fortinet.fortimanager.fmgr_fsp_vlan – no description

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fsp_vlan
dictionary
the top level parameters set
_dhcp-status
string
    Choices:
  • disable
  • enable
_Dhcp-Status.
auth
string
    Choices:
  • radius
  • usergroup
no description
color
integer
Color.
comments
string
no description
dhcp-server
dictionary
no description
auto-configuration
string
    Choices:
  • disable
  • enable
Enable/disable auto configuration.
auto-managed-status
string
    Choices:
  • disable
  • enable
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.
conflicted-ip-timeout
integer
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.
ddns-auth
string
    Choices:
  • disable
  • tsig
DDNS authentication mode.
ddns-key
string
DDNS update key (base 64 encoding).
ddns-keyname
string
DDNS update key name.
ddns-server-ip
string
DDNS server IP.
ddns-ttl
integer
TTL.
ddns-update
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update for DHCP.
ddns-update-override
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update override for DHCP.
ddns-zone
string
Zone of your domain name (ex. DDNS.com).
default-gateway
string
Default gateway IP address assigned by the DHCP server.
dhcp-settings-from-fortiipam
string
    Choices:
  • disable
  • enable
Enable/disable populating of DHCP server settings from FortiIPAM.
dns-server1
string
DNS server 1.
dns-server2
string
DNS server 2.
dns-server3
string
DNS server 3.
dns-server4
string
DNS server 4.
dns-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning DNS servers to DHCP clients.
domain
string
Domain name suffix for the IP addresses that the DHCP server assigns to clients.
enable
string
    Choices:
  • disable
  • enable
Enable.
exclude-range
list / elements=string
Exclude-Range.
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
filename
string
Name of the boot file on the TFTP server.
forticlient-on-net-status
string
    Choices:
  • disable
  • enable
Enable/disable FortiClient-On-Net service for this DHCP server.
id
integer
ID.
ip-mode
string
    Choices:
  • range
  • usrgrp
Method used to assign client IP.
ip-range
list / elements=string
Ip-Range.
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
ipsec-lease-hold
integer
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry).
lease-time
integer
Lease time in seconds, 0 means unlimited.
mac-acl-default-action
string
    Choices:
  • assign
  • block
MAC access control default action (allow or block assigning IP settings).
netmask
string
Netmask assigned by the DHCP server.
next-server
string
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
ntp-server1
string
NTP server 1.
ntp-server2
string
NTP server 2.
ntp-server3
string
NTP server 3.
ntp-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
option1
string
Option1.
option2
string
Option2.
option3
string
Option3.
option4
string
Option4.
option5
string
Option5.
option6
string
Option6.
options
list / elements=string
Options.
code
integer
DHCP option code.
id
integer
ID.
ip
string
DHCP option IPs.
type
string
    Choices:
  • hex
  • string
  • ip
  • fqdn
DHCP option type.
value
string
DHCP option value.
reserved-address
list / elements=string
Reserved-Address.
action
string
    Choices:
  • assign
  • block
  • reserved
Options for the DHCP server to configure the client with the reserved MAC address.
circuit-id
string
Option 82 circuit-ID of the client that will get the reserved IP address.
circuit-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
description
string
Description.
id
integer
ID.
ip
string
IP address to be reserved for the MAC address.
mac
string
MAC address of the client that will get the reserved IP address.
remote-id
string
Option 82 remote-ID of the client that will get the reserved IP address.
remote-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
type
string
    Choices:
  • mac
  • option82
DHCP reserved-address type.
server-type
string
    Choices:
  • regular
  • ipsec
DHCP server can be a normal DHCP server or an IPsec DHCP server.
status
string
    Choices:
  • disable
  • enable
Enable/disable this DHCP configuration.
tftp-server
string
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.
timezone
string
    Choices:
  • 00
  • 01
  • 02
  • 03
  • 04
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
Select the time zone to be assigned to DHCP clients.
timezone-option
string
    Choices:
  • disable
  • default
  • specify
Options for the DHCP server to set the clients time zone.
vci-match
string
    Choices:
  • disable
  • enable
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served.
vci-string
string
One or more VCI strings in quotes separated by spaces.
wifi-ac-service
string
    Choices:
  • specify
  • local
Options for assigning WiFi Access Controllers to DHCP clients
wifi-ac1
string
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
wifi-ac2
string
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
wifi-ac3
string
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
wins-server1
string
WINS server 1.
wins-server2
string
WINS server 2.
dynamic_mapping
list / elements=string
Dynamic_Mapping.
_dhcp-status
string
    Choices:
  • disable
  • enable
_Dhcp-Status.
_scope
list / elements=string
_Scope.
name
string
Name.
vdom
string
Vdom.
dhcp-server
dictionary
no description
auto-configuration
string
    Choices:
  • disable
  • enable
Enable/disable auto configuration.
auto-managed-status
string
    Choices:
  • disable
  • enable
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.
conflicted-ip-timeout
integer
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.
ddns-auth
string
    Choices:
  • disable
  • tsig
DDNS authentication mode.
ddns-key
string
DDNS update key (base 64 encoding).
ddns-keyname
string
DDNS update key name.
ddns-server-ip
string
DDNS server IP.
ddns-ttl
integer
TTL.
ddns-update
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update for DHCP.
ddns-update-override
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update override for DHCP.
ddns-zone
string
Zone of your domain name (ex. DDNS.com).
default-gateway
string
Default gateway IP address assigned by the DHCP server.
dhcp-settings-from-fortiipam
string
    Choices:
  • disable
  • enable
Enable/disable populating of DHCP server settings from FortiIPAM.
dns-server1
string
DNS server 1.
dns-server2
string
DNS server 2.
dns-server3
string
DNS server 3.
dns-server4
string
DNS server 4.
dns-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning DNS servers to DHCP clients.
domain
string
Domain name suffix for the IP addresses that the DHCP server assigns to clients.
enable
string
    Choices:
  • disable
  • enable
Enable.
exclude-range
list / elements=string
Exclude-Range.
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
filename
string
Name of the boot file on the TFTP server.
forticlient-on-net-status
string
    Choices:
  • disable
  • enable
Enable/disable FortiClient-On-Net service for this DHCP server.
id
integer
ID.
ip-mode
string
    Choices:
  • range
  • usrgrp
Method used to assign client IP.
ip-range
list / elements=string
Ip-Range.
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
ipsec-lease-hold
integer
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry).
lease-time
integer
Lease time in seconds, 0 means unlimited.
mac-acl-default-action
string
    Choices:
  • assign
  • block
MAC access control default action (allow or block assigning IP settings).
netmask
string
Netmask assigned by the DHCP server.
next-server
string
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
ntp-server1
string
NTP server 1.
ntp-server2
string
NTP server 2.
ntp-server3
string
NTP server 3.
ntp-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
option1
string
Option1.
option2
string
Option2.
option3
string
Option3.
option4
string
Option4.
option5
string
Option5.
option6
string
Option6.
options
list / elements=string
Options.
code
integer
DHCP option code.
id
integer
ID.
ip
string
DHCP option IPs.
type
string
    Choices:
  • hex
  • string
  • ip
  • fqdn
DHCP option type.
value
string
DHCP option value.
reserved-address
list / elements=string
Reserved-Address.
action
string
    Choices:
  • assign
  • block
  • reserved
Options for the DHCP server to configure the client with the reserved MAC address.
circuit-id
string
Option 82 circuit-ID of the client that will get the reserved IP address.
circuit-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
description
string
Description.
id
integer
ID.
ip
string
IP address to be reserved for the MAC address.
mac
string
MAC address of the client that will get the reserved IP address.
remote-id
string
Option 82 remote-ID of the client that will get the reserved IP address.
remote-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
type
string
    Choices:
  • mac
  • option82
DHCP reserved-address type.
server-type
string
    Choices:
  • regular
  • ipsec
DHCP server can be a normal DHCP server or an IPsec DHCP server.
status
string
    Choices:
  • disable
  • enable
Enable/disable this DHCP configuration.
tftp-server
string
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.
timezone
string
    Choices:
  • 00
  • 01
  • 02
  • 03
  • 04
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
Select the time zone to be assigned to DHCP clients.
timezone-option
string
    Choices:
  • disable
  • default
  • specify
Options for the DHCP server to set the clients time zone.
vci-match
string
    Choices:
  • disable
  • enable
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are...
vci-string
string
One or more VCI strings in quotes separated by spaces.
wifi-ac-service
string
    Choices:
  • specify
  • local
Options for assigning WiFi Access Controllers to DHCP clients
wifi-ac1
string
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
wifi-ac2
string
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
wifi-ac3
string
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
wins-server1
string
WINS server 1.
wins-server2
string
WINS server 2.
interface
dictionary
no description
dhcp-relay-agent-option
string
    Choices:
  • disable
  • enable
Dhcp-Relay-Agent-Option.
dhcp-relay-ip
string
Dhcp-Relay-Ip.
dhcp-relay-service
string
    Choices:
  • disable
  • enable
Dhcp-Relay-Service.
dhcp-relay-type
string
    Choices:
  • regular
  • ipsec
Dhcp-Relay-Type.
ip
string
Ip.
ipv6
dictionary
no description
autoconf
string
    Choices:
  • disable
  • enable
Enable/disable address auto config.
cli-conn6-status
integer
Cli-Conn6-Status.
dhcp6-client-options
list / elements=string
    Choices:
  • rapid
  • iapd
  • iana
  • dns
  • dnsname
Dhcp6-Client-Options.
dhcp6-information-request
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 information request.
dhcp6-prefix-delegation
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 prefix delegation.
dhcp6-prefix-hint
string
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
dhcp6-prefix-hint-plt
integer
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
dhcp6-prefix-hint-vlt
integer
DHCPv6 prefix hint valid life time (sec).
dhcp6-relay-ip
string
DHCPv6 relay IP address.
dhcp6-relay-service
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 relay.
dhcp6-relay-type
string
    Choices:
  • regular
DHCPv6 relay type.
icmp6-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMPv6 redirects.
interface-identifier
string
IPv6 interface identifier.
ip6-address
string
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
  • fabric
Allow management access to the interface.
ip6-default-life
integer
Default life (sec).
ip6-delegated-prefix-list
list / elements=string
Ip6-Delegated-Prefix-List.
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
prefix-id
integer
Prefix ID.
rdnss
string
Recursive DNS server option.
rdnss-service
string
    Choices:
  • delegated
  • default
  • specify
Recursive DNS service option.
subnet
string
Add subnet ID to routing prefix.
upstream-interface
string
Name of the interface that provides delegated information.
ip6-dns-server-override
string
    Choices:
  • disable
  • enable
Enable/disable using the DNS server acquired by DHCP.
ip6-extra-addr
list / elements=string
Ip6-Extra-Addr.
prefix
string
IPv6 address prefix.
ip6-hop-limit
integer
Hop limit (0 means unspecified).
ip6-link-mtu
integer
IPv6 link MTU.
ip6-manage-flag
string
    Choices:
  • disable
  • enable
Enable/disable the managed flag.
ip6-max-interval
integer
IPv6 maximum interval (4 to 1800 sec).
ip6-min-interval
integer
IPv6 minimum interval (3 to 1350 sec).
ip6-mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
Addressing mode (static, DHCP, delegated).
ip6-other-flag
string
    Choices:
  • disable
  • enable
Enable/disable the other IPv6 flag.
ip6-prefix-list
list / elements=string
Ip6-Prefix-List.
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
dnssl
string
DNS search list option.
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
preferred-life-time
integer
Preferred life time (sec).
prefix
string
IPv6 prefix.
rdnss
string
Recursive DNS server option.
valid-life-time
integer
Valid life time (sec).
ip6-prefix-mode
string
    Choices:
  • dhcp6
  • ra
Assigning a prefix from DHCP or RA.
ip6-reachable-time
integer
IPv6 reachable time (milliseconds; 0 means unspecified).
ip6-retrans-time
integer
IPv6 retransmit time (milliseconds; 0 means unspecified).
ip6-send-adv
string
    Choices:
  • disable
  • enable
Enable/disable sending advertisements about the interface.
ip6-subnet
string
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-upstream-interface
string
Interface name providing delegated information.
nd-cert
string
Neighbor discovery certificate.
nd-cga-modifier
string
Neighbor discovery CGA modifier.
nd-mode
string
    Choices:
  • basic
  • SEND-compatible
Neighbor discovery mode.
nd-security-level
integer
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0).
nd-timestamp-delta
integer
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300).
nd-timestamp-fuzz
integer
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1).
ra-send-mtu
string
    Choices:
  • disable
  • enable
Enable/disable sending link MTU in RA packet.
unique-autoconf-addr
string
    Choices:
  • disable
  • enable
Enable/disable unique auto config address.
vrip6_link_local
string
Link-local IPv6 address of virtual router.
vrrp-virtual-mac6
string
    Choices:
  • disable
  • enable
Enable/disable virtual MAC for VRRP.
vrrp6
list / elements=string
Vrrp6.
accept-mode
string
    Choices:
  • disable
  • enable
Enable/disable accept mode.
adv-interval
integer
Advertisement interval (1 - 255 seconds).
preempt
string
    Choices:
  • disable
  • enable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start-time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • disable
  • enable
Enable/disable VRRP.
vrdst6
string
Monitor the route to this destination.
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer
Virtual router identifier (1 - 255).
vrip6
string
IPv6 address of the virtual router.
secondary-IP
string
    Choices:
  • disable
  • enable
Secondary-Ip.
secondaryip
list / elements=string
Secondaryip.
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
Management access settings for the secondary IP address.
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
Protocols used to detect the server.
detectserver
string
Gateways ping server for this IP.
gwdetect
string
    Choices:
  • disable
  • enable
Enable/disable detect gateway alive for first.
ha-priority
integer
HA election priority for the PING server.
id
integer
ID.
ip
string
Secondary IP address of the interface.
ping-serv-status
integer
Ping-Serv-Status.
seq
integer
Seq.
vlanid
integer
Vlanid.
interface
dictionary
no description
ac-name
string
PPPoE server name.
aggregate
string
Aggregate.
algorithm
string
    Choices:
  • L2
  • L3
  • L4
Frame distribution algorithm.
alias
string
Alias will be displayed with the interface name to make it easier to distinguish.
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
Permitted types of management access to this interface.
ap-discover
string
    Choices:
  • disable
  • enable
Enable/disable automatic registration of unknown FortiAP devices.
arpforward
string
    Choices:
  • disable
  • enable
Enable/disable ARP forwarding.
atm-protocol
string
    Choices:
  • none
  • ipoa
ATM protocol.
auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
PPP authentication type to use.
auto-auth-extension-device
string
    Choices:
  • disable
  • enable
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface.
bandwidth-measure-time
integer
Bandwidth measure time
bfd
string
    Choices:
  • global
  • enable
  • disable
Bidirectional Forwarding Detection (BFD) settings.
bfd-desired-min-tx
integer
BFD desired minimal transmit interval.
bfd-detect-mult
integer
BFD detection multiplier.
bfd-required-min-rx
integer
BFD required minimal receive interval.
broadcast-forticlient-discovery
string
    Choices:
  • disable
  • enable
Broadcast-Forticlient-Discovery.
broadcast-forward
string
    Choices:
  • disable
  • enable
Enable/disable broadcast forwarding.
captive-portal
integer
Enable/disable captive portal.
cli-conn-status
integer
Cli-Conn-Status.
color
integer
Color of icon on the GUI.
ddns
string
    Choices:
  • disable
  • enable
Ddns.
ddns-auth
string
    Choices:
  • disable
  • tsig
Ddns-Auth.
ddns-domain
string
Ddns-Domain.
ddns-key
string
Ddns-Key.
ddns-keyname
string
Ddns-Keyname.
ddns-password
string
Ddns-Password.
ddns-server
string
    Choices:
  • dhs.org
  • dyndns.org
  • dyns.net
  • tzo.com
  • ods.org
  • vavic.com
  • now.net.cn
  • dipdns.net
  • easydns.com
  • genericDDNS
Ddns-Server.
ddns-server-ip
string
Ddns-Server-Ip.
ddns-sn
string
Ddns-Sn.
ddns-ttl
integer
Ddns-Ttl.
ddns-username
string
Ddns-Username.
ddns-zone
string
Ddns-Zone.
dedicated-to
string
    Choices:
  • none
  • management
Configure interface for single purpose.
defaultgw
string
    Choices:
  • disable
  • enable
Enable to get the gateway IP from the DHCP or PPPoE server.
description
string
Description.
detected-peer-mtu
integer
Detected-Peer-Mtu.
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
Protocols used to detect the server.
detectserver
string
Gateways ping server for this IP.
device-access-list
string
Device-Access-List.
device-identification
string
    Choices:
  • disable
  • enable
Enable/disable passively gathering of device identity information about the devices on the network connected to this i...
device-identification-active-scan
string
    Choices:
  • disable
  • enable
Device-Identification-Active-Scan.
device-netscan
string
    Choices:
  • disable
  • enable
Device-Netscan.
device-user-identification
string
    Choices:
  • disable
  • enable
Enable/disable passive gathering of user identity information about users on this interface.
devindex
integer
Devindex.
dhcp-client-identifier
string
DHCP client identifier.
dhcp-relay-agent-option
string
    Choices:
  • disable
  • enable
Enable/disable DHCP relay agent option.
dhcp-relay-interface
string
Specify outgoing interface to reach server.
dhcp-relay-interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
Specify how to select outgoing interface to reach server.
dhcp-relay-ip
string
DHCP relay IP address.
dhcp-relay-request-all-server
string
    Choices:
  • disable
  • enable
Enable/disable sending of DHCP requests to all servers.
dhcp-relay-service
string
    Choices:
  • disable
  • enable
Enable/disable allowing this interface to act as a DHCP relay.
dhcp-relay-type
string
    Choices:
  • regular
  • ipsec
DHCP relay type (regular or IPsec).
dhcp-renew-time
integer
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
disc-retry-timeout
integer
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
disconnect-threshold
integer
Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
distance
integer
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
dns-query
string
    Choices:
  • disable
  • recursive
  • non-recursive
Dns-Query.
dns-server-override
string
    Choices:
  • disable
  • enable
Enable/disable use DNS acquired by DHCP or PPPoE.
drop-fragment
string
    Choices:
  • disable
  • enable
Enable/disable drop fragment packets.
drop-overlapped-fragment
string
    Choices:
  • disable
  • enable
Enable/disable drop overlapped fragment packets.
egress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
Override outgoing CoS in user VLAN tag.
egress-shaping-profile
string
Outgoing traffic shaping profile.
eip
string
Eip.
endpoint-compliance
string
    Choices:
  • disable
  • enable
Endpoint-Compliance.
estimated-downstream-bandwidth
integer
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
estimated-upstream-bandwidth
integer
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
explicit-ftp-proxy
string
    Choices:
  • disable
  • enable
Enable/disable the explicit FTP proxy on this interface.
explicit-web-proxy
string
    Choices:
  • disable
  • enable
Enable/disable the explicit web proxy on this interface.
external
string
    Choices:
  • disable
  • enable
Enable/disable identifying the interface as an external interface (which usually means its connected to the Internet).
fail-action-on-extender
string
    Choices:
  • soft-restart
  • hard-restart
  • reboot
Action on extender when interface fail .
fail-alert-interfaces
string
Names of the FortiGate interfaces to which the link failure alert is sent.
fail-alert-method
string
    Choices:
  • link-failed-signal
  • link-down
Select link-failed-signal or link-down method to alert about a failed link.
fail-detect
string
    Choices:
  • disable
  • enable
Enable/disable fail detection features for this interface.
fail-detect-option
list / elements=string
    Choices:
  • detectserver
  • link-down
Options for detecting that this interface has failed.
fdp
string
    Choices:
  • disable
  • enable
Fdp.
fortiheartbeat
string
    Choices:
  • disable
  • enable
Fortiheartbeat.
fortilink
string
    Choices:
  • disable
  • enable
Enable FortiLink to dedicate this interface to manage other Fortinet devices.
fortilink-backup-link
integer
Fortilink-Backup-Link.
fortilink-neighbor-detect
string
    Choices:
  • lldp
  • fortilink
Protocol for FortiGate neighbor discovery.
fortilink-split-interface
string
    Choices:
  • disable
  • enable
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy.
fortilink-stacking
string
    Choices:
  • disable
  • enable
Enable/disable FortiLink switch-stacking on this interface.
forward-domain
integer
Transparent mode forward domain.
forward-error-correction
string
    Choices:
  • disable
  • enable
  • rs-fec
  • base-r-fec
  • fec-cl91
  • fec-cl74
Enable/disable forward error correction (FEC Clause 91).
fp-anomaly
list / elements=string
    Choices:
  • drop_tcp_fin_noack
  • pass_winnuke
  • pass_tcpland
  • pass_udpland
  • pass_icmpland
  • pass_ipland
  • pass_iprr
  • pass_ipssrr
  • pass_iplsrr
  • pass_ipstream
  • pass_ipsecurity
  • pass_iptimestamp
  • pass_ipunknown_option
  • pass_ipunknown_prot
  • pass_icmp_frag
  • pass_tcp_no_flag
  • pass_tcp_fin_noack
  • drop_winnuke
  • drop_tcpland
  • drop_udpland
  • drop_icmpland
  • drop_ipland
  • drop_iprr
  • drop_ipssrr
  • drop_iplsrr
  • drop_ipstream
  • drop_ipsecurity
  • drop_iptimestamp
  • drop_ipunknown_option
  • drop_ipunknown_prot
  • drop_icmp_frag
  • drop_tcp_no_flag
Fp-Anomaly.
fp-disable
list / elements=string
    Choices:
  • all
  • ipsec
  • none
Fp-Disable.
gateway-address
string
Gateway address
gi-gk
string
    Choices:
  • disable
  • enable
Enable/disable Gi Gatekeeper.
gwaddr
string
Gateway address
gwdetect
string
    Choices:
  • disable
  • enable
Enable/disable detect gateway alive for first.
ha-priority
integer
HA election priority for the PING server.
icmp-accept-redirect
string
    Choices:
  • disable
  • enable
Enable/disable ICMP accept redirect.
icmp-redirect
string
    Choices:
  • disable
  • enable
Icmp-Redirect.
icmp-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMP redirects.
ident-accept
string
    Choices:
  • disable
  • enable
Enable/disable authentication for this interface.
idle-timeout
integer
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
if-mdix
string
    Choices:
  • auto
  • normal
  • crossover
If-Mdix.
if-media
string
    Choices:
  • auto
  • copper
  • fiber
If-Media.
in-force-vlan-cos
integer
In-Force-Vlan-Cos.
inbandwidth
integer
Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited.
ingress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface.
ingress-shaping-profile
string
Incoming traffic shaping profile.
ingress-spillover-threshold
integer
Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
internal
integer
Implicitly created.
ip
string
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
ip-managed-by-fortiipam
string
    Choices:
  • disable
  • enable
Enable/disable automatic IP address assignment of this interface by FortiIPAM.
ipmac
string
    Choices:
  • disable
  • enable
Enable/disable IP/MAC binding.
ips-sniffer-mode
string
    Choices:
  • disable
  • enable
Enable/disable the use of this interface as a one-armed sniffer.
ipunnumbered
string
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
ipv6
dictionary
no description
autoconf
string
    Choices:
  • disable
  • enable
Enable/disable address auto config.
cli-conn6-status
integer
Cli-Conn6-Status.
dhcp6-client-options
list / elements=string
    Choices:
  • rapid
  • iapd
  • iana
  • dns
  • dnsname
Dhcp6-Client-Options.
dhcp6-information-request
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 information request.
dhcp6-prefix-delegation
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 prefix delegation.
dhcp6-prefix-hint
string
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
dhcp6-prefix-hint-plt
integer
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
dhcp6-prefix-hint-vlt
integer
DHCPv6 prefix hint valid life time (sec).
dhcp6-relay-ip
string
DHCPv6 relay IP address.
dhcp6-relay-service
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 relay.
dhcp6-relay-type
string
    Choices:
  • regular
DHCPv6 relay type.
icmp6-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMPv6 redirects.
interface-identifier
string
IPv6 interface identifier.
ip6-address
string
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
  • fabric
Allow management access to the interface.
ip6-default-life
integer
Default life (sec).
ip6-delegated-prefix-list
list / elements=string
Ip6-Delegated-Prefix-List.
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
prefix-id
integer
Prefix ID.
rdnss
string
Recursive DNS server option.
rdnss-service
string
    Choices:
  • delegated
  • default
  • specify
Recursive DNS service option.
subnet
string
Add subnet ID to routing prefix.
upstream-interface
string
Name of the interface that provides delegated information.
ip6-dns-server-override
string
    Choices:
  • disable
  • enable
Enable/disable using the DNS server acquired by DHCP.
ip6-extra-addr
list / elements=string
Ip6-Extra-Addr.
prefix
string
IPv6 address prefix.
ip6-hop-limit
integer
Hop limit (0 means unspecified).
ip6-link-mtu
integer
IPv6 link MTU.
ip6-manage-flag
string
    Choices:
  • disable
  • enable
Enable/disable the managed flag.
ip6-max-interval
integer
IPv6 maximum interval (4 to 1800 sec).
ip6-min-interval
integer
IPv6 minimum interval (3 to 1350 sec).
ip6-mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
Addressing mode (static, DHCP, delegated).
ip6-other-flag
string
    Choices:
  • disable
  • enable
Enable/disable the other IPv6 flag.
ip6-prefix-list
list / elements=string
Ip6-Prefix-List.
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
dnssl
string
DNS search list option.
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
preferred-life-time
integer
Preferred life time (sec).
prefix
string
IPv6 prefix.
rdnss
string
Recursive DNS server option.
valid-life-time
integer
Valid life time (sec).
ip6-prefix-mode
string
    Choices:
  • dhcp6
  • ra
Assigning a prefix from DHCP or RA.
ip6-reachable-time
integer
IPv6 reachable time (milliseconds; 0 means unspecified).
ip6-retrans-time
integer
IPv6 retransmit time (milliseconds; 0 means unspecified).
ip6-send-adv
string
    Choices:
  • disable
  • enable
Enable/disable sending advertisements about the interface.
ip6-subnet
string
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-upstream-interface
string
Interface name providing delegated information.
nd-cert
string
Neighbor discovery certificate.
nd-cga-modifier
string
Neighbor discovery CGA modifier.
nd-mode
string
    Choices:
  • basic
  • SEND-compatible
Neighbor discovery mode.
nd-security-level
integer
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0).
nd-timestamp-delta
integer
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300).
nd-timestamp-fuzz
integer
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1).
ra-send-mtu
string
    Choices:
  • disable
  • enable
Enable/disable sending link MTU in RA packet.
unique-autoconf-addr
string
    Choices:
  • disable
  • enable
Enable/disable unique auto config address.
vrip6_link_local
string
Link-local IPv6 address of virtual router.
vrrp-virtual-mac6
string
    Choices:
  • disable
  • enable
Enable/disable virtual MAC for VRRP.
vrrp6
list / elements=string
Vrrp6.
accept-mode
string
    Choices:
  • disable
  • enable
Enable/disable accept mode.
adv-interval
integer
Advertisement interval (1 - 255 seconds).
preempt
string
    Choices:
  • disable
  • enable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start-time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • disable
  • enable
Enable/disable VRRP.
vrdst6
string
Monitor the route to this destination.
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer
Virtual router identifier (1 - 255).
vrip6
string
IPv6 address of the virtual router.
l2forward
string
    Choices:
  • disable
  • enable
Enable/disable l2 forwarding.
l2tp-client
string
    Choices:
  • disable
  • enable
Enable/disable this interface as a Layer 2 Tunnelling Protocol (L2TP) client.
lacp-ha-slave
string
    Choices:
  • disable
  • enable
LACP HA slave.
lacp-mode
string
    Choices:
  • static
  • passive
  • active
LACP mode.
lacp-speed
string
    Choices:
  • slow
  • fast
How often the interface sends LACP messages.
lcp-echo-interval
integer
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
lcp-max-echo-fails
integer
Maximum missed LCP echo messages before disconnect.
link-up-delay
integer
Number of milliseconds to wait before considering a link is up.
listen-forticlient-connection
string
    Choices:
  • disable
  • enable
Listen-Forticlient-Connection.
lldp-network-policy
string
LLDP-MED network policy profile.
lldp-reception
string
    Choices:
  • disable
  • enable
  • vdom
Enable/disable Link Layer Discovery Protocol (LLDP) reception.
lldp-transmission
string
    Choices:
  • enable
  • disable
  • vdom
Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
log
string
    Choices:
  • disable
  • enable
Log.
macaddr
string
Change the interfaces MAC address.
managed-subnetwork-size
string
    Choices:
  • 256
  • 512
  • 1024
  • 2048
  • 4096
  • 8192
  • 16384
  • 32768
  • 65536
Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate units DHCP server settings.
management-ip
string
High Availability in-band management IP address of this interface.
max-egress-burst-rate
integer
Max-Egress-Burst-Rate.
max-egress-rate
integer
Max-Egress-Rate.
measured-downstream-bandwidth
integer
Measured downstream bandwidth (kbps).
measured-upstream-bandwidth
integer
Measured upstream bandwidth (kbps).
mediatype
string
    Choices:
  • serdes-sfp
  • sgmii-sfp
  • cfp2-sr10
  • cfp2-lr4
  • serdes-copper-sfp
  • sr
  • cr
  • lr
  • qsfp28-sr4
  • qsfp28-lr4
  • qsfp28-cr4
  • sr4
  • cr4
  • lr4
Select SFP media interface type
member
string
Physical interfaces that belong to the aggregate or redundant interface.
min-links
integer
Minimum number of aggregated ports that must be up.
min-links-down
string
    Choices:
  • operational
  • administrative
Action to take when less than the configured minimum number of links are active.
mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • pppoa
  • ipoa
  • eoa
Addressing mode (static, DHCP, PPPoE).
monitor-bandwidth
string
    Choices:
  • disable
  • enable
Enable monitoring bandwidth on this interface.
mtu
integer
MTU value for this interface.
mtu-override
string
    Choices:
  • disable
  • enable
Enable to set a custom MTU for this interface.
mux-type
string
    Choices:
  • llc-encaps
  • vc-encaps
Multiplexer type
name
string
Name.
ndiscforward
string
    Choices:
  • disable
  • enable
Enable/disable NDISC forwarding.
netbios-forward
string
    Choices:
  • disable
  • enable
Enable/disable NETBIOS forwarding.
netflow-sampler
string
    Choices:
  • disable
  • tx
  • rx
  • both
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both).
np-qos-profile
integer
Np-Qos-Profile.
npu-fastpath
string
    Choices:
  • disable
  • enable
Npu-Fastpath.
nst
string
    Choices:
  • disable
  • enable
Nst.
out-force-vlan-cos
integer
Out-Force-Vlan-Cos.
outbandwidth
integer
Bandwidth limit for outgoing traffic (0 - 16776000 kbps), 0 means unlimited.
padt-retry-timeout
integer
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
password
string
PPPoE accounts password.
peer-interface
string
Peer-Interface.
phy-mode
string
    Choices:
  • auto
  • adsl
  • vdsl
DSL physical mode.
ping-serv-status
integer
Ping-Serv-Status.
poe
string
    Choices:
  • disable
  • enable
Enable/disable PoE status.
polling-interval
integer
sFlow polling interval (1 - 255 sec).
pppoe-unnumbered-negotiate
string
    Choices:
  • disable
  • enable
Enable/disable PPPoE unnumbered negotiation.
pptp-auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
PPTP authentication type.
pptp-client
string
    Choices:
  • disable
  • enable
Enable/disable PPTP client.
pptp-password
string
PPTP password.
pptp-server-ip
string
PPTP server IP address.
pptp-timeout
integer
Idle timer in minutes (0 for disabled).
pptp-user
string
PPTP user name.
preserve-session-route
string
    Choices:
  • disable
  • enable
Enable/disable preservation of session route when dirty.
priority
integer
Priority of learned routes.
priority-override
string
    Choices:
  • disable
  • enable
Enable/disable fail back to higher priority port once recovered.
proxy-captive-portal
string
    Choices:
  • disable
  • enable
Enable/disable proxy captive portal on this interface.
redundant-interface
string
Redundant-Interface.
remote-ip
string
Remote IP address of tunnel.
replacemsg-override-group
string
Replacement message override group.
retransmission
string
    Choices:
  • disable
  • enable
Enable/disable DSL retransmission.
ring-rx
integer
RX ring size.
ring-tx
integer
TX ring size.
role
string
    Choices:
  • lan
  • wan
  • dmz
  • undefined
Interface role.
sample-direction
string
    Choices:
  • rx
  • tx
  • both
Data that NetFlow collects (rx, tx, or both).
sample-rate
integer
sFlow sample rate (10 - 99999).
scan-botnet-connections
string
    Choices:
  • disable
  • block
  • monitor
Scan-Botnet-Connections.
secondary-IP
string
    Choices:
  • disable
  • enable
Enable/disable adding a secondary IP to this interface.
secondaryip
list / elements=string
Secondaryip.
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
Management access settings for the secondary IP address.
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
Protocols used to detect the server.
detectserver
string
Gateways ping server for this IP.
gwdetect
string
    Choices:
  • disable
  • enable
Enable/disable detect gateway alive for first.
ha-priority
integer
HA election priority for the PING server.
id
integer
ID.
ip
string
Secondary IP address of the interface.
ping-serv-status
integer
Ping-Serv-Status.
seq
integer
Seq.
security-8021x-dynamic-vlan-id
integer
VLAN ID for virtual switch.
security-8021x-master
string
802.1X master virtual-switch.
security-8021x-mode
string
    Choices:
  • default
  • dynamic-vlan
  • fallback
  • slave
802.1X mode.
security-exempt-list
string
Name of security-exempt-list.
security-external-logout
string
URL of external authentication logout server.
security-external-web
string
URL of external authentication web server.
security-groups
string
User groups that can authenticate with the captive portal.
security-mac-auth-bypass
string
    Choices:
  • disable
  • enable
  • mac-auth-only
Enable/disable MAC authentication bypass.
security-mode
string
    Choices:
  • none
  • captive-portal
  • 802.1X
Turn on captive portal authentication for this interface.
security-redirect-url
string
URL redirection after disclaimer/authentication.
service-name
string
PPPoE service name.
sflow-sampler
string
    Choices:
  • disable
  • enable
Enable/disable sFlow on this interface.
speed
string
    Choices:
  • auto
  • 10full
  • 10half
  • 100full
  • 100half
  • 1000full
  • 1000half
  • 10000full
  • 1000auto
  • 10000auto
  • 40000full
  • 100Gfull
  • 25000full
  • 40000auto
  • 25000auto
  • 100Gauto
Interface speed. The default setting and the options available depend on the interface hardware.
spillover-threshold
integer
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
src-check
string
    Choices:
  • disable
  • enable
Enable/disable source IP check.
status
string
    Choices:
  • down
  • up
Bring the interface up or shut the interface down.
stp
string
    Choices:
  • disable
  • enable
Enable/disable STP.
stp-ha-secondary
string
    Choices:
  • disable
  • enable
  • priority-adjust
Control STP behaviour on HA secondary.
stp-ha-slave
string
    Choices:
  • disable
  • enable
  • priority-adjust
Control STP behaviour on HA slave.
stpforward
string
    Choices:
  • disable
  • enable
Enable/disable STP forwarding.
stpforward-mode
string
    Choices:
  • rpl-all-ext-id
  • rpl-bridge-ext-id
  • rpl-nothing
Configure STP forwarding mode.
strip-priority-vlan-tag
string
    Choices:
  • disable
  • enable
Strip-Priority-Vlan-Tag.
subst
string
    Choices:
  • disable
  • enable
Enable to always send packets from this interface to a destination MAC address.
substitute-dst-mac
string
Destination MAC address that all packets are sent to from this interface.
swc-first-create
integer
Initial create for switch-controller VLANs.
swc-vlan
integer
Swc-Vlan.
switch
string
Switch.
switch-controller-access-vlan
string
    Choices:
  • disable
  • enable
Block FortiSwitch port-to-port traffic.
switch-controller-arp-inspection
string
    Choices:
  • disable
  • enable
Enable/disable FortiSwitch ARP inspection.
switch-controller-auth
string
    Choices:
  • radius
  • usergroup
Switch-Controller-Auth.
switch-controller-dhcp-snooping
string
    Choices:
  • disable
  • enable
Switch controller DHCP snooping.
switch-controller-dhcp-snooping-option82
string
    Choices:
  • disable
  • enable
Switch controller DHCP snooping option82.
switch-controller-dhcp-snooping-verify-mac
string
    Choices:
  • disable
  • enable
Switch controller DHCP snooping verify MAC.
switch-controller-dynamic
string
Integrated FortiLink settings for managed FortiSwitch.
switch-controller-feature
string
    Choices:
  • none
  • default-vlan
  • quarantine
  • sniffer
  • voice
  • camera
  • rspan
  • video
  • nac
Interfaces purpose when assigning traffic (read only).
switch-controller-igmp-snooping
string
    Choices:
  • disable
  • enable
Switch controller IGMP snooping.
switch-controller-igmp-snooping-fast-leave
string
    Choices:
  • disable
  • enable
Switch controller IGMP snooping fast-leave.
switch-controller-igmp-snooping-proxy
string
    Choices:
  • disable
  • enable
Switch controller IGMP snooping proxy.
switch-controller-iot-scanning
string
    Choices:
  • disable
  • enable
Enable/disable managed FortiSwitch IoT scanning.
switch-controller-learning-limit
integer
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
switch-controller-mgmt-vlan
integer
VLAN to use for FortiLink management purposes.
switch-controller-nac
string
Integrated NAC settings for managed FortiSwitch.
switch-controller-radius-server
string
Switch-Controller-Radius-Server.
switch-controller-rspan-mode
string
    Choices:
  • disable
  • enable
Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface.
switch-controller-source-ip
string
    Choices:
  • outbound
  • fixed
Source IP address used in FortiLink over L3 connections.
switch-controller-traffic-policy
string
Switch controller traffic policy for the VLAN.
tc-mode
string
    Choices:
  • ptm
  • atm
DSL transfer mode.
tcp-mss
integer
TCP maximum segment size. 0 means do not change segment size.
trunk
string
    Choices:
  • disable
  • enable
Enable/disable VLAN trunk.
trust-ip-1
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip-2
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip-3
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip6-1
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust-ip6-2
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust-ip6-3
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
type
string
    Choices:
  • physical
  • vlan
  • aggregate
  • redundant
  • tunnel
  • wireless
  • vdom-link
  • loopback
  • switch
  • hard-switch
  • hdlc
  • vap-switch
  • wl-mesh
  • fortilink
  • switch-vlan
  • fctrl-trunk
  • tdm
  • fext-wan
  • vxlan
  • emac-vlan
  • geneve
  • ssl
Interface type.
username
string
Username of the PPPoE account, provided by your ISP.
vci
integer
Virtual Channel ID
vectoring
string
    Choices:
  • disable
  • enable
Enable/disable DSL vectoring.
vindex
integer
Vindex.
vlan-protocol
string
    Choices:
  • 8021q
  • 8021ad
Ethernet protocol of VLAN.
vlanforward
string
    Choices:
  • disable
  • enable
Enable/disable traffic forwarding between VLANs on this interface.
vlanid
integer
VLAN ID (1 - 4094).
vpi
integer
Virtual Path ID
vrf
integer
Virtual Routing Forwarding ID.
vrrp
list / elements=string
Vrrp.
accept-mode
string
    Choices:
  • disable
  • enable
Enable/disable accept mode.
adv-interval
integer
Advertisement interval (1 - 255 seconds).
ignore-default-route
string
    Choices:
  • disable
  • enable
Enable/disable ignoring of default route when checking destination.
preempt
string
    Choices:
  • disable
  • enable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start-time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • disable
  • enable
Enable/disable this VRRP configuration.
version
string
    Choices:
  • 2
  • 3
VRRP version.
vrdst
string
Monitor the route to this destination.
vrdst-priority
integer
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer
Virtual router identifier (1 - 255).
vrip
string
IP address of the virtual router.
vrrp-virtual-mac
string
    Choices:
  • disable
  • enable
Enable/disable use of virtual MAC for VRRP.
wccp
string
    Choices:
  • disable
  • enable
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.
weight
integer
Default weight for static routes (if route has no weight configured).
wifi-5g-threshold
string
Minimal signal strength to be considered as a good 5G AP.
wifi-acl
string
    Choices:
  • deny
  • allow
Access control for MAC addresses in the MAC list.
wifi-ap-band
string
    Choices:
  • any
  • 5g-preferred
  • 5g-only
How to select the AP to connect.
wifi-auth
string
    Choices:
  • PSK
  • RADIUS
  • radius
  • usergroup
WiFi authentication.
wifi-auto-connect
string
    Choices:
  • disable
  • enable
Enable/disable WiFi network auto connect.
wifi-auto-save
string
    Choices:
  • disable
  • enable
Enable/disable WiFi network automatic save.
wifi-broadcast-ssid
string
    Choices:
  • disable
  • enable
Enable/disable SSID broadcast in the beacon.
wifi-encrypt
string
    Choices:
  • TKIP
  • AES
Data encryption.
wifi-fragment-threshold
integer
WiFi fragment threshold (800 - 2346).
wifi-key
string
WiFi WEP Key.
wifi-keyindex
integer
WEP key index (1 - 4).
wifi-mac-filter
string
    Choices:
  • disable
  • enable
Enable/disable MAC filter status.
wifi-passphrase
string
WiFi pre-shared key for WPA.
wifi-radius-server
string
WiFi RADIUS server for WPA.
wifi-rts-threshold
integer
WiFi RTS threshold (256 - 2346).
wifi-security
string
    Choices:
  • None
  • WEP64
  • wep64
  • WEP128
  • wep128
  • WPA_PSK
  • WPA_RADIUS
  • WPA
  • WPA2
  • WPA2_AUTO
  • open
  • wpa-personal
  • wpa-enterprise
  • wpa-only-personal
  • wpa-only-enterprise
  • wpa2-only-personal
  • wpa2-only-enterprise
Wireless access security of SSID.
wifi-ssid
string
IEEE 802.11 Service Set Identifier.
wifi-usergroup
string
WiFi user group for WPA.
wins-ip
string
WINS server IP.
name
string
Name.
portal-message-override-group
string
no description
radius-server
string
no description
security
string
    Choices:
  • open
  • captive-portal
  • 8021x
no description
selected-usergroups
string
no description
usergroup
string
no description
vdom
string
Vdom.
vlanid
integer
Vlanid.
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: no description
     fmgr_fsp_vlan:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        fsp_vlan:
           _dhcp-status: <value in [disable, enable]>
           auth: <value in [radius, usergroup]>
           color: <value of integer>
           comments: <value of string>
           dynamic_mapping:
             -
                 _dhcp-status: <value in [disable, enable]>
                 _scope:
                   -
                       name: <value of string>
                       vdom: <value of string>
                 dhcp-server:
                    auto-configuration: <value in [disable, enable]>
                    auto-managed-status: <value in [disable, enable]>
                    conflicted-ip-timeout: <value of integer>
                    ddns-auth: <value in [disable, tsig]>
                    ddns-key: <value of string>
                    ddns-keyname: <value of string>
                    ddns-server-ip: <value of string>
                    ddns-ttl: <value of integer>
                    ddns-update: <value in [disable, enable]>
                    ddns-update-override: <value in [disable, enable]>
                    ddns-zone: <value of string>
                    default-gateway: <value of string>
                    dhcp-settings-from-fortiipam: <value in [disable, enable]>
                    dns-server1: <value of string>
                    dns-server2: <value of string>
                    dns-server3: <value of string>
                    dns-server4: <value of string>
                    dns-service: <value in [default, specify, local]>
                    domain: <value of string>
                    enable: <value in [disable, enable]>
                    exclude-range:
                      -
                          end-ip: <value of string>
                          id: <value of integer>
                          start-ip: <value of string>
                    filename: <value of string>
                    forticlient-on-net-status: <value in [disable, enable]>
                    id: <value of integer>
                    ip-mode: <value in [range, usrgrp]>
                    ip-range:
                      -
                          end-ip: <value of string>
                          id: <value of integer>
                          start-ip: <value of string>
                    ipsec-lease-hold: <value of integer>
                    lease-time: <value of integer>
                    mac-acl-default-action: <value in [assign, block]>
                    netmask: <value of string>
                    next-server: <value of string>
                    ntp-server1: <value of string>
                    ntp-server2: <value of string>
                    ntp-server3: <value of string>
                    ntp-service: <value in [default, specify, local]>
                    option1: <value of string>
                    option2: <value of string>
                    option3: <value of string>
                    option4: <value of string>
                    option5: <value of string>
                    option6: <value of string>
                    options:
                      -
                          code: <value of integer>
                          id: <value of integer>
                          ip: <value of string>
                          type: <value in [hex, string, ip, ...]>
                          value: <value of string>
                    reserved-address:
                      -
                          action: <value in [assign, block, reserved]>
                          circuit-id: <value of string>
                          circuit-id-type: <value in [hex, string]>
                          description: <value of string>
                          id: <value of integer>
                          ip: <value of string>
                          mac: <value of string>
                          remote-id: <value of string>
                          remote-id-type: <value in [hex, string]>
                          type: <value in [mac, option82]>
                    server-type: <value in [regular, ipsec]>
                    status: <value in [disable, enable]>
                    tftp-server: <value of string>
                    timezone: <value in [00, 01, 02, ...]>
                    timezone-option: <value in [disable, default, specify]>
                    vci-match: <value in [disable, enable]>
                    vci-string: <value of string>
                    wifi-ac-service: <value in [specify, local]>
                    wifi-ac1: <value of string>
                    wifi-ac2: <value of string>
                    wifi-ac3: <value of string>
                    wins-server1: <value of string>
                    wins-server2: <value of string>
                 interface:
                    dhcp-relay-agent-option: <value in [disable, enable]>
                    dhcp-relay-ip: <value of string>
                    dhcp-relay-service: <value in [disable, enable]>
                    dhcp-relay-type: <value in [regular, ipsec]>
                    ip: <value of string>
                    ipv6:
                       autoconf: