DHCP.

Choices:

  • "disable"

  • "enable"

ddns_zone

aliases: ddns-zone

string

Zone of your domain name

default_gateway

aliases: default-gateway

string

Default gateway IP address assigned by the DHCP server.

dhcp_settings_from_fortiipam

aliases: dhcp-settings-from-fortiipam

string

Enable/disable populating of DHCP server settings from FortiIPAM.

Choices:

  • "disable"

  • "enable"

dns_server1

aliases: dns-server1

string

DNS server 1.

dns_server2

aliases: dns-server2

string

DNS server 2.

dns_server3

aliases: dns-server3

string

DNS server 3.

dns_server4

aliases: dns-server4

string

DNS server 4.

dns_service

aliases: dns-service

string

Options for assigning DNS servers to DHCP clients.

Choices:

  • "default"

  • "specify"

  • "local"

domain

string

Domain name suffix for the IP addresses that the DHCP server assigns to clients.

enable

string

Enable.

Choices:

  • "disable"

  • "enable"

exclude_range

aliases: exclude-range

list / elements=dictionary

Exclude range.

end_ip

aliases: end-ip

string

End of IP range.

id

integer

ID.

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means default lease time.

start_ip

aliases: start-ip

string

Start of IP range.

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

filename

string

Name of the boot file on the TFTP server.

forticlient_on_net_status

aliases: forticlient-on-net-status

string

Enable/disable FortiClient-On-Net service for this DHCP server.

Choices:

  • "disable"

  • "enable"

id

integer

ID.

ip_mode

aliases: ip-mode

string

Method used to assign client IP.

Choices:

  • "range"

  • "usrgrp"

ip_range

aliases: ip-range

list / elements=dictionary

Ip range.

end_ip

aliases: end-ip

string

End of IP range.

id

integer

ID.

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means default lease time.

start_ip

aliases: start-ip

string

Start of IP range.

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

ipsec_lease_hold

aliases: ipsec-lease-hold

integer

DHCP over IPsec leases expire this many seconds after tunnel down

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means unlimited.

mac_acl_default_action

aliases: mac-acl-default-action

string

MAC access control default action

Choices:

  • "assign"

  • "block"

netmask

string

Netmask assigned by the DHCP server.

next_server

aliases: next-server

string

IP address of a server

ntp_server1

aliases: ntp-server1

string

NTP server 1.

ntp_server2

aliases: ntp-server2

string

NTP server 2.

ntp_server3

aliases: ntp-server3

string

NTP server 3.

ntp_service

aliases: ntp-service

string

Options for assigning Network Time Protocol

Choices:

  • "default"

  • "specify"

  • "local"

option1

any

(list) Option1.

option2

any

(list) Option2.

option3

any

(list) Option3.

option4

string

Option4.

option5

string

Option5.

option6

string

Option6.

options

list / elements=dictionary

Options.

code

integer

DHCP option code.

id

integer

ID.

ip

any

(list) DHCP option IPs.

type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

  • "ip"

  • "fqdn"

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

value

string

DHCP option value.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

relay_agent

aliases: relay-agent

string

Relay agent IP.

reserved_address

aliases: reserved-address

list / elements=dictionary

Reserved address.

action

string

Options for the DHCP server to configure the client with the reserved MAC address.

Choices:

  • "assign"

  • "block"

  • "reserved"

circuit_id

aliases: circuit-id

string

Option 82 circuit-ID of the client that will get the reserved IP address.

circuit_id_type

aliases: circuit-id-type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

description

string

Description.

id

integer

ID.

ip

string

IP address to be reserved for the MAC address.

mac

string

MAC address of the client that will get the reserved IP address.

remote_id

aliases: remote-id

string

Option 82 remote-ID of the client that will get the reserved IP address.

remote_id_type

aliases: remote-id-type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

type

string

DHCP reserved-address type.

Choices:

  • "mac"

  • "option82"

server_type

aliases: server-type

string

DHCP server can be a normal DHCP server or an IPsec DHCP server.

Choices:

  • "regular"

  • "ipsec"

shared_subnet

aliases: shared-subnet

string

Enable/disable shared subnet.

Choices:

  • "disable"

  • "enable"

status

string

Enable/disable this DHCP configuration.

Choices:

  • "disable"

  • "enable"

tftp_server

aliases: tftp-server

any

(list) One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.

timezone

string

Select the time zone to be assigned to DHCP clients.

Choices:

  • "00"

  • "01"

  • "02"

  • "03"

  • "04"

  • "05"

  • "06"

  • "07"

  • "08"

  • "09"

  • "10"

  • "11"

  • "12"

  • "13"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "22"

  • "23"

  • "24"

  • "25"

  • "26"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

  • "32"

  • "33"

  • "34"

  • "35"

  • "36"

  • "37"

  • "38"

  • "39"

  • "40"

  • "41"

  • "42"

  • "43"

  • "44"

  • "45"

  • "46"

  • "47"

  • "48"

  • "49"

  • "50"

  • "51"

  • "52"

  • "53"

  • "54"

  • "55"

  • "56"

  • "57"

  • "58"

  • "59"

  • "60"

  • "61"

  • "62"

  • "63"

  • "64"

  • "65"

  • "66"

  • "67"

  • "68"

  • "69"

  • "70"

  • "71"

  • "72"

  • "73"

  • "74"

  • "75"

  • "76"

  • "77"

  • "78"

  • "79"

  • "80"

  • "81"

  • "82"

  • "83"

  • "84"

  • "85"

  • "86"

  • "87"

timezone_option

aliases: timezone-option

string

Options for the DHCP server to set the clients time zone.

Choices:

  • "disable"

  • "default"

  • "specify"

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

wifi_ac1

aliases: wifi-ac1

string

WiFi Access Controller 1 IP address

wifi_ac2

aliases: wifi-ac2

string

WiFi Access Controller 2 IP address

wifi_ac3

aliases: wifi-ac3

string

WiFi Access Controller 3 IP address

wifi_ac_service

aliases: wifi-ac-service

string

Options for assigning WiFi Access Controllers to DHCP clients

Choices:

  • "specify"

  • "local"

wins_server1

aliases: wins-server1

string

WINS server 1.

wins_server2

aliases: wins-server2

string

WINS server 2.

interface

dictionary

Interface.

dhcp_relay_agent_option

aliases: dhcp-relay-agent-option

string

Dhcp relay agent option.

Choices:

  • "disable"

  • "enable"

dhcp_relay_interface_select_method

aliases: dhcp-relay-interface-select-method

string

Dhcp relay interface select method.

Choices:

  • "auto"

  • "sdwan"

  • "specify"

dhcp_relay_ip

aliases: dhcp-relay-ip

any

(list) Dhcp relay ip.

dhcp_relay_service

aliases: dhcp-relay-service

string

Dhcp relay service.

Choices:

  • "disable"

  • "enable"

dhcp_relay_type

aliases: dhcp-relay-type

string

Dhcp relay type.

Choices:

  • "regular"

  • "ipsec"

ip

string

Ip.

ipv6

dictionary

Ipv6.

autoconf

string

Enable/disable address auto config.

Choices:

  • "disable"

  • "enable"

cli_conn6_status

aliases: cli-conn6-status

integer

Cli conn6 status.

dhcp6_client_options

aliases: dhcp6-client-options

list / elements=string

Dhcp6 client options.

Choices:

  • "rapid"

  • "iapd"

  • "iana"

  • "dns"

  • "dnsname"

dhcp6_information_request

aliases: dhcp6-information-request

string

Enable/disable DHCPv6 information request.

Choices:

  • "disable"

  • "enable"

dhcp6_prefix_delegation

aliases: dhcp6-prefix-delegation

string

Enable/disable DHCPv6 prefix delegation.

Choices:

  • "disable"

  • "enable"

dhcp6_prefix_hint

aliases: dhcp6-prefix-hint

string

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

dhcp6_prefix_hint_plt

aliases: dhcp6-prefix-hint-plt

integer

DHCPv6 prefix hint preferred life time

dhcp6_prefix_hint_vlt

aliases: dhcp6-prefix-hint-vlt

integer

DHCPv6 prefix hint valid life time

dhcp6_relay_interface_id

aliases: dhcp6-relay-interface-id

string

DHCP6 relay interface ID.

dhcp6_relay_ip

aliases: dhcp6-relay-ip

string

DHCPv6 relay IP address.

dhcp6_relay_service

aliases: dhcp6-relay-service

string

Enable/disable DHCPv6 relay.

Choices:

  • "disable"

  • "enable"

dhcp6_relay_source_interface

aliases: dhcp6-relay-source-interface

string

Enable/disable use of address on this interface as the source address of the relay message.

Choices:

  • "disable"

  • "enable"

dhcp6_relay_source_ip

aliases: dhcp6-relay-source-ip

string

IPv6 address used by the DHCP6 relay as its source IP.

dhcp6_relay_type

aliases: dhcp6-relay-type

string

DHCPv6 relay type.

Choices:

  • "regular"

icmp6_send_redirect

aliases: icmp6-send-redirect

string

Enable/disable sending of ICMPv6 redirects.

Choices:

  • "disable"

  • "enable"

interface_identifier

aliases: interface-identifier

string

IPv6 interface identifier.

ip6_address

aliases: ip6-address

string

Primary IPv6 address prefix, syntax

ip6_allowaccess

aliases: ip6-allowaccess

list / elements=string

Allow management access to the interface.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "capwap"

  • "fabric"

ip6_default_life

aliases: ip6-default-life

integer

Default life

ip6_delegated_prefix_iaid

aliases: ip6-delegated-prefix-iaid

integer

IAID of obtained delegated-prefix from the upstream interface.

ip6_delegated_prefix_list

aliases: ip6-delegated-prefix-list

list / elements=dictionary

Ip6 delegated prefix list.

autonomous_flag

aliases: autonomous-flag

string

Enable/disable the autonomous flag.

Choices:

  • "disable"

  • "enable"

delegated_prefix_iaid

aliases: delegated-prefix-iaid

integer

IAID of obtained delegated-prefix from the upstream interface.

onlink_flag

aliases: onlink-flag

string

Enable/disable the onlink flag.

Choices:

  • "disable"

  • "enable"

prefix_id

aliases: prefix-id

integer

Prefix ID.

rdnss

any

(list) Recursive DNS server option.

rdnss_service

aliases: rdnss-service

string

Recursive DNS service option.

Choices:

  • "delegated"

  • "default"

  • "specify"

subnet

string

Add subnet ID to routing prefix.

upstream_interface

aliases: upstream-interface

string

Name of the interface that provides delegated information.

ip6_dns_server_override

aliases: ip6-dns-server-override

string

Enable/disable using the DNS server acquired by DHCP.

Choices:

  • "disable"

  • "enable"

ip6_extra_addr

aliases: ip6-extra-addr

list / elements=dictionary

Ip6 extra addr.

prefix

string

IPv6 address prefix.

ip6_hop_limit

aliases: ip6-hop-limit

integer

Hop limit

ip6_link_mtu

aliases: ip6-link-mtu

integer

IPv6 link MTU.

ip6_manage_flag

aliases: ip6-manage-flag

string

Enable/disable the managed flag.

Choices:

  • "disable"

  • "enable"

ip6_max_interval

aliases: ip6-max-interval

integer

IPv6 maximum interval

ip6_min_interval

aliases: ip6-min-interval

integer

IPv6 minimum interval

ip6_mode

aliases: ip6-mode

string

Addressing mode

Choices:

  • "static"

  • "dhcp"

  • "pppoe"

  • "delegated"

ip6_other_flag

aliases: ip6-other-flag

string

Enable/disable the other IPv6 flag.

Choices:

  • "disable"

  • "enable"

ip6_prefix_list

aliases: ip6-prefix-list

list / elements=dictionary

Ip6 prefix list.

autonomous_flag

aliases: autonomous-flag

string

Enable/disable the autonomous flag.

Choices:

  • "disable"

  • "enable"

dnssl

any

(list) DNS search list option.

onlink_flag

aliases: onlink-flag

string

Enable/disable the onlink flag.

Choices:

  • "disable"

  • "enable"

preferred_life_time

aliases: preferred-life-time

integer

Preferred life time

prefix

string

IPv6 prefix.

rdnss

any

(list) Recursive DNS server option.

valid_life_time

aliases: valid-life-time

integer

Valid life time

ip6_prefix_mode

aliases: ip6-prefix-mode

string

Assigning a prefix from DHCP or RA.

Choices:

  • "dhcp6"

  • "ra"

ip6_reachable_time

aliases: ip6-reachable-time

integer

IPv6 reachable time

ip6_retrans_time

aliases: ip6-retrans-time

integer

IPv6 retransmit time

ip6_send_adv

aliases: ip6-send-adv

string

Enable/disable sending advertisements about the interface.

Choices:

  • "disable"

  • "enable"

ip6_subnet

aliases: ip6-subnet

string

Subnet to routing prefix, syntax

ip6_upstream_interface

aliases: ip6-upstream-interface

string

Interface name providing delegated information.

nd_cert

aliases: nd-cert

string

Neighbor discovery certificate.

nd_cga_modifier

aliases: nd-cga-modifier

string

Neighbor discovery CGA modifier.

nd_mode

aliases: nd-mode

string

Neighbor discovery mode.

Choices:

  • "basic"

  • "SEND-compatible"

nd_security_level

aliases: nd-security-level

integer

Neighbor discovery security level

nd_timestamp_delta

aliases: nd-timestamp-delta

integer

Neighbor discovery timestamp delta value

nd_timestamp_fuzz

aliases: nd-timestamp-fuzz

integer

Neighbor discovery timestamp fuzz factor

ra_send_mtu

aliases: ra-send-mtu

string

Enable/disable sending link MTU in RA packet.

Choices:

  • "disable"

  • "enable"

unique_autoconf_addr

aliases: unique-autoconf-addr

string

Enable/disable unique auto config address.

Choices:

  • "disable"

  • "enable"

string

Link-local IPv6 address of virtual router.

vrrp6

list / elements=dictionary

Vrrp6.

accept_mode

aliases: accept-mode

string

Enable/disable accept mode.

Choices:

  • "disable"

  • "enable"

adv_interval

aliases: adv-interval

integer

Advertisement interval

ignore_default_route

aliases: ignore-default-route

string

Enable/disable ignoring of default route when checking destination.

Choices:

  • "disable"

  • "enable"

preempt

string

Enable/disable preempt mode.

Choices:

  • "disable"

  • "enable"

priority

integer

Priority of the virtual router

start_time

aliases: start-time

integer

Startup time

status

string

Enable/disable VRRP.

Choices:

  • "disable"

  • "enable"

vrdst6

string

Monitor the route to this destination.

vrdst_priority

aliases: vrdst-priority

integer

Priority of the virtual router when the virtual router destination becomes unreachable

vrgrp

integer

VRRP group ID

vrid

integer

Virtual router identifier

vrip6

string

IPv6 address of the virtual router.

vrrp_virtual_mac6

aliases: vrrp-virtual-mac6

string

Enable/disable virtual MAC for VRRP.

Choices:

  • "disable"

  • "enable"

secondary_IP

aliases: secondary-IP

string

Secondary IP.

Choices:

  • "disable"

  • "enable"

secondaryip

list / elements=dictionary

Secondaryip.

allowaccess

list / elements=string

Management access settings for the secondary IP address.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

  • "icond"

  • "scim"

detectprotocol

list / elements=string

Protocols used to detect the server.

Choices:

  • "ping"

  • "tcp-echo"

  • "udp-echo"

detectserver

string

Gateways ping server for this IP.

gwdetect

string

Enable/disable detect gateway alive for first.

Choices:

  • "disable"

  • "enable"

ha_priority

aliases: ha-priority

integer

HA election priority for the PING server.

id

integer

ID.

ip

string

Secondary IP address of the interface.

ping_serv_status

aliases: ping-serv-status

integer

Ping serv status.

secip_relay_ip

aliases: secip-relay-ip

string

DHCP relay IP address.

seq

integer

Seq.

vlanid

integer

Vlanid.

vrrp

list / elements=dictionary

Vrrp.

accept_mode

aliases: accept-mode

string

Enable/disable accept mode.

Choices:

  • "disable"

  • "enable"

adv_interval

aliases: adv-interval

integer

Advertisement interval

ignore_default_route

aliases: ignore-default-route

string

Enable/disable ignoring of default route when checking destination.

Choices:

  • "disable"

  • "enable"

preempt

string

Enable/disable preempt mode.

Choices:

  • "disable"

  • "enable"

priority

integer

Priority of the virtual router

proxy_arp

aliases: proxy-arp

list / elements=dictionary

Proxy arp.

id

integer

ID.

ip

string

Set IP addresses of proxy ARP.

start_time

aliases: start-time

integer

Startup time

status

string

Enable/disable this VRRP configuration.

Choices:

  • "disable"

  • "enable"

version

string

VRRP version.

Choices:

  • "2"

  • "3"

vrdst

any

(list) Monitor the route to this destination.

vrdst_priority

aliases: vrdst-priority

integer

Priority of the virtual router when the virtual router destination becomes unreachable

vrgrp

integer

VRRP group ID

vrid

integer

Virtual router identifier

vrip

string

IP address of the virtual router.

interface

dictionary

Interface.

ac_name

aliases: ac-name

string

PPPoE server name.

aggregate

string

Aggregate.

aggregate_type

aliases: aggregate-type

string

Type of aggregation.

Choices:

  • "physical"

  • "vxlan"

algorithm

string

Frame distribution algorithm.

Choices:

  • "L2"

  • "L3"

  • "L4"

  • "LB"

  • "Source-MAC"

alias

string

Alias will be displayed with the interface name to make it easier to distinguish.

allowaccess

list / elements=string

Permitted types of management access to this interface.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

annex

string

Set xDSL annex type.

Choices:

  • "a"

  • "b"

  • "j"

  • "bjm"

  • "i"

  • "al"

  • "m"

  • "aijlm"

  • "bj"

ap_discover

aliases: ap-discover

string

Enable/disable automatic registration of unknown FortiAP devices.

Choices:

  • "disable"

  • "enable"

arpforward

string

Enable/disable ARP forwarding.

Choices:

  • "disable"

  • "enable"

atm_protocol

aliases: atm-protocol

string

ATM protocol.

Choices:

  • "none"

  • "ipoa"

auth_cert

aliases: auth-cert

string

HTTPS server certificate.

auth_portal_addr

aliases: auth-portal-addr

string

Address of captive portal.

auth_type

aliases: auth-type

string

PPP authentication type to use.

Choices:

  • "auto"

  • "pap"

  • "chap"

  • "mschapv1"

  • "mschapv2"

auto_auth_extension_device

aliases: auto-auth-extension-device

string

Enable/disable automatic authorization of dedicated Fortinet extension device on this interface.

Choices:

  • "disable"

  • "enable"

bandwidth_measure_time

aliases: bandwidth-measure-time

integer

Bandwidth measure time

bfd

string

Bidirectional Forwarding Detection

Choices:

  • "global"

  • "enable"

  • "disable"

bfd_desired_min_tx

aliases: bfd-desired-min-tx

integer

BFD desired minimal transmit interval.

bfd_detect_mult

aliases: bfd-detect-mult

integer

BFD detection multiplier.

bfd_required_min_rx

aliases: bfd-required-min-rx

integer

BFD required minimal receive interval.

broadcast_forticlient_discovery

aliases: broadcast-forticlient-discovery

string

Enable/disable broadcasting FortiClient discovery messages.

Choices:

  • "disable"

  • "enable"

broadcast_forward

aliases: broadcast-forward

string

Enable/disable broadcast forwarding.

Choices:

  • "disable"

  • "enable"

captive_portal

aliases: captive-portal

integer

Enable/disable captive portal.

cli_conn_status

aliases: cli-conn-status

integer

Cli conn status.

color

integer

Color of icon on the GUI.

ddns

string

Ddns.

Choices:

  • "disable"

  • "enable"

ddns_auth

aliases: ddns-auth

string

Ddns auth.

Choices:

  • "disable"

  • "tsig"

ddns_domain

aliases: ddns-domain

string

Ddns domain.

ddns_key

aliases: ddns-key

any

(list or str) Ddns key.

ddns_keyname

aliases: ddns-keyname

string

Ddns keyname.

ddns_password

aliases: ddns-password

any

(list) Ddns password.

ddns_server

aliases: ddns-server

string

Ddns server.

Choices:

  • "dhs.org"

  • "dyndns.org"

  • "dyns.net"

  • "tzo.com"

  • "ods.org"

  • "vavic.com"

  • "now.net.cn"

  • "dipdns.net"

  • "easydns.com"

  • "genericDDNS"

ddns_server_ip

aliases: ddns-server-ip

string

Ddns server ip.

ddns_sn

aliases: ddns-sn

string

Ddns sn.

ddns_ttl

aliases: ddns-ttl

integer

Ddns ttl.

ddns_username

aliases: ddns-username

string

Ddns username.

ddns_zone

aliases: ddns-zone

string

Ddns zone.

dedicated_to

aliases: dedicated-to

string

Configure interface for single purpose.

Choices:

  • "none"

  • "management"

default_purdue_level

aliases: default-purdue-level

string

Default purdue level of device detected on this interface.

Choices:

  • "1"

  • "2"

  • "3"

  • "4"

  • "5"

  • "1.5"

  • "2.5"

  • "3.5"

  • "5.5"

defaultgw

string

Enable to get the gateway IP from the DHCP or PPPoE server.

Choices:

  • "disable"

  • "enable"

description

string

Description.

detected_peer_mtu

aliases: detected-peer-mtu

integer

Detected peer mtu.

detectprotocol

list / elements=string

Protocols used to detect the server.

Choices:

  • "ping"

  • "tcp-echo"

  • "udp-echo"

detectserver

string

Gateways ping server for this IP.

device_access_list

aliases: device-access-list

any

(list or str) Device access list.

device_identification

aliases: device-identification

string

Enable/disable passively gathering of device identity information about the devices on the network connected to th…

Choices:

  • "disable"

  • "enable"

device_identification_active_scan

aliases: device-identification-active-scan

string

Enable/disable active gathering of device identity information about the devices on the network connected to this …

Choices:

  • "disable"

  • "enable"

device_netscan

aliases: device-netscan

string

Enable/disable inclusion of devices detected on this interface in network vulnerability scans.

Choices:

  • "disable"

  • "enable"

device_user_identification

aliases: device-user-identification

string

Enable/disable passive gathering of user identity information about users on this interface.

Choices:

  • "disable"

  • "enable"

devindex

integer

Devindex.

dhcp_broadcast_flag

aliases: dhcp-broadcast-flag

string

Enable/disable setting of the broadcast flag in messages sent by the DHCP client

Choices:

  • "disable"

  • "enable"

dhcp_classless_route_addition

aliases: dhcp-classless-route-addition

string

Enable/disable addition of classless static routes retrieved from DHCP server.

Choices:

  • "disable"

  • "enable"

dhcp_client_identifier

aliases: dhcp-client-identifier

string

DHCP client identifier.

dhcp_relay_agent_option

aliases: dhcp-relay-agent-option

string

Enable/disable DHCP relay agent option.

Choices:

  • "disable"

  • "enable"

dhcp_relay_allow_no_end_option

aliases: dhcp-relay-allow-no-end-option

string

Enable/disable relaying DHCP messages with no end option.

Choices:

  • "disable"

  • "enable"

dhcp_relay_circuit_id

aliases: dhcp-relay-circuit-id

string

DHCP relay circuit ID.

dhcp_relay_interface

aliases: dhcp-relay-interface

string

Specify outgoing interface to reach server.

dhcp_relay_interface_select_method

aliases: dhcp-relay-interface-select-method

string

Specify how to select outgoing interface to reach server.

Choices:

  • "auto"

  • "sdwan"

  • "specify"

dhcp_relay_ip

aliases: dhcp-relay-ip

any

(list) DHCP relay IP address.

dhcp_relay_link_selection

aliases: dhcp-relay-link-selection

string

DHCP relay link selection.

dhcp_relay_request_all_server

aliases: dhcp-relay-request-all-server

string

Enable/disable sending of DHCP requests to all servers.

Choices:

  • "disable"

  • "enable"

dhcp_relay_service

aliases: dhcp-relay-service

string

Enable/disable allowing this interface to act as a DHCP relay.

Choices:

  • "disable"

  • "enable"

dhcp_relay_source_ip

aliases: dhcp-relay-source-ip

string

IP address used by the DHCP relay as its source IP.

dhcp_relay_type

aliases: dhcp-relay-type

string

DHCP relay type

Choices:

  • "regular"

  • "ipsec"

dhcp_renew_time

aliases: dhcp-renew-time

integer

DHCP renew time in seconds

dhcp_smart_relay

aliases: dhcp-smart-relay

string

Enable/disable DHCP smart relay.

Choices:

  • "disable"

  • "enable"

disc_retry_timeout

aliases: disc-retry-timeout

integer

Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.

disconnect_threshold

aliases: disconnect-threshold

integer

Time in milliseconds to wait before sending a notification that this interface is down or disconnected.

distance

integer

Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.

dns_query

aliases: dns-query

string

Dns query.

Choices:

  • "disable"

  • "recursive"

  • "non-recursive"

dns_server_override

aliases: dns-server-override

string

Enable/disable use DNS acquired by DHCP or PPPoE.

Choices:

  • "disable"

  • "enable"

dns_server_protocol

aliases: dns-server-protocol

list / elements=string

DNS transport protocols.

Choices:

  • "cleartext"

  • "dot"

  • "doh"

drop_fragment

aliases: drop-fragment

string

Enable/disable drop fragment packets.

Choices:

  • "disable"

  • "enable"

drop_overlapped_fragment

aliases: drop-overlapped-fragment

string

Enable/disable drop overlapped fragment packets.

Choices:

  • "disable"

  • "enable"

eap_ca_cert

aliases: eap-ca-cert

string

EAP CA certificate name.

eap_identity

aliases: eap-identity

string

EAP identity.

eap_method

aliases: eap-method

string

EAP method.

Choices:

  • "tls"

  • "peap"

eap_password

aliases: eap-password

any

(list) EAP password.

eap_supplicant

aliases: eap-supplicant

string

Enable/disable EAP-Supplicant.

Choices:

  • "disable"

  • "enable"

eap_user_cert

aliases: eap-user-cert

string

EAP user certificate name.

egress_cos

aliases: egress-cos

string

Override outgoing CoS in user VLAN tag.

Choices:

  • "disable"

  • "cos0"

  • "cos1"

  • "cos2"

  • "cos3"

  • "cos4"

  • "cos5"

  • "cos6"

  • "cos7"

egress_shaping_profile

aliases: egress-shaping-profile

string

Outgoing traffic shaping profile.

eip

string

Eip.

endpoint_compliance

aliases: endpoint-compliance

string

Enable/disable endpoint compliance enforcement.

Choices:

  • "disable"

  • "enable"

estimated_downstream_bandwidth

aliases: estimated-downstream-bandwidth

integer

Estimated maximum downstream bandwidth

estimated_upstream_bandwidth

aliases: estimated-upstream-bandwidth

integer

Estimated maximum upstream bandwidth

explicit_ftp_proxy

aliases: explicit-ftp-proxy

string

Enable/disable the explicit FTP proxy on this interface.

Choices:

  • "disable"

  • "enable"

explicit_web_proxy

aliases: explicit-web-proxy

string

Enable/disable the explicit web proxy on this interface.

Choices:

  • "disable"

  • "enable"

external

string

Enable/disable identifying the interface as an external interface

Choices:

  • "disable"

  • "enable"

fail_action_on_extender

aliases: fail-action-on-extender

string

Action on extender when interface fail .

Choices:

  • "soft-restart"

  • "hard-restart"

  • "reboot"

fail_alert_interfaces

aliases: fail-alert-interfaces

any

(list or str) Names of the FortiGate interfaces to which the link failure alert is sent.

fail_alert_method

aliases: fail-alert-method

string

Select link-failed-signal or link-down method to alert about a failed link.

Choices:

  • "link-failed-signal"

  • "link-down"

fail_detect

aliases: fail-detect

string

Enable/disable fail detection features for this interface.

Choices:

  • "disable"

  • "enable"

fail_detect_option

aliases: fail-detect-option

list / elements=string

Options for detecting that this interface has failed.

Choices:

  • "detectserver"

  • "link-down"

fdp

string

Fdp.

Choices:

  • "disable"

  • "enable"

fortiheartbeat

string

Enable/disable FortiHeartBeat

Choices:

  • "disable"

  • "enable"

string

Enable FortiLink to dedicate this interface to manage other Fortinet devices.

Choices:

  • "disable"

  • "enable"

fortilink_backup_link

aliases: fortilink-backup-link

integer

Fortilink backup link.

fortilink_neighbor_detect

aliases: fortilink-neighbor-detect

string

Protocol for FortiGate neighbor discovery.

Choices:

  • "lldp"

  • "fortilink"

fortilink_split_interface

aliases: fortilink-split-interface

string

Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redun…

Choices:

  • "disable"

  • "enable"

fortilink_stacking

aliases: fortilink-stacking

string

Enable/disable FortiLink switch-stacking on this interface.

Choices:

  • "disable"

  • "enable"

forward_domain

aliases: forward-domain

integer

Transparent mode forward domain.

forward_error_correction

aliases: forward-error-correction

string

Enable/disable forward error correction

Choices:

  • "disable"

  • "enable"

  • "rs-fec"

  • "base-r-fec"

  • "fec-cl91"

  • "fec-cl74"

  • "rs-544"

  • "none"

  • "cl91-rs-fec"

  • "cl74-fc-fec"

  • "auto"

fp_anomaly

aliases: fp-anomaly

list / elements=string

Pass or drop different types of anomalies using Fastpath

Choices:

  • "drop_tcp_fin_noack"

  • "pass_winnuke"

  • "pass_tcpland"

  • "pass_udpland"

  • "pass_icmpland"

  • "pass_ipland"

  • "pass_iprr"

  • "pass_ipssrr"

  • "pass_iplsrr"

  • "pass_ipstream"

  • "pass_ipsecurity"

  • "pass_iptimestamp"

  • "pass_ipunknown_option"

  • "pass_ipunknown_prot"

  • "pass_icmp_frag"

  • "pass_tcp_no_flag"

  • "pass_tcp_fin_noack"

  • "drop_winnuke"

  • "drop_tcpland"

  • "drop_udpland"

  • "drop_icmpland"

  • "drop_ipland"

  • "drop_iprr"

  • "drop_ipssrr"

  • "drop_iplsrr"

  • "drop_ipstream"

  • "drop_ipsecurity"

  • "drop_iptimestamp"

  • "drop_ipunknown_option"

  • "drop_ipunknown_prot"

  • "drop_icmp_frag"

  • "drop_tcp_no_flag"

fp_disable

aliases: fp-disable

list / elements=string

Fp disable.

Choices:

  • "all"

  • "ipsec"

  • "none"

gateway_address

aliases: gateway-address

string

Gateway address

generic_receive_offload

aliases: generic-receive-offload

string

Generic receive offload.

Choices:

  • "disable"

  • "enable"

gi_gk

aliases: gi-gk

string

Enable/disable Gi Gatekeeper.

Choices:

  • "disable"

  • "enable"

gwaddr

string

Gateway address

gwdetect

string

Enable/disable detect gateway alive for first.

Choices:

  • "disable"

  • "enable"

ha_priority

aliases: ha-priority

integer

HA election priority for the PING server.

icmp_accept_redirect

aliases: icmp-accept-redirect

string

Enable/disable ICMP accept redirect.

Choices:

  • "disable"

  • "enable"

icmp_redirect

aliases: icmp-redirect

string

Enable/disable ICMP redirect.

Choices:

  • "disable"

  • "enable"

icmp_send_redirect

aliases: icmp-send-redirect

string

Enable/disable sending of ICMP redirects.

Choices:

  • "disable"

  • "enable"

ident_accept

aliases: ident-accept

string

Enable/disable authentication for this interface.

Choices:

  • "disable"

  • "enable"

idle_timeout

aliases: idle-timeout

integer

PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.

if_mdix

aliases: if-mdix

string

Interface MDIX mode

Choices:

  • "auto"

  • "normal"

  • "crossover"

if_media

aliases: if-media

string

Select interface media type

Choices:

  • "auto"

  • "copper"

  • "fiber"

ike_saml_server

aliases: ike-saml-server

string

Configure IKE authentication SAML server.

in_force_vlan_cos

aliases: in-force-vlan-cos

integer

In force vlan cos.

inbandwidth

integer

Bandwidth limit for incoming traffic

ingress_cos

aliases: ingress-cos

string

Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface.

Choices:

  • "disable"

  • "cos0"

  • "cos1"

  • "cos2"

  • "cos3"

  • "cos4"

  • "cos5"

  • "cos6"

  • "cos7"

ingress_shaping_profile

aliases: ingress-shaping-profile

string

Incoming traffic shaping profile.

ingress_spillover_threshold

aliases: ingress-spillover-threshold

integer

Ingress Spillover threshold

interconnect_profile

aliases: interconnect-profile

string

Set interconnect profile.

Choices:

  • "default"

  • "profile1"

  • "profile2"

internal

integer

Implicitly created.

ip

string

Interface IPv4 address and subnet mask, syntax

ip_managed_by_fortiipam

aliases: ip-managed-by-fortiipam

string

Enable/disable automatic IP address assignment of this interface by FortiIPAM.

Choices:

  • "disable"

  • "enable"

  • "inherit-global"

ipmac

string

Enable/disable IP/MAC binding.

Choices:

  • "disable"

  • "enable"

ips_sniffer_mode

aliases: ips-sniffer-mode

string

Enable/disable the use of this interface as a one-armed sniffer.

Choices:

  • "disable"

  • "enable"

ipunnumbered

string

Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.

ipv6

dictionary

Ipv6.

autoconf

string

Enable/disable address auto config.

Choices:

  • "disable"

  • "enable"

cli_conn6_status

aliases: cli-conn6-status

integer

Cli conn6 status.

dhcp6_client_options

aliases: dhcp6-client-options

list / elements=string

Dhcp6 client options.

Choices:

  • "rapid"

  • "iapd"

  • "iana"

  • "dns"

  • "dnsname"

dhcp6_information_request

aliases: dhcp6-information-request

string

Enable/disable DHCPv6 information request.

Choices:

  • "disable"

  • "enable"

dhcp6_prefix_delegation

aliases: dhcp6-prefix-delegation

string

Enable/disable DHCPv6 prefix delegation.

Choices:

  • "disable"

  • "enable"

dhcp6_prefix_hint

aliases: dhcp6-prefix-hint

string

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

dhcp6_prefix_hint_plt

aliases: dhcp6-prefix-hint-plt

integer

DHCPv6 prefix hint preferred life time

dhcp6_prefix_hint_vlt

aliases: dhcp6-prefix-hint-vlt

integer

DHCPv6 prefix hint valid life time

dhcp6_relay_interface_id

aliases: dhcp6-relay-interface-id

string

DHCP6 relay interface ID.

dhcp6_relay_ip

aliases: dhcp6-relay-ip

string

DHCPv6 relay IP address.

dhcp6_relay_service

aliases: dhcp6-relay-service

string

Enable/disable DHCPv6 relay.

Choices:

  • "disable"

  • "enable"

dhcp6_relay_source_interface

aliases: dhcp6-relay-source-interface

string

Enable/disable use of address on this interface as the source address of the relay message.

Choices:

  • "disable"

  • "enable"

dhcp6_relay_source_ip

aliases: dhcp6-relay-source-ip

string

IPv6 address used by the DHCP6 relay as its source IP.

dhcp6_relay_type

aliases: dhcp6-relay-type

string

DHCPv6 relay type.

Choices:

  • "regular"

icmp6_send_redirect

aliases: icmp6-send-redirect

string

Enable/disable sending of ICMPv6 redirects.

Choices:

  • "disable"

  • "enable"

interface_identifier

aliases: interface-identifier

string

IPv6 interface identifier.

ip6_address

aliases: ip6-address

string

Primary IPv6 address prefix, syntax

ip6_allowaccess

aliases: ip6-allowaccess

list / elements=string

Allow management access to the interface.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "capwap"

  • "fabric"

ip6_default_life

aliases: ip6-default-life

integer

Default life

ip6_delegated_prefix_iaid

aliases: ip6-delegated-prefix-iaid

integer

IAID of obtained delegated-prefix from the upstream interface.

ip6_delegated_prefix_list

aliases: ip6-delegated-prefix-list

list / elements=dictionary

Ip6 delegated prefix list.

autonomous_flag

aliases: autonomous-flag

string

Enable/disable the autonomous flag.

Choices:

  • "disable"

  • "enable"

delegated_prefix_iaid

aliases: delegated-prefix-iaid

integer

IAID of obtained delegated-prefix from the upstream interface.

onlink_flag

aliases: onlink-flag

string

Enable/disable the onlink flag.

Choices:

  • "disable"

  • "enable"

prefix_id

aliases: prefix-id

integer

Prefix ID.

rdnss

any

(list) Recursive DNS server option.

rdnss_service

aliases: rdnss-service

string

Recursive DNS service option.

Choices:

  • "delegated"

  • "default"

  • "specify"

subnet

string

Add subnet ID to routing prefix.

upstream_interface

aliases: upstream-interface

string

Name of the interface that provides delegated information.

ip6_dns_server_override

aliases: ip6-dns-server-override

string

Enable/disable using the DNS server acquired by DHCP.

Choices:

  • "disable"

  • "enable"

ip6_extra_addr

aliases: ip6-extra-addr

list / elements=dictionary

Ip6 extra addr.

prefix

string

IPv6 address prefix.

ip6_hop_limit

aliases: ip6-hop-limit

integer

Hop limit

ip6_link_mtu

aliases: ip6-link-mtu

integer

IPv6 link MTU.

ip6_manage_flag

aliases: ip6-manage-flag

string

Enable/disable the managed flag.

Choices:

  • "disable"

  • "enable"

ip6_max_interval

aliases: ip6-max-interval

integer

IPv6 maximum interval

ip6_min_interval

aliases: ip6-min-interval

integer

IPv6 minimum interval

ip6_mode

aliases: ip6-mode

string

Addressing mode

Choices:

  • "static"

  • "dhcp"

  • "pppoe"

  • "delegated"

ip6_other_flag

aliases: ip6-other-flag

string

Enable/disable the other IPv6 flag.

Choices:

  • "disable"

  • "enable"

ip6_prefix_list

aliases: ip6-prefix-list

list / elements=dictionary

Ip6 prefix list.

autonomous_flag

aliases: autonomous-flag

string

Enable/disable the autonomous flag.

Choices:

  • "disable"

  • "enable"

dnssl

any

(list) DNS search list option.

onlink_flag

aliases: onlink-flag

string

Enable/disable the onlink flag.

Choices:

  • "disable"

  • "enable"

preferred_life_time

aliases: preferred-life-time

integer

Preferred life time

prefix

string

IPv6 prefix.

rdnss

any

(list) Recursive DNS server option.

valid_life_time

aliases: valid-life-time

integer

Valid life time

ip6_prefix_mode

aliases: ip6-prefix-mode

string

Assigning a prefix from DHCP or RA.

Choices:

  • "dhcp6"

  • "ra"

ip6_reachable_time

aliases: ip6-reachable-time

integer

IPv6 reachable time

ip6_retrans_time

aliases: ip6-retrans-time

integer

IPv6 retransmit time

ip6_send_adv

aliases: ip6-send-adv

string

Enable/disable sending advertisements about the interface.

Choices:

  • "disable"

  • "enable"

ip6_subnet

aliases: ip6-subnet

string

Subnet to routing prefix, syntax

ip6_upstream_interface

aliases: ip6-upstream-interface

string

Interface name providing delegated information.

nd_cert

aliases: nd-cert

string

Neighbor discovery certificate.

nd_cga_modifier

aliases: nd-cga-modifier

string

Neighbor discovery CGA modifier.

nd_mode

aliases: nd-mode

string

Neighbor discovery mode.

Choices:

  • "basic"

  • "SEND-compatible"

nd_security_level

aliases: nd-security-level

integer

Neighbor discovery security level

nd_timestamp_delta

aliases: nd-timestamp-delta

integer

Neighbor discovery timestamp delta value

nd_timestamp_fuzz

aliases: nd-timestamp-fuzz

integer

Neighbor discovery timestamp fuzz factor

ra_send_mtu

aliases: ra-send-mtu

string

Enable/disable sending link MTU in RA packet.

Choices:

  • "disable"

  • "enable"

unique_autoconf_addr

aliases: unique-autoconf-addr

string

Enable/disable unique auto config address.

Choices:

  • "disable"

  • "enable"

string

Link-local IPv6 address of virtual router.

vrrp6

list / elements=dictionary

Vrrp6.

accept_mode

aliases: accept-mode

string

Enable/disable accept mode.

Choices:

  • "disable"

  • "enable"

adv_interval

aliases: adv-interval

integer

Advertisement interval

ignore_default_route

aliases: ignore-default-route

string

Enable/disable ignoring of default route when checking destination.

Choices:

  • "disable"

  • "enable"

preempt

string

Enable/disable preempt mode.

Choices:

  • "disable"

  • "enable"

priority

integer

Priority of the virtual router

start_time

aliases: start-time

integer

Startup time

status

string

Enable/disable VRRP.

Choices:

  • "disable"

  • "enable"

vrdst6

string

Monitor the route to this destination.

vrdst_priority

aliases: vrdst-priority

integer

Priority of the virtual router when the virtual router destination becomes unreachable

vrgrp

integer

VRRP group ID

vrid

integer

Virtual router identifier

vrip6

string

IPv6 address of the virtual router.

vrrp_virtual_mac6

aliases: vrrp-virtual-mac6

string

Enable/disable virtual MAC for VRRP.

Choices:

  • "disable"

  • "enable"

l2forward

string

Enable/disable l2 forwarding.

Choices:

  • "disable"

  • "enable"

l2tp_client

aliases: l2tp-client

string

Enable/disable this interface as a Layer 2 Tunnelling Protocol

Choices:

  • "disable"

  • "enable"

lacp_ha_secondary

aliases: lacp-ha-secondary

string

Lacp ha secondary.

Choices:

  • "disable"

  • "enable"

lacp_ha_slave

aliases: lacp-ha-slave

string

LACP HA slave.

Choices:

  • "disable"

  • "enable"

lacp_mode

aliases: lacp-mode

string

LACP mode.

Choices:

  • "static"

  • "passive"

  • "active"

lacp_speed

aliases: lacp-speed

string

How often the interface sends LACP messages.

Choices:

  • "slow"

  • "fast"

large_receive_offload

aliases: large-receive-offload

string

Large receive offload.

Choices:

  • "disable"

  • "enable"

lcp_echo_interval

aliases: lcp-echo-interval

integer

Time in seconds between PPPoE Link Control Protocol

lcp_max_echo_fails

aliases: lcp-max-echo-fails

integer

Maximum missed LCP echo messages before disconnect.

link_up_delay

aliases: link-up-delay

integer

Number of milliseconds to wait before considering a link is up.

listen_forticlient_connection

aliases: listen-forticlient-connection

string

Listen forticlient connection.

Choices:

  • "disable"

  • "enable"

lldp_network_policy

aliases: lldp-network-policy

string

LLDP-MED network policy profile.

lldp_reception

aliases: lldp-reception

string

Enable/disable Link Layer Discovery Protocol

Choices:

  • "disable"

  • "enable"

  • "vdom"

lldp_transmission

aliases: lldp-transmission

string

Enable/disable Link Layer Discovery Protocol

Choices:

  • "enable"

  • "disable"

  • "vdom"

log

string

Log.

Choices:

  • "disable"

  • "enable"

macaddr

string

Change the interfaces MAC address.

managed_subnetwork_size

aliases: managed-subnetwork-size

string

Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate units DHCP server settings.

Choices:

  • "256"

  • "512"

  • "1024"

  • "2048"

  • "4096"

  • "8192"

  • "16384"

  • "32768"

  • "65536"

  • "32"

  • "64"

  • "128"

management_ip

aliases: management-ip

string

High Availability in-band management IP address of this interface.

max_egress_burst_rate

aliases: max-egress-burst-rate

integer

Max egress burst rate

max_egress_rate

aliases: max-egress-rate

integer

Max egress rate

measured_downstream_bandwidth

aliases: measured-downstream-bandwidth

integer

Measured downstream bandwidth

measured_upstream_bandwidth

aliases: measured-upstream-bandwidth

integer

Measured upstream bandwidth

mediatype

string

Select SFP media interface type

Choices:

  • "serdes-sfp"

  • "sgmii-sfp"

  • "cfp2-sr10"

  • "cfp2-lr4"

  • "serdes-copper-sfp"

  • "sr"

  • "cr"

  • "lr"

  • "qsfp28-sr4"

  • "qsfp28-lr4"

  • "qsfp28-cr4"

  • "sr4"

  • "cr4"

  • "lr4"

  • "none"

  • "gmii"

  • "sgmii"

  • "sr2"

  • "lr2"

  • "cr2"

  • "sr8"

  • "lr8"

  • "cr8"

member

any

(list or str) Physical interfaces that belong to the aggregate or redundant interface.

min_links

aliases: min-links

integer

Minimum number of aggregated ports that must be up.

min_links_down

aliases: min-links-down

string

Action to take when less than the configured minimum number of links are active.

Choices:

  • "operational"

  • "administrative"

mirroring_direction

aliases: mirroring-direction

string

Port mirroring direction.

Choices:

  • "rx"

  • "tx"

  • "both"

mirroring_port

aliases: mirroring-port

string

Mirroring port.

mode

string

Addressing mode

Choices:

  • "static"

  • "dhcp"

  • "pppoe"

  • "pppoa"

  • "ipoa"

  • "eoa"

monitor_bandwidth

aliases: monitor-bandwidth

string

Enable monitoring bandwidth on this interface.

Choices:

  • "disable"

  • "enable"

mtu

integer

MTU value for this interface.

mtu_override

aliases: mtu-override

string

Enable to set a custom MTU for this interface.

Choices:

  • "disable"

  • "enable"

mux_type

aliases: mux-type

string

Multiplexer type

Choices:

  • "llc-encaps"

  • "vc-encaps"

name

string

Name.

ndiscforward

string

Enable/disable NDISC forwarding.

Choices:

  • "disable"

  • "enable"

netbios_forward

aliases: netbios-forward

string

Enable/disable NETBIOS forwarding.

Choices:

  • "disable"

  • "enable"

netflow_sample_rate

aliases: netflow-sample-rate

integer

NetFlow sample rate.

netflow_sampler

aliases: netflow-sampler

string

Enable/disable NetFlow on this interface and set the data that NetFlow collects

Choices:

  • "disable"

  • "tx"

  • "rx"

  • "both"

netflow_sampler_id

aliases: netflow-sampler-id

integer

Netflow sampler ID.

np_qos_profile

aliases: np-qos-profile

integer

NP QoS profile ID.

npu_fastpath

aliases: npu-fastpath

string

Npu fastpath.

Choices:

  • "disable"

  • "enable"

nst

string

Nst.

Choices:

  • "disable"

  • "enable"

out_force_vlan_cos

aliases: out-force-vlan-cos

integer

Out force vlan cos.

outbandwidth

integer

Bandwidth limit for outgoing traffic

padt_retry_timeout

aliases: padt-retry-timeout

integer

PPPoE Active Discovery Terminate

password

any

(list) PPPoE accounts password.

peer_interface

aliases: peer-interface

any

(list or str) Peer interface.

phy_mode

aliases: phy-mode

string

DSL physical mode.

Choices:

  • "auto"

  • "adsl"

  • "vdsl"

  • "adsl-auto"

  • "vdsl2"

  • "adsl2+"

  • "adsl2"

  • "g.dmt"

  • "t1.413"

  • "g.lite"

  • "g-dmt"

  • "t1-413"

  • "g-lite"

ping_serv_status

aliases: ping-serv-status

integer

Ping serv status.

poe

string

Enable/disable PoE status.

Choices:

  • "disable"

  • "enable"

polling_interval

aliases: polling-interval

integer

SFlow polling interval

port_mirroring

aliases: port-mirroring

string

Enable/disable NP port mirroring.

Choices:

  • "disable"

  • "enable"

pppoe_egress_cos

aliases: pppoe-egress-cos

string

CoS in VLAN tag for outgoing PPPoE/PPP packets.

Choices:

  • "cos0"

  • "cos1"

  • "cos2"

  • "cos3"

  • "cos4"

  • "cos5"

  • "cos6"

  • "cos7"

pppoe_unnumbered_negotiate

aliases: pppoe-unnumbered-negotiate

string

Enable/disable PPPoE unnumbered negotiation.

Choices:

  • "disable"

  • "enable"

pptp_auth_type

aliases: pptp-auth-type

string

PPTP authentication type.

Choices:

  • "auto"

  • "pap"

  • "chap"

  • "mschapv1"

  • "mschapv2"

pptp_client

aliases: pptp-client

string

Enable/disable PPTP client.

Choices:

  • "disable"

  • "enable"

pptp_password

aliases: pptp-password

any

(list) PPTP password.

pptp_server_ip

aliases: pptp-server-ip

string

PPTP server IP address.

pptp_timeout

aliases: pptp-timeout

integer

Idle timer in minutes

pptp_user

aliases: pptp-user

string

PPTP user name.

preserve_session_route

aliases: preserve-session-route

string

Enable/disable preservation of session route when dirty.

Choices:

  • "disable"

  • "enable"

priority

integer

Priority of learned routes.

priority_override

aliases: priority-override

string

Enable/disable fail back to higher priority port once recovered.

Choices:

  • "disable"

  • "enable"

proxy_captive_portal

aliases: proxy-captive-portal

string

Enable/disable proxy captive portal on this interface.

Choices:

  • "disable"

  • "enable"

pvc_atm_qos

aliases: pvc-atm-qos

string

SFP-DSL ADSL Fallback PVC ATM QoS.

Choices:

  • "cbr"

  • "rt-vbr"

  • "nrt-vbr"

  • "ubr"

pvc_chan

aliases: pvc-chan

integer

SFP-DSL ADSL Fallback PVC Channel.

pvc_crc

aliases: pvc-crc

integer

SFP-DSL ADSL Fallback PVC CRC Option

pvc_pcr

aliases: pvc-pcr

integer

SFP-DSL ADSL Fallback PVC Packet Cell Rate in cells

pvc_scr

aliases: pvc-scr

integer

SFP-DSL ADSL Fallback PVC Sustainable Cell Rate in cells

pvc_vlan_id

aliases: pvc-vlan-id

integer

SFP-DSL ADSL Fallback PVC VLAN ID.

pvc_vlan_rx_id

aliases: pvc-vlan-rx-id

integer

SFP-DSL ADSL Fallback PVC VLANID RX.

pvc_vlan_rx_op

aliases: pvc-vlan-rx-op

string

SFP-DSL ADSL Fallback PVC VLAN RX op.

Choices:

  • "pass-through"

  • "replace"

  • "remove"

pvc_vlan_tx_id

aliases: pvc-vlan-tx-id

integer

SFP-DSL ADSL Fallback PVC VLAN ID TX.

pvc_vlan_tx_op

aliases: pvc-vlan-tx-op

string

SFP-DSL ADSL Fallback PVC VLAN TX op.

Choices:

  • "pass-through"

  • "replace"

  • "remove"

reachable_time

aliases: reachable-time

integer

IPv4 reachable time in milliseconds

redundant_interface

aliases: redundant-interface

string

Redundant interface.

remote_ip

aliases: remote-ip

string

Remote IP address of tunnel.

replacemsg_override_group

aliases: replacemsg-override-group

string

Replacement message override group.

retransmission

string

Enable/disable DSL retransmission.

Choices:

  • "disable"

  • "enable"

ring_rx

aliases: ring-rx

integer

RX ring size.

ring_tx

aliases: ring-tx

integer

TX ring size.

role

string

Interface role.

Choices:

  • "lan"

  • "wan"

  • "dmz"

  • "undefined"

sample_direction

aliases: sample-direction

string

Data that NetFlow collects

Choices:

  • "rx"

  • "tx"

  • "both"

sample_rate

aliases: sample-rate

integer

SFlow sample rate

scan_botnet_connections

aliases: scan-botnet-connections

string

Enable monitoring or blocking connections to Botnet servers through this interface.

Choices:

  • "disable"

  • "block"

  • "monitor"

secondary_IP

aliases: secondary-IP

string

Enable/disable adding a secondary IP to this interface.

Choices:

  • "disable"

  • "enable"

secondaryip

list / elements=dictionary

Secondaryip.

allowaccess

list / elements=string

Management access settings for the secondary IP address.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

  • "icond"

  • "scim"

detectprotocol

list / elements=string

Protocols used to detect the server.

Choices:

  • "ping"

  • "tcp-echo"

  • "udp-echo"

detectserver

string

Gateways ping server for this IP.

gwdetect

string

Enable/disable detect gateway alive for first.

Choices:

  • "disable"

  • "enable"

ha_priority

aliases: ha-priority

integer

HA election priority for the PING server.

id

integer

ID.

ip

string

Secondary IP address of the interface.

ping_serv_status

aliases: ping-serv-status

integer

Ping serv status.

secip_relay_ip

aliases: secip-relay-ip

string

DHCP relay IP address.

seq

integer

Seq.

security_8021x_dynamic_vlan_id

aliases: security-8021x-dynamic-vlan-id

integer

VLAN ID for virtual switch.

security_8021x_master

aliases: security-8021x-master

string

security_8021x_member_mode

aliases: security-8021x-member-mode

string

Choices:

  • "disable"

  • "switch"

security_8021x_mode

aliases: security-8021x-mode

string

Choices:

  • "default"

  • "dynamic-vlan"

  • "fallback"

  • "slave"

security_exempt_list

aliases: security-exempt-list

string

Name of security-exempt-list.

security_external_logout

aliases: security-external-logout

string

URL of external authentication logout server.

security_external_web

aliases: security-external-web

string

URL of external authentication web server.

security_groups

aliases: security-groups

any

(list or str) User groups that can authenticate with the captive portal.

security_ip_auth_bypass

aliases: security-ip-auth-bypass

string

Enable/disable IP authentication bypass.

Choices:

  • "disable"

  • "enable"

security_mac_auth_bypass

aliases: security-mac-auth-bypass

string

Enable/disable MAC authentication bypass.

Choices:

  • "disable"

  • "enable"

  • "mac-auth-only"

security_mode

aliases: security-mode

string

Turn on captive portal authentication for this interface.

Choices:

  • "none"

  • "captive-portal"

  • "802.1X"

security_redirect_url

aliases: security-redirect-url

string

URL redirection after disclaimer/authentication.

select_profile_30a_35b

aliases: select-profile-30a-35b

string

Select VDSL Profile 30a or 35b.

Choices:

  • "30A"

  • "35B"

service_name

aliases: service-name

string

PPPoE service name.

sflow_sampler

aliases: sflow-sampler

string

Enable/disable sFlow on this interface.

Choices:

  • "disable"

  • "enable"

sfp_dsl

aliases: sfp-dsl

string

Enable/disable SFP DSL.

Choices:

  • "disable"

  • "enable"

sfp_dsl_adsl_fallback

aliases: sfp-dsl-adsl-fallback

string

Enable/disable SFP DSL ADSL fallback.

Choices:

  • "disable"

  • "enable"

sfp_dsl_autodetect

aliases: sfp-dsl-autodetect

string

Enable/disable SFP DSL MAC address autodetect.

Choices:

  • "disable"

  • "enable"

sfp_dsl_mac

aliases: sfp-dsl-mac

string

SFP DSL MAC address.

speed

string

Interface speed.

Choices:

  • "auto"

  • "10full"

  • "10half"

  • "100full"

  • "100half"

  • "1000full"

  • "1000half"

  • "10000full"

  • "1000auto"

  • "10000auto"

  • "40000full"

  • "100Gfull"

  • "25000full"

  • "40000auto"

  • "25000auto"

  • "100Gauto"

  • "400Gfull"

  • "400Gauto"

  • "50000full"

  • "2500auto"

  • "5000auto"

  • "50000auto"

  • "200Gfull"

  • "200Gauto"

  • "100auto"

spillover_threshold

aliases: spillover-threshold

integer

Egress Spillover threshold

src_check

aliases: src-check

string

Enable/disable source IP check.

Choices:

  • "disable"

  • "enable"

status

string

Bring the interface up or shut the interface down.

Choices:

  • "down"

  • "up"

stp

string

Enable/disable STP.

Choices:

  • "disable"

  • "enable"

stp_edge

aliases: stp-edge

string

Enable/disable as STP edge port.

Choices:

  • "disable"

  • "enable"

stp_ha_secondary

aliases: stp-ha-secondary

string

Control STP behaviour on HA secondary.

Choices:

  • "disable"

  • "enable"

  • "priority-adjust"

stp_ha_slave

aliases: stp-ha-slave

string

Control STP behaviour on HA slave.

Choices:

  • "disable"

  • "enable"

  • "priority-adjust"

stpforward

string

Enable/disable STP forwarding.

Choices:

  • "disable"

  • "enable"

stpforward_mode

aliases: stpforward-mode

string

Configure STP forwarding mode.

Choices:

  • "rpl-all-ext-id"

  • "rpl-bridge-ext-id"

  • "rpl-nothing"

strip_priority_vlan_tag

aliases: strip-priority-vlan-tag

string

Strip priority vlan tag.

Choices:

  • "disable"

  • "enable"

subst

string

Enable to always send packets from this interface to a destination MAC address.

Choices:

  • "disable"

  • "enable"

substitute_dst_mac

aliases: substitute-dst-mac

string

Destination MAC address that all packets are sent to from this interface.

sw_algorithm

aliases: sw-algorithm

string

Frame distribution algorithm for switch.

Choices:

  • "l2"

  • "l3"

  • "eh"

  • "default"

swc_first_create

aliases: swc-first-create

integer

Initial create for switch-controller VLANs.

swc_vlan

aliases: swc-vlan

integer

Swc vlan.

switch

string

Switch.

switch_controller_access_vlan

aliases: switch-controller-access-vlan

string

Block FortiSwitch port-to-port traffic.

Choices:

  • "disable"

  • "enable"

switch_controller_arp_inspection

aliases: switch-controller-arp-inspection

string

Enable/disable FortiSwitch ARP inspection.

Choices:

  • "disable"

  • "enable"

  • "monitor"

switch_controller_auth

aliases: switch-controller-auth

string

Switch controller authentication.

Choices:

  • "radius"

  • "usergroup"

switch_controller_dhcp_snooping

aliases: switch-controller-dhcp-snooping

string

Switch controller DHCP snooping.

Choices:

  • "disable"

  • "enable"

switch_controller_dhcp_snooping_option82

aliases: switch-controller-dhcp-snooping-option82

string

Switch controller DHCP snooping option82.

Choices:

  • "disable"

  • "enable"

switch_controller_dhcp_snooping_verify_mac

aliases: switch-controller-dhcp-snooping-verify-mac

string

Switch controller DHCP snooping verify MAC.

Choices:

  • "disable"

  • "enable"

switch_controller_dynamic

aliases: switch-controller-dynamic

string

Integrated FortiLink settings for managed FortiSwitch.

switch_controller_feature

aliases: switch-controller-feature

string

Interfaces purpose when assigning traffic

Choices:

  • "none"

  • "default-vlan"

  • "quarantine"

  • "sniffer"

  • "voice"

  • "camera"

  • "rspan"

  • "video"

  • "nac"

  • "nac-segment"

switch_controller_igmp_snooping

aliases: switch-controller-igmp-snooping

string

Switch controller IGMP snooping.

Choices:

  • "disable"

  • "enable"

switch_controller_igmp_snooping_fast_leave

aliases: switch-controller-igmp-snooping-fast-leave

string

Switch controller IGMP snooping fast-leave.

Choices:

  • "disable"

  • "enable"

switch_controller_igmp_snooping_proxy

aliases: switch-controller-igmp-snooping-proxy

string

Switch controller IGMP snooping proxy.

Choices:

  • "disable"

  • "enable"

switch_controller_iot_scanning

aliases: switch-controller-iot-scanning

string

Enable/disable managed FortiSwitch IoT scanning.

Choices:

  • "disable"

  • "enable"

switch_controller_learning_limit

aliases: switch-controller-learning-limit

integer

Limit the number of dynamic MAC addresses on this VLAN

switch_controller_mgmt_vlan

aliases: switch-controller-mgmt-vlan

integer

VLAN to use for FortiLink management purposes.

switch_controller_nac

aliases: switch-controller-nac

string

Integrated NAC settings for managed FortiSwitch.

switch_controller_netflow_collect

aliases: switch-controller-netflow-collect

string

NetFlow collection and processing.

Choices:

  • "disable"

  • "enable"

switch_controller_offload

aliases: switch-controller-offload

string

Enable/disable managed FortiSwitch routing offload.

Choices:

  • "disable"

  • "enable"

switch_controller_offload_gw

aliases: switch-controller-offload-gw

string

Enable/disable managed FortiSwitch routing offload gateway.

Choices:

  • "disable"

  • "enable"

switch_controller_offload_ip

aliases: switch-controller-offload-ip

string

IP for routing offload on FortiSwitch.

switch_controller_offloading

aliases: switch-controller-offloading

string

Switch controller offloading.

Choices:

  • "disable"

  • "enable"

switch_controller_offloading_gw

aliases: switch-controller-offloading-gw

string

Switch controller offloading gw.

Choices:

  • "disable"

  • "enable"

switch_controller_offloading_ip

aliases: switch-controller-offloading-ip

string

Switch controller offloading ip.

switch_controller_radius_server

aliases: switch-controller-radius-server

string

RADIUS server name for this FortiSwitch VLAN.

switch_controller_rspan_mode

aliases: switch-controller-rspan-mode

string

Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface.

Choices:

  • "disable"

  • "enable"

switch_controller_source_ip

aliases: switch-controller-source-ip

string

Source IP address used in FortiLink over L3 connections.

Choices:

  • "outbound"

  • "fixed"

switch_controller_traffic_policy

aliases: switch-controller-traffic-policy

string

Switch controller traffic policy for the VLAN.

system_id

aliases: system-id

string

Define a system ID for the aggregate interface.

system_id_type

aliases: system-id-type

string

Method in which system ID is generated.

Choices:

  • "auto"

  • "user"

tc_mode

aliases: tc-mode

string

DSL transfer mode.

Choices:

  • "ptm"

  • "atm"

tcp_mss

aliases: tcp-mss

integer

TCP maximum segment size.

trunk

string

Enable/disable VLAN trunk.

Choices:

  • "disable"

  • "enable"

trust_ip6_1

aliases: trust-ip6-1

string

Trusted IPv6 host for dedicated management traffic

trust_ip6_2

aliases: trust-ip6-2

string

Trusted IPv6 host for dedicated management traffic

trust_ip6_3

aliases: trust-ip6-3

string

Trusted IPv6 host for dedicated management traffic

trust_ip_1

aliases: trust-ip-1

string

Trusted host for dedicated management traffic

trust_ip_2

aliases: trust-ip-2

string

Trusted host for dedicated management traffic

trust_ip_3

aliases: trust-ip-3

string

Trusted host for dedicated management traffic

type

string

Interface type.

Choices:

  • "physical"

  • "vlan"

  • "aggregate"

  • "redundant"

  • "tunnel"

  • "wireless"

  • "vdom-link"

  • "loopback"

  • "switch"

  • "hard-switch"

  • "hdlc"

  • "vap-switch"

  • "wl-mesh"

  • "fortilink"

  • "switch-vlan"

  • "fctrl-trunk"

  • "tdm"

  • "fext-wan"

  • "vxlan"

  • "emac-vlan"

  • "geneve"

  • "ssl"

  • "lan-extension"

username

string

Username of the PPPoE account, provided by your ISP.

vci

integer

Virtual Channel ID

vectoring

string

Enable/disable DSL vectoring.

Choices:

  • "disable"

  • "enable"

vindex

integer

Vindex.

virtual_mac

aliases: virtual-mac

string

Change the interfaces virtual MAC address.

vlan_id

aliases: vlan-id

integer

Vlan ID

vlan_op_mode

aliases: vlan-op-mode

string

Configure DSL 802.

Choices:

  • "tag"

  • "untag"

  • "passthrough"

vlan_protocol

aliases: vlan-protocol

string

Ethernet protocol of VLAN.

Choices:

  • "8021q"

  • "8021ad"

vlanforward

string

Enable/disable traffic forwarding between VLANs on this interface.

Choices:

  • "disable"

  • "enable"

vlanid

integer

VLAN ID

vpi

integer

Virtual Path ID

vrf

integer

Virtual Routing Forwarding ID.

vrrp

list / elements=dictionary

Vrrp.

accept_mode

aliases: accept-mode

string

Enable/disable accept mode.

Choices:

  • "disable"

  • "enable"

adv_interval

aliases: adv-interval

integer

Advertisement interval

ignore_default_route

aliases: ignore-default-route

string

Enable/disable ignoring of default route when checking destination.

Choices:

  • "disable"

  • "enable"

preempt

string

Enable/disable preempt mode.

Choices:

  • "disable"

  • "enable"

priority

integer

Priority of the virtual router

proxy_arp

aliases: proxy-arp

list / elements=dictionary

Proxy arp.

id

integer

ID.

ip

string

Set IP addresses of proxy ARP.

start_time

aliases: start-time

integer

Startup time

status

string

Enable/disable this VRRP configuration.

Choices:

  • "disable"

  • "enable"

version

string

VRRP version.

Choices:

  • "2"

  • "3"

vrdst

any

(list) Monitor the route to this destination.

vrdst_priority

aliases: vrdst-priority

integer

Priority of the virtual router when the virtual router destination becomes unreachable

vrgrp

integer

VRRP group ID

vrid

integer

Virtual router identifier

vrip

string

IP address of the virtual router.

vrrp_virtual_mac

aliases: vrrp-virtual-mac

string

Enable/disable use of virtual MAC for VRRP.

Choices:

  • "disable"

  • "enable"

wccp

string

Enable/disable WCCP on this interface.

Choices:

  • "disable"

  • "enable"

weight

integer

Default weight for static routes

wifi_5g_threshold

aliases: wifi-5g-threshold

string

Minimal signal strength to be considered as a good 5G AP.

wifi_acl

aliases: wifi-acl

string

Access control for MAC addresses in the MAC list.

Choices:

  • "deny"

  • "allow"

wifi_ap_band

aliases: wifi-ap-band

string

How to select the AP to connect.

Choices:

  • "any"

  • "5g-preferred"

  • "5g-only"

wifi_auth

aliases: wifi-auth

string

WiFi authentication.

Choices:

  • "PSK"

  • "RADIUS"

  • "radius"

  • "usergroup"

wifi_auto_connect

aliases: wifi-auto-connect

string

Enable/disable WiFi network auto connect.

Choices:

  • "disable"

  • "enable"

wifi_auto_save

aliases: wifi-auto-save

string

Enable/disable WiFi network automatic save.

Choices:

  • "disable"

  • "enable"

wifi_broadcast_ssid

aliases: wifi-broadcast-ssid

string

Enable/disable SSID broadcast in the beacon.

Choices:

  • "disable"

  • "enable"

wifi_dns_server1

aliases: wifi-dns-server1

string

DNS server 1.

wifi_dns_server2

aliases: wifi-dns-server2

string

DNS server 2.

wifi_encrypt

aliases: wifi-encrypt

string

Data encryption.

Choices:

  • "TKIP"

  • "AES"

wifi_fragment_threshold

aliases: wifi-fragment-threshold

integer

WiFi fragment threshold

wifi_gateway

aliases: wifi-gateway

string

IPv4 default gateway IP address.

wifi_key

aliases: wifi-key

any

(list) WiFi WEP Key.

wifi_keyindex

aliases: wifi-keyindex

integer

WEP key index

wifi_mac_filter

aliases: wifi-mac-filter

string

Enable/disable MAC filter status.

Choices:

  • "disable"

  • "enable"

wifi_passphrase

aliases: wifi-passphrase

any

(list) WiFi pre-shared key for WPA.

wifi_radius_server

aliases: wifi-radius-server

string

WiFi RADIUS server for WPA.

wifi_rts_threshold

aliases: wifi-rts-threshold

integer

WiFi RTS threshold

wifi_security

aliases: wifi-security

string

Wireless access security of SSID.

Choices:

  • "None"

  • "WEP64"

  • "wep64"

  • "WEP128"

  • "wep128"

  • "WPA_PSK"

  • "WPA_RADIUS"

  • "WPA"

  • "WPA2"

  • "WPA2_AUTO"

  • "open"

  • "wpa-personal"

  • "wpa-enterprise"

  • "wpa-only-personal"

  • "wpa-only-enterprise"

  • "wpa2-only-personal"

  • "wpa2-only-enterprise"

wifi_ssid

aliases: wifi-ssid

string

IEEE 802.

wifi_usergroup

aliases: wifi-usergroup

string

WiFi user group for WPA.

wins_ip

aliases: wins-ip

string

WINS server IP.

name

string / required

Name.

portal_message_override_group

aliases: portal-message-override-group

string

Portal message override group.

radius_server

aliases: radius-server

string

Radius server.

security

string

Security.

Choices:

  • "open"

  • "captive-portal"

  • "8021x"

selected_usergroups

aliases: selected-usergroups

string

Selected usergroups.

usergroup

string

Usergroup.

vdom

string

Vdom.

vlanid

integer

Vlanid.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

state

string / required

The directive to create, update or delete an object.

Choices:

  • "present"

  • "absent"

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: FortiSwitch VLAN template.
      fortinet.fortimanager.fmgr_fsp_vlan:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        fsp_vlan:
          _dhcp_status: <value in [disable, enable]>
          auth: <value in [radius, usergroup]>
          color: <integer>
          comments: <string>
          dynamic_mapping:
            -
              _dhcp_status: <value in [disable, enable]>
              _scope:
                -
                  name: <string>
                  vdom: <string>
              dhcp_server:
                auto_configuration: <value in [disable, enable]>
                auto_managed_status: <value in [disable, enable]>
                conflicted_ip_timeout: <integer>
                ddns_auth: <value in [disable, tsig]>
                ddns_key: <list or string>
                ddns_keyname: <string>
                ddns_server_ip: <string>
                ddns_ttl: <integer>
                ddns_update: <value in [disable, enable]>
                ddns_update_override: <value in [disable, enable]>
                ddns_zone: <string>
                default_gateway: <string>
                dhcp_settings_from_fortiipam: <value in [disable, enable]>
                dns_server1: <string>
                dns_server2: <string>
                dns_server3: <string>
                dns_server4: <string>
                dns_service: <value in [default, specify, local]>
                domain: <string>
                enable: <value in [disable, enable]>
                exclude_range:
                  -
                    end_ip: <string>
                    id: <integer>
                    start_ip: <string>
                    vci_match: <value in [disable, enable]>
                    vci_string: <list or string>
                    lease_time: <integer>
                    uci_match: <value in [disable, enable]>
                    uci_string: <list or string>
                filename: <string>
                forticlient_on_net_status: <value in [disable, enable]>
                id: <integer>
                ip_mode: <value in [range, usrgrp]>
                ip_range:
                  -
                    end_ip: <string>
                    id: <integer>
                    start_ip: <string>
                    vci_match: <value in [disable, enable]>
                    vci_string: <list or string>
                    lease_time: <integer>
                    uci_match: <value in [disable, enable]>
                    uci_string: <list or string>
                ipsec_lease_hold: <integer>
                lease_time: <integer>
                mac_acl_default_action: <value in [assign, block]>
                netmask: <string>
                next_server: <string>
                ntp_server1: <string>
                ntp_server2: <string>
                ntp_server3: <string>
                ntp_service: <value in [default, specify, local]>
                option1: <list or string>
                option2: <list or string>
                option3: <list or string>
                option4: <string>
                option5: <string>
                option6: <string>
                options:
                  -
                    code: <integer>
                    id: <integer>
                    ip: <list or string>
                    type: <value in [hex, string, ip, ...]>
                    value: <string>
                    vci_match: <value in [disable, enable]>
                    vci_string: <list or string>
                    uci_match: <value in [disable, enable]>
                    uci_string: <list or string>
                reserved_address:
                  -
                    action: <value in [assign, block, reserved]>
                    circuit_id: <string>
                    circuit_id_type: <value in [hex, string]>
                    description: <string>
                    id: <integer>
                    ip: <string>
                    mac: <string>
                    remote_id: <string>
                    remote_id_type: <value in [hex, string]>
                    type: <value in [mac, option82]>
                server_type: <value in [regular, ipsec]>
                status: <value in [disable, enable]>
                tftp_server: <list or string>
                timezone: <value in [00, 01, 02, ...]>
                timezone_option: <value in [disable, default, specify]>
                vci_match: <value in [disable, enable]>
                vci_string: <list or string>
                wifi_ac_service: <value in [specify, local]>
                wifi_ac1: <string>
                wifi_ac2: <string>
                wifi_ac3: <string>
                wins_server1: <string>
                wins_server2: <string>
                relay_agent: <string>
                shared_subnet: <value in [disable, enable]>
              interface:
                dhcp_relay_agent_option: <value in [disable, enable]>
                dhcp_relay_ip: <list or string>
                dhcp_relay_service: <value in [disable, enable]>
                dhcp_relay_type: <value in [regular, ipsec]>
                ip: <string>
                ipv6:
                  autoconf: <value in [disable, enable]>
                  dhcp6_client_options:
                    - "rapid"
                    - "iapd"
                    - "iana"
                    - "dns"
                    - "dnsname"
                  dhcp6_information_request: <value in [disable, enable]>
                  dhcp6_prefix_delegation: <value in [disable, enable]>
                  dhcp6_prefix_hint: <string>
                  dhcp6_prefix_hint_plt: <integer>
                  dhcp6_prefix_hint_vlt: <integer>
                  dhcp6_relay_ip: <string>
                  dhcp6_relay_service: <value in [disable, enable]>
                  dhcp6_relay_type: <value in [regular]>
                  icmp6_send_redirect: <value in [disable, enable]>
                  interface_identifier: <string>
                  ip6_address: <string>
                  ip6_allowaccess:
                    - "https"
                    - "ping"
                    - "ssh"
                    - "snmp"
                    - "http"
                    - "telnet"
                    - "fgfm"
                    - "capwap"
                    - "fabric"
                  ip6_default_life: <integer>
                  ip6_delegated_prefix_list:
                    -
                      autonomous_flag: <value in [disable, enable]>
                      onlink_flag: <value in [disable, enable]>
                      prefix_id: <integer>
                      rdnss: <list or string>
                      rdnss_service: <value in [delegated, default, specify]>
                      subnet: <string>
                      upstream_interface: <string>
                      delegated_prefix_iaid: <integer>
                  ip6_dns_server_override: <value in [disable, enable]>
                  ip6_extra_addr:
                    -
                      prefix: <string>
                  ip6_hop_limit: <integer>
                  ip6_link_mtu: <integer>
                  ip6_manage_flag: <value in [disable, enable]>
                  ip6_max_interval: <integer>
                  ip6_min_interval: <integer>
                  ip6_mode: <value in [static, dhcp, pppoe, ...]>
                  ip6_other_flag: <value in [disable, enable]>
                  ip6_prefix_list:
                    -
                      autonomous_flag: <value in [disable, enable]>
                      dnssl: <list or string>
                      onlink_flag: <value in [disable, enable]>
                      preferred_life_time: <integer>
                      prefix: <string>
                      rdnss: <list or string>
                      valid_life_time: <integer>
                  ip6_reachable_time: <integer>
                  ip6_retrans_time: <integer>
                  ip6_send_adv: <value in [disable, enable]>
                  ip6_subnet: <string>
                  ip6_upstream_interface: <string>
                  nd_cert: <string>
                  nd_cga_modifier: <string>
                  nd_mode: <value in [basic, SEND-compatible]>
                  nd_security_level: <integer>
                  nd_timestamp_delta: <integer>
                  nd_timestamp_fuzz: <integer>
                  unique_autoconf_addr: <value in [disable, enable]>
                  vrip6_link_local: <string>
                  vrrp_virtual_mac6: <value in [disable, enable]>
                  vrrp6:
                    -
                      accept_mode: <value in [disable, enable]>
                      adv_interval: <integer>
                      preempt: <value in [disable, enable]>
                      priority: <integer>
                      start_time: <integer>
                      status: <value in [disable, enable]>
                      vrdst6: <string>
                      vrgrp: <integer>
                      vrid: <integer>
                      vrip6: <string>
                      ignore_default_route: <value in [disable, enable]>
                      vrdst_priority: <integer>
                  cli_conn6_status: <integer>
                  ip6_prefix_mode: <value in [dhcp6, ra]>
                  ra_send_mtu: <value in [disable, enable]>
                  ip6_delegated_prefix_iaid: <integer>
                  dhcp6_relay_source_interface: <value in [disable, enable]>
                  dhcp6_relay_interface_id: <string>
                  dhcp6_relay_source_ip: <string>
                secondary_IP: <value in [disable, enable]>
                secondaryip:
                  -
                    allowaccess:
                      - "https"
                      - "ping"
                      - "ssh"
                      - "snmp"
                      - "http"
                      - "telnet"
                      - "fgfm"
                      - "auto-ipsec"
                      - "radius-acct"
                      - "probe-response"
                      - "capwap"
                      - "dnp"
                      - "ftm"
                      - "fabric"
                      - "speed-test"
                      - "icond"
                      - "scim"
                    detectprotocol:
                      - "ping"
                      - "tcp-echo"
                      - "udp-echo"
                    detectserver: <string>
                    gwdetect: <value in [disable, enable]>
                    ha_priority: <integer>
                    id: <integer>
                    ip: <string>
                    ping_serv_status: <integer>
                    seq: <integer>
                    secip_relay_ip: <string>
                vlanid: <integer>
                dhcp_relay_interface_select_method: <value in [auto, sdwan, specify]>
                vrrp:
                  -
                    accept_mode: <value in [disable, enable]>
                    adv_interval: <integer>
                    ignore_default_route: <value in [disable, enable]>
                    preempt: <value in [disable, enable]>
                    priority: <integer>
                    proxy_arp:
                      -
                        id: <integer>
                        ip: <string>
                    start_time: <integer>
                    status: <value in [disable, enable]>
                    version: <value in [2, 3]>
                    vrdst: <list or string>
                    vrdst_priority: <integer>
                    vrgrp: <integer>
                    vrid: <integer>
                    vrip: <string>
          name: <string>
          portal_message_override_group: <string>
          radius_server: <string>
          security: <value in [open, captive-portal, 8021x]>
          selected_usergroups: <string>
          usergroup: <string>
          vdom: <string>
          vlanid: <integer>
          dhcp_server:
            auto_configuration: <value in [disable, enable]>
            auto_managed_status: <value in [disable, enable]>
            conflicted_ip_timeout: <integer>
            ddns_auth: <value in [disable, tsig]>
            ddns_key: <list or string>
            ddns_keyname: <string>
            ddns_server_ip: <string>
            ddns_ttl: <integer>
            ddns_update: <value in [disable, enable]>
            ddns_update_override: <value in [disable, enable]>
            ddns_zone: <string>
            default_gateway: <string>
            dhcp_settings_from_fortiipam: <value in [disable, enable]>
            dns_server1: <string>
            dns_server2: <string>
            dns_server3: <string>
            dns_server4: <string>
            dns_service: <value in [default, specify, local]>
            domain: <string>
            enable: <value in [disable, enable]>
            exclude_range:
              -
                end_ip: <string>
                id: <integer>
                start_ip: <string>
                vci_match: <value in [disable, enable]>
                vci_string: <list or string>
                lease_time: <integer>
                uci_match: <value in [disable, enable]>
                uci_string: <list or string>
            filename: <string>
            forticlient_on_net_status: <value in [disable, enable]>
            id: <integer>
            ip_mode: <value in [range, usrgrp]>
            ip_range:
              -
                end_ip: <string>
                id: <integer>
                start_ip: <string>
                vci_match: <value in [disable, enable]>
                vci_string: <list or string>
                lease_time: <integer>
                uci_match: <value in [disable, enable]>
                uci_string: <list or string>
            ipsec_lease_hold: <integer>
            lease_time: <integer>
            mac_acl_default_action: <value in [assign, block]>
            netmask: <string>
            next_server: <string>
            ntp_server1: <string>
            ntp_server2: <string>
            ntp_server3: <string>
            ntp_service: <value in [default, specify, local]>
            option1: <list or string>
            option2: <list or string>
            option3: <list or string>
            option4: <string>
            option5: <string>
            option6: <string>
            options:
              -
                code: <integer>
                id: <integer>
                ip: <list or string>
                type: <value in [hex, string, ip, ...]>
                value: <string>
                vci_match: <value in [disable, enable]>
                vci_string: <list or string>
                uci_match: <value in [disable, enable]>
                uci_string: <list or string>
            reserved_address:
              -
                action: <value in [assign, block, reserved]>
                circuit_id: <string>
                circuit_id_type: <value in [hex, string]>
                description: <string>
                id: <integer>
                ip: <string>
                mac: <string>
                remote_id: <string>
                remote_id_type: <value in [hex, string]>
                type: <value in [mac, option82]>
            server_type: <value in [regular, ipsec]>
            status: <value in [disable, enable]>
            tftp_server: <list or string>
            timezone: <value in [00, 01, 02, ...]>
            timezone_option: <value in [disable, default, specify]>
            vci_match: <value in [disable, enable]>
            vci_string: <list or string>
            wifi_ac_service: <value in [specify, local]>
            wifi_ac1: <string>
            wifi_ac2: <string>
            wifi_ac3: <string>
            wins_server1: <string>
            wins_server2: <string>
            relay_agent: <string>
            shared_subnet: <value in [disable, enable]>
          interface:
            ac_name: <string>
            aggregate: <string>
            algorithm: <value in [L2, L3, L4, ...]>
            alias: <string>
            allowaccess:
              - "https"
              - "ping"
              - "ssh"
              - "snmp"
              - "http"
              - "telnet"
              - "fgfm"
              - "auto-ipsec"
              - "radius-acct"
              - "probe-response"
              - "capwap"
              - "dnp"
              - "ftm"
              - "fabric"
              - "speed-test"
            ap_discover: <value in [disable, enable]>
            arpforward: <value in [disable, enable]>
            atm_protocol: <value in [none, ipoa]>
            auth_type: <value in [auto, pap, chap, ...]>
            auto_auth_extension_device: <value in [disable, enable]>
            bandwidth_measure_time: <integer>
            bfd: <value in [global, enable, disable]>
            bfd_desired_min_tx: <integer>
            bfd_detect_mult: <integer>
            bfd_required_min_rx: <integer>
            broadcast_forticlient_discovery: <value in [disable, enable]>
            broadcast_forward: <value in [disable, enable]>
            captive_portal: <integer>
            cli_conn_status: <integer>
            color: <integer>
            ddns: <value in [disable, enable]>
            ddns_auth: <value in [disable, tsig]>
            ddns_domain: <string>
            ddns_key: <list or string>
            ddns_keyname: <string>
            ddns_password: <list or string>
            ddns_server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
            ddns_server_ip: <string>
            ddns_sn: <string>
            ddns_ttl: <integer>
            ddns_username: <string>
            ddns_zone: <string>
            dedicated_to: <value in [none, management]>
            defaultgw: <value in [disable, enable]>
            description: <string>
            detected_peer_mtu: <integer>
            detectprotocol:
              - "ping"
              - "tcp-echo"
              - "udp-echo"
            detectserver: <string>
            device_access_list: <list or string>
            device_identification: <value in [disable, enable]>
            device_identification_active_scan: <value in [disable, enable]>
            device_netscan: <value in [disable, enable]>
            device_user_identification: <value in [disable, enable]>
            devindex: <integer>
            dhcp_client_identifier: <string>
            dhcp_relay_agent_option: <value in [disable, enable]>
            dhcp_relay_interface: <string>
            dhcp_relay_interface_select_method: <value in [auto, sdwan, specify]>
            dhcp_relay_ip: <list or string>
            dhcp_relay_service: <value in [disable, enable]>
            dhcp_relay_type: <value in [regular, ipsec]>
            dhcp_renew_time: <integer>
            disc_retry_timeout: <integer>
            disconnect_threshold: <integer>
            distance: <integer>
            dns_query: <value in [disable, recursive, non-recursive]>
            dns_server_override: <value in [disable, enable]>
            drop_fragment: <value in [disable, enable]>
            drop_overlapped_fragment: <value in [disable, enable]>
            egress_cos: <value in [disable, cos0, cos1, ...]>
            egress_shaping_profile: <string>
            eip: <string>
            endpoint_compliance: <value in [disable, enable]>
            estimated_downstream_bandwidth: <integer>
            estimated_upstream_bandwidth: <integer>
            explicit_ftp_proxy: <value in [disable, enable]>
            explicit_web_proxy: <value in [disable, enable]>
            external: <value in [disable, enable]>
            fail_action_on_extender: <value in [soft-restart, hard-restart, reboot]>
            fail_alert_interfaces: <list or string>
            fail_alert_method: <value in [link-failed-signal, link-down]>
            fail_detect: <value in [disable, enable]>
            fail_detect_option:
              - "detectserver"
              - "link-down"
            fdp: <value in [disable, enable]>
            fortiheartbeat: <value in [disable, enable]>
            fortilink: <value in [disable, enable]>
            fortilink_backup_link: <integer>
            fortilink_neighbor_detect: <value in [lldp, fortilink]>
            fortilink_split_interface: <value in [disable, enable]>
            fortilink_stacking: <value in [disable, enable]>
            forward_domain: <integer>
            forward_error_correction: <value in [disable, enable, rs-fec, ...]>
            fp_anomaly:
              - "drop_tcp_fin_noack"
              - "pass_winnuke"
              - "pass_tcpland"
              - "pass_udpland"
              - "pass_icmpland"
              - "pass_ipland"
              - "pass_iprr"
              - "pass_ipssrr"
              - "pass_iplsrr"
              - "pass_ipstream"
              - "pass_ipsecurity"
              - "pass_iptimestamp"
              - "pass_ipunknown_option"
              - "pass_ipunknown_prot"
              - "pass_icmp_frag"
              - "pass_tcp_no_flag"
              - "pass_tcp_fin_noack"
              - "drop_winnuke"
              - "drop_tcpland"
              - "drop_udpland"
              - "drop_icmpland"
              - "drop_ipland"
              - "drop_iprr"
              - "drop_ipssrr"
              - "drop_iplsrr"
              - "drop_ipstream"
              - "drop_ipsecurity"
              - "drop_iptimestamp"
              - "drop_ipunknown_option"
              - "drop_ipunknown_prot"
              - "drop_icmp_frag"
              - "drop_tcp_no_flag"
            fp_disable:
              - "all"
              - "ipsec"
              - "none"
            gateway_address: <string>
            gi_gk: <value in [disable, enable]>
            gwaddr: <string>
            gwdetect: <value in [disable, enable]>
            ha_priority: <integer>
            icmp_accept_redirect: <value in [disable, enable]>
            icmp_redirect: <value in [disable, enable]>
            icmp_send_redirect: <value in [disable, enable]>
            ident_accept: <value in [disable, enable]>
            idle_timeout: <integer>
            if_mdix: <value in [auto, normal, crossover]>
            if_media: <value in [auto, copper, fiber]>
            in_force_vlan_cos: <integer>
            inbandwidth: <integer>
            ingress_cos: <value in [disable, cos0, cos1, ...]>
            ingress_shaping_profile: <string>
            ingress_spillover_threshold: <integer>
            internal: <integer>
            ip: <string>
            ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
            ipmac: <value in [disable, enable]>
            ips_sniffer_mode: <value in [disable, enable]>
            ipunnumbered: <string>
            ipv6:
              autoconf: <value in [disable, enable]>
              dhcp6_client_options:
                - "rapid"
                - "iapd"
                - "iana"
                - "dns"
                - "dnsname"
              dhcp6_information_request: <value in [disable, enable]>
              dhcp6_prefix_delegation: <value in [disable, enable]>
              dhcp6_prefix_hint: <string>
              dhcp6_prefix_hint_plt: <integer>
              dhcp6_prefix_hint_vlt: <integer>
              dhcp6_relay_ip: <string>
              dhcp6_relay_service: <value in [disable, enable]>
              dhcp6_relay_type: <value in [regular]>
              icmp6_send_redirect: <value in [disable, enable]>
              interface_identifier: <string>
              ip6_address: <string>
              ip6_allowaccess:
                - "https"
                - "ping"
                - "ssh"
                - "snmp"
                - "http"
                - "telnet"
                - "fgfm"
                - "capwap"
                - "fabric"
              ip6_default_life: <integer>
              ip6_delegated_prefix_list:
                -
                  autonomous_flag: <value in [disable, enable]>
                  onlink_flag: <value in [disable, enable]>
                  prefix_id: <integer>
                  rdnss: <list or string>
                  rdnss_service: <value in [delegated, default, specify]>
                  subnet: <string>
                  upstream_interface: <string>
                  delegated_prefix_iaid: <integer>
              ip6_dns_server_override: <value in [disable, enable]>
              ip6_extra_addr:
                -
                  prefix: <string>
              ip6_hop_limit: <integer>
              ip6_link_mtu: <integer>
              ip6_manage_flag: <value in [disable, enable]>
              ip6_max_interval: <integer>
              ip6_min_interval: <integer>
              ip6_mode: <value in [static, dhcp, pppoe, ...]>
              ip6_other_flag: <value in [disable, enable]>
              ip6_prefix_list:
                -
                  autonomous_flag: <value in [disable, enable]>
                  dnssl: <list or string>
                  onlink_flag: <value in [disable, enable]>
                  preferred_life_time: <integer>
                  prefix: <string>
                  rdnss: <list or string>
                  valid_life_time: <integer>
              ip6_reachable_time: <integer>
              ip6_retrans_time: <integer>
              ip6_send_adv: <value in [disable, enable]>
              ip6_subnet: <string>
              ip6_upstream_interface: <string>
              nd_cert: <string>
              nd_cga_modifier: <string>
              nd_mode: <value in [basic, SEND-compatible]>
              nd_security_level: <integer>
              nd_timestamp_delta: <integer>
              nd_timestamp_fuzz: <integer>
              unique_autoconf_addr: <value in [disable, enable]>
              vrip6_link_local: <string>
              vrrp_virtual_mac6: <value in [disable, enable]>
              vrrp6:
                -
                  accept_mode: <value in [disable, enable]>
                  adv_interval: <integer>
                  preempt: <value in [disable, enable]>
                  priority: <integer>
                  start_time: <integer>
                  status: <value in [disable, enable]>
                  vrdst6: <string>
                  vrgrp: <integer>
                  vrid: <integer>
                  vrip6: <string>
                  ignore_default_route: <value in [disable, enable]>
                  vrdst_priority: <integer>
              cli_conn6_status: <integer>
              ip6_prefix_mode: <value in [dhcp6, ra]>
              ra_send_mtu: <value in [disable, enable]>
              ip6_delegated_prefix_iaid: <integer>
              dhcp6_relay_source_interface: <value in [disable, enable]>
              dhcp6_relay_interface_id: <string>
              dhcp6_relay_source_ip: <string>
            l2forward: <value in [disable, enable]>
            l2tp_client: <value in [disable, enable]>
            lacp_ha_slave: <value in [disable, enable]>
            lacp_mode: <value in [static, passive, active]>
            lacp_speed: <value in [slow, fast]>
            lcp_echo_interval: <integer>
            lcp_max_echo_fails: <integer>
            link_up_delay: <integer>
            listen_forticlient_connection: <value in [disable, enable]>
            lldp_network_policy: <string>
            lldp_reception: <value in [disable, enable, vdom]>
            lldp_transmission: <value in [enable, disable, vdom]>
            log: <value in [disable, enable]>
            macaddr: <string>
            managed_subnetwork_size: <value in [256, 512, 1024, ...]>
            management_ip: <string>
            max_egress_burst_rate: <integer>
            max_egress_rate: <integer>
            measured_downstream_bandwidth: <integer>
            measured_upstream_bandwidth: <integer>
            mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
            member: <list or string>
            min_links: <integer>
            min_links_down: <value in [operational, administrative]>
            mode: <value in [static, dhcp, pppoe, ...]>
            monitor_bandwidth: <value in [disable, enable]>
            mtu: <integer>
            mtu_override: <value in [disable, enable]>
            mux_type: <value in [llc-encaps, vc-encaps]>
            name: <string>
            ndiscforward: <value in [disable, enable]>
            netbios_forward: <value in [disable, enable]>
            netflow_sampler: <value in [disable, tx, rx, ...]>
            np_qos_profile: <integer>
            npu_fastpath: <value in [disable, enable]>
            nst: <value in [disable, enable]>
            out_force_vlan_cos: <integer>
            outbandwidth: <integer>
            padt_retry_timeout: <integer>
            password: <list or string>
            peer_interface: <list or string>
            phy_mode: <value in [auto, adsl, vdsl, ...]>
            ping_serv_status: <integer>
            poe: <value in [disable, enable]>
            polling_interval: <integer>
            pppoe_unnumbered_negotiate: <value in [disable, enable]>
            pptp_auth_type: <value in [auto, pap, chap, ...]>
            pptp_client: <value in [disable, enable]>
            pptp_password: <list or string>
            pptp_server_ip: <string>
            pptp_timeout: <integer>
            pptp_user: <string>
            preserve_session_route: <value in [disable, enable]>
            priority: <integer>
            priority_override: <value in [disable, enable]>
            proxy_captive_portal: <value in [disable, enable]>
            redundant_interface: <string>
            remote_ip: <string>
            replacemsg_override_group: <string>
            retransmission: <value in [disable, enable]>
            ring_rx: <integer>
            ring_tx: <integer>
            role: <value in [lan, wan, dmz, ...]>
            sample_direction: <value in [rx, tx, both]>
            sample_rate: <integer>
            scan_botnet_connections: <value in [disable, block, monitor]>
            secondary_IP: <value in [disable, enable]>
            secondaryip:
              -
                allowaccess:
                  - "https"
                  - "ping"
                  - "ssh"
                  - "snmp"
                  - "http"
                  - "telnet"
                  - "fgfm"
                  - "auto-ipsec"
                  - "radius-acct"
                  - "probe-response"
                  - "capwap"
                  - "dnp"
                  - "ftm"
                  - "fabric"
                  - "speed-test"
                  - "icond"
                  - "scim"
                detectprotocol:
                  - "ping"
                  - "tcp-echo"
                  - "udp-echo"
                detectserver: <string>
                gwdetect: <value in [disable, enable]>
                ha_priority: <integer>
                id: <integer>
                ip: <string>
                ping_serv_status: <integer>
                seq: <integer>
                secip_relay_ip: <string>
            security_8021x_dynamic_vlan_id: <integer>
            security_8021x_master: <string>
            security_8021x_mode: <value in [default, dynamic-vlan, fallback, ...]>
            security_exempt_list: <string>
            security_external_logout: <string>
            security_external_web: <string>
            security_groups: <list or string>
            security_mac_auth_bypass: <value in [disable, enable, mac-auth-only]>
            security_mode: <value in [none, captive-portal, 802.1X]>
            security_redirect_url: <string>
            service_name: <string>
            sflow_sampler: <value in [disable, enable]>
            speed: <value in [auto, 10full, 10half, ...]>
            spillover_threshold: <integer>
            src_check: <value in [disable, enable]>
            status: <value in [down, up]>
            stp: <value in [disable, enable]>
            stp_ha_slave: <value in [disable, enable, priority-adjust]>
            stpforward: <value in [disable, enable]>
            stpforward_mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
            strip_priority_vlan_tag: <value in [disable, enable]>
            subst: <value in [disable, enable]>
            substitute_dst_mac: <string>
            swc_first_create: <integer>
            swc_vlan: <integer>
            switch: <string>
            switch_controller_access_vlan: <value in [disable, enable]>
            switch_controller_arp_inspection: <value in [disable, enable, monitor]>
            switch_controller_auth: <value in [radius, usergroup]>
            switch_controller_dhcp_snooping: <value in [disable, enable]>
            switch_controller_dhcp_snooping_option82: <value in [disable, enable]>
            switch_controller_dhcp_snooping_verify_mac: <value in [disable, enable]>
            switch_controller_feature: <value in [none, default-vlan, quarantine, ...]>
            switch_controller_igmp_snooping: <value in [disable, enable]>
            switch_controller_igmp_snooping_fast_leave: <value in [disable, enable]>
            switch_controller_igmp_snooping_proxy: <value in [disable, enable]>
            switch_controller_iot_scanning: <value in [disable, enable]>
            switch_controller_learning_limit: <integer>
            switch_controller_mgmt_vlan: <integer>
            switch_controller_nac: <string>
            switch_controller_radius_server: <string>
            switch_controller_rspan_mode: <value in [disable, enable]>
            switch_controller_source_ip: <value in [outbound, fixed]>
            switch_controller_traffic_policy: <string>
            tc_mode: <value in [ptm, atm]>
            tcp_mss: <integer>
            trunk: <value in [disable, enable]>
            trust_ip_1: <string>
            trust_ip_2: <string>
            trust_ip_3: <string>
            trust_ip6_1: <string>
            trust_ip6_2: <string>
            trust_ip6_3: <string>
            type: <value in [physical, vlan, aggregate, ...]>
            username: <string>
            vci: <integer>
            vectoring: <value in [disable, enable]>
            vindex: <integer>
            vlan_protocol: <value in [8021q, 8021ad]>
            vlanforward: <value in [disable, enable]>
            vlanid: <integer>
            vpi: <integer>
            vrf: <integer>
            vrrp:
              -
                accept_mode: <value in [disable, enable]>
                adv_interval: <integer>
                ignore_default_route: <value in [disable, enable]>
                preempt: <value in [disable, enable]>
                priority: <integer>
                start_time: <integer>
                status: <value in [disable, enable]>
                version: <value in [2, 3]>
                vrdst: <list or string>
                vrdst_priority: <integer>
                vrgrp: <integer>
                vrid: <integer>
                vrip: <string>
                proxy_arp:
                  -
                    id: <integer>
                    ip: <string>
            vrrp_virtual_mac: <value in [disable, enable]>
            wccp: <value in [disable, enable]>
            weight: <integer>
            wifi_5g_threshold: <string>
            wifi_acl: <value in [deny, allow]>
            wifi_ap_band: <value in [any, 5g-preferred, 5g-only]>
            wifi_auth: <value in [PSK, RADIUS, radius, ...]>
            wifi_auto_connect: <value in [disable, enable]>
            wifi_auto_save: <value in [disable, enable]>
            wifi_broadcast_ssid: <value in [disable, enable]>
            wifi_encrypt: <value in [TKIP, AES]>
            wifi_fragment_threshold: <integer>
            wifi_key: <list or string>
            wifi_keyindex: <integer>
            wifi_mac_filter: <value in [disable, enable]>
            wifi_passphrase: <list or string>
            wifi_radius_server: <string>
            wifi_rts_threshold: <integer>
            wifi_security: <value in [None, WEP64, wep64, ...]>
            wifi_ssid: <string>
            wifi_usergroup: <string>
            wins_ip: <string>
            dhcp_relay_request_all_server: <value in [disable, enable]>
            stp_ha_secondary: <value in [disable, enable, priority-adjust]>
            switch_controller_dynamic: <string>
            auth_cert: <string>
            auth_portal_addr: <string>
            dhcp_classless_route_addition: <value in [disable, enable]>
            dhcp_relay_link_selection: <string>
            dns_server_protocol:
              - "cleartext"
              - "dot"
              - "doh"
            eap_ca_cert: <string>
            eap_identity: <string>
            eap_method: <value in [tls, peap]>
            eap_password: <list or string>
            eap_supplicant: <value in [disable, enable]>
            eap_user_cert: <string>
            ike_saml_server: <string>
            lacp_ha_secondary: <value in [disable, enable]>
            pvc_atm_qos: <value in [cbr, rt-vbr, nrt-vbr, ...]>
            pvc_chan: <integer>
            pvc_crc: <integer>
            pvc_pcr: <integer>
            pvc_scr: <integer>
            pvc_vlan_id: <integer>
            pvc_vlan_rx_id: <integer>
            pvc_vlan_rx_op: <value in [pass-through, replace, remove]>
            pvc_vlan_tx_id: <integer>
            pvc_vlan_tx_op: <value in [pass-through, replace, remove]>
            reachable_time: <integer>
            select_profile_30a_35b: <value in [30A, 35B]>
            sfp_dsl: <value in [disable, enable]>
            sfp_dsl_adsl_fallback: <value in [disable, enable]>
            sfp_dsl_autodetect: <value in [disable, enable]>
            sfp_dsl_mac: <string>
            sw_algorithm: <value in [l2, l3, eh, ...]>
            system_id: <string>
            system_id_type: <value in [auto, user]>
            vlan_id: <integer>
            vlan_op_mode: <value in [tag, untag, passthrough]>
            generic_receive_offload: <value in [disable, enable]>
            interconnect_profile: <value in [default, profile1, profile2]>
            large_receive_offload: <value in [disable, enable]>
            annex: <value in [a, b, j, ...]>
            aggregate_type: <value in [physical, vxlan]>
            switch_controller_netflow_collect: <value in [disable, enable]>
            wifi_dns_server1: <string>
            wifi_dns_server2: <string>
            wifi_gateway: <string>
            default_purdue_level: <value in [1, 2, 3, ...]>
            dhcp_broadcast_flag: <value in [disable, enable]>
            dhcp_smart_relay: <value in [disable, enable]>
            switch_controller_offloading: <value in [disable, enable]>
            switch_controller_offloading_gw: <value in [disable, enable]>
            switch_controller_offloading_ip: <string>
            dhcp_relay_circuit_id: <string>
            dhcp_relay_source_ip: <string>
            switch_controller_offload: <value in [disable, enable]>
            switch_controller_offload_gw: <value in [disable, enable]>
            switch_controller_offload_ip: <string>
            mirroring_direction: <value in [rx, tx, both]>
            mirroring_port: <string>
            port_mirroring: <value in [disable, enable]>
            security_8021x_member_mode: <value in [disable, switch]>
            stp_edge: <value in [disable, enable]>
            dhcp_relay_allow_no_end_option: <value in [disable, enable]>
            netflow_sample_rate: <integer>
            netflow_sampler_id: <integer>
            pppoe_egress_cos: <value in [cos0, cos1, cos2, ...]>
            security_ip_auth_bypass: <value in [disable, enable]>
            virtual_mac: <string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)