fortinet.fortimanager.fmgr_fsp_vlan module – FortiSwitch VLAN template.
Note
This module is part of the fortinet.fortimanager collection (version 2.8.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan
.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The top level parameters set. |
|
Dhcp status. Choices:
|
|
Auth. Choices:
|
|
Color. |
|
Comments. |
|
Dhcp server. |
|
Enable/disable auto configuration. Choices:
|
|
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. Choices:
|
|
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. |
|
DDNS authentication mode. Choices:
|
|
(list or str) DDNS update key |
|
DDNS update key name. |
|
DDNS server IP. |
|
TTL. |
|
Enable/disable DDNS update for DHCP. Choices:
|
|
Enable/disable DDNS update override for DHCP. Choices:
|
|
Zone of your domain name |
|
Default gateway IP address assigned by the DHCP server. |
|
Enable/disable populating of DHCP server settings from FortiIPAM. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
DNS server 3. |
|
DNS server 4. |
|
Options for assigning DNS servers to DHCP clients. Choices:
|
|
Domain name suffix for the IP addresses that the DHCP server assigns to clients. |
|
Enable. Choices:
|
|
Exclude range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
(list) One or more UCI strings in quotes separated by spaces. |
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
Name of the boot file on the TFTP server. |
|
Enable/disable FortiClient-On-Net service for this DHCP server. Choices:
|
|
ID. |
|
Method used to assign client IP. Choices:
|
|
Ip range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
(list) One or more UCI strings in quotes separated by spaces. |
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
DHCP over IPsec leases expire this many seconds after tunnel down |
|
Lease time in seconds, 0 means unlimited. |
|
MAC access control default action Choices:
|
|
Netmask assigned by the DHCP server. |
|
IP address of a server |
|
NTP server 1. |
|
NTP server 2. |
|
NTP server 3. |
|
Options for assigning Network Time Protocol Choices:
|
|
(list) Option1. |
|
(list) Option2. |
|
(list) Option3. |
|
Option4. |
|
Option5. |
|
Option6. |
|
Options. |
|
DHCP option code. |
|
ID. |
|
(list) DHCP option IPs. |
|
DHCP option type. Choices:
|
|
Enable/disable user class identifier Choices:
|
|
(list) One or more UCI strings in quotes separated by spaces. |
|
DHCP option value. |
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
Relay agent IP. |
|
Reserved address. |
|
Options for the DHCP server to configure the client with the reserved MAC address. Choices:
|
|
Option 82 circuit-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
Description. |
|
ID. |
|
IP address to be reserved for the MAC address. |
|
MAC address of the client that will get the reserved IP address. |
|
Option 82 remote-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
DHCP reserved-address type. Choices:
|
|
DHCP server can be a normal DHCP server or an IPsec DHCP server. Choices:
|
|
Enable/disable shared subnet. Choices:
|
|
Enable/disable this DHCP configuration. Choices:
|
|
(list) One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. |
|
Select the time zone to be assigned to DHCP clients. Choices:
|
|
Options for the DHCP server to set the clients time zone. Choices:
|
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
WiFi Access Controller 1 IP address |
|
WiFi Access Controller 2 IP address |
|
WiFi Access Controller 3 IP address |
|
Options for assigning WiFi Access Controllers to DHCP clients Choices:
|
|
WINS server 1. |
|
WINS server 2. |
|
Dynamic mapping. |
|
Dhcp status. Choices:
|
|
Scope. |
|
Name. |
|
Vdom. |
|
Dhcp server. |
|
Enable/disable auto configuration. Choices:
|
|
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. Choices:
|
|
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. |
|
DDNS authentication mode. Choices:
|
|
(list or str) DDNS update key |
|
DDNS update key name. |
|
DDNS server IP. |
|
TTL. |
|
Enable/disable DDNS update for DHCP. Choices:
|
|
Enable/disable DDNS update override for DHCP. Choices:
|
|
Zone of your domain name |
|
Default gateway IP address assigned by the DHCP server. |
|
Enable/disable populating of DHCP server settings from FortiIPAM. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
DNS server 3. |
|
DNS server 4. |
|
Options for assigning DNS servers to DHCP clients. Choices:
|
|
Domain name suffix for the IP addresses that the DHCP server assigns to clients. |
|
Enable. Choices:
|
|
Exclude range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
(list) One or more UCI strings in quotes separated by spaces. |
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
Name of the boot file on the TFTP server. |
|
Enable/disable FortiClient-On-Net service for this DHCP server. Choices:
|
|
ID. |
|
Method used to assign client IP. Choices:
|
|
Ip range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
(list) One or more UCI strings in quotes separated by spaces. |
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
DHCP over IPsec leases expire this many seconds after tunnel down |
|
Lease time in seconds, 0 means unlimited. |
|
MAC access control default action Choices:
|
|
Netmask assigned by the DHCP server. |
|
IP address of a server |
|
NTP server 1. |
|
NTP server 2. |
|
NTP server 3. |
|
Options for assigning Network Time Protocol Choices:
|
|
(list) Option1. |
|
(list) Option2. |
|
(list) Option3. |
|
Option4. |
|
Option5. |
|
Option6. |
|
Options. |
|
DHCP option code. |
|
ID. |
|
(list) DHCP option IPs. |
|
DHCP option type. Choices:
|
|
Enable/disable user class identifier Choices:
|
|
(list) One or more UCI strings in quotes separated by spaces. |
|
DHCP option value. |
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
Relay agent IP. |
|
Reserved address. |
|
Options for the DHCP server to configure the client with the reserved MAC address. Choices:
|
|
Option 82 circuit-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
Description. |
|
ID. |
|
IP address to be reserved for the MAC address. |
|
MAC address of the client that will get the reserved IP address. |
|
Option 82 remote-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
DHCP reserved-address type. Choices:
|
|
DHCP server can be a normal DHCP server or an IPsec DHCP server. Choices:
|
|
Enable/disable shared subnet. Choices:
|
|
Enable/disable this DHCP configuration. Choices:
|
|
(list) One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. |
|
Select the time zone to be assigned to DHCP clients. Choices:
|
|
Options for the DHCP server to set the clients time zone. Choices:
|
|
Enable/disable vendor class identifier Choices:
|
|
(list) One or more VCI strings in quotes separated by spaces. |
|
WiFi Access Controller 1 IP address |
|
WiFi Access Controller 2 IP address |
|
WiFi Access Controller 3 IP address |
|
Options for assigning WiFi Access Controllers to DHCP clients Choices:
|
|
WINS server 1. |
|
WINS server 2. |
|
Interface. |
|
Dhcp relay agent option. Choices:
|
|
Dhcp relay interface select method. Choices:
|
|
(list) Dhcp relay ip. |
|
Dhcp relay service. Choices:
|
|
Dhcp relay type. Choices:
|
|
Ip. |
|
Ipv6. |
|
Enable/disable address auto config. Choices:
|
|
Cli conn6 status. |
|
Dhcp6 client options. Choices:
|
|
Enable/disable DHCPv6 information request. Choices:
|
|
Enable/disable DHCPv6 prefix delegation. Choices:
|
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time |
|
DHCPv6 prefix hint valid life time |
|
DHCP6 relay interface ID. |
|
DHCPv6 relay IP address. |
|
Enable/disable DHCPv6 relay. Choices:
|
|
Enable/disable use of address on this interface as the source address of the relay message. Choices:
|
|
IPv6 address used by the DHCP6 relay as its source IP. |
|
DHCPv6 relay type. Choices:
|
|
Enable/disable sending of ICMPv6 redirects. Choices:
|
|
IPv6 interface identifier. |
|
Primary IPv6 address prefix, syntax |
|
Allow management access to the interface. Choices:
|
|
Default life |
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Ip6 delegated prefix list. |
|
Enable/disable the autonomous flag. Choices:
|
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Enable/disable the onlink flag. Choices:
|
|
Prefix ID. |
|
(list) Recursive DNS server option. |
|
Recursive DNS service option. Choices:
|
|
Add subnet ID to routing prefix. |
|
Name of the interface that provides delegated information. |
|
Enable/disable using the DNS server acquired by DHCP. Choices:
|
|
Ip6 extra addr. |
|
IPv6 address prefix. |
|
Hop limit |
|
IPv6 link MTU. |
|
Enable/disable the managed flag. Choices:
|
|
IPv6 maximum interval |
|
IPv6 minimum interval |
|
Addressing mode Choices:
|
|
Enable/disable the other IPv6 flag. Choices:
|
|
Ip6 prefix list. |
|
Enable/disable the autonomous flag. Choices:
|
|
(list) DNS search list option. |
|
Enable/disable the onlink flag. Choices:
|
|
Preferred life time |
|
IPv6 prefix. |
|
(list) Recursive DNS server option. |
|
Valid life time |
|
Assigning a prefix from DHCP or RA. Choices:
|
|
IPv6 reachable time |
|
IPv6 retransmit time |
|
Enable/disable sending advertisements about the interface. Choices:
|
|
Subnet to routing prefix, syntax |
|
Interface name providing delegated information. |
|
Neighbor discovery certificate. |
|
Neighbor discovery CGA modifier. |
|
Neighbor discovery mode. Choices:
|
|
Neighbor discovery security level |
|
Neighbor discovery timestamp delta value |
|
Neighbor discovery timestamp fuzz factor |
|
Enable/disable sending link MTU in RA packet. Choices:
|
|
Enable/disable unique auto config address. Choices:
|
|
Link-local IPv6 address of virtual router. |
|
Vrrp6. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
Startup time |
|
Enable/disable VRRP. Choices:
|
|
Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable |
|
VRRP group ID |
|
Virtual router identifier |
|
IPv6 address of the virtual router. |
|
Enable/disable virtual MAC for VRRP. Choices:
|
|
Secondary IP. Choices:
|
|
Secondaryip. |
|
Management access settings for the secondary IP address. Choices:
|
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
ID. |
|
Secondary IP address of the interface. |
|
Ping serv status. |
|
DHCP relay IP address. |
|
Seq. |
|
Vlanid. |
|
Vrrp. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
Proxy arp. |
|
ID. |
|
Set IP addresses of proxy ARP. |
|
Startup time |
|
Enable/disable this VRRP configuration. Choices:
|
|
VRRP version. Choices:
|
|
(list) Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable |
|
VRRP group ID |
|
Virtual router identifier |
|
IP address of the virtual router. |
|
Interface. |
|
PPPoE server name. |
|
Aggregate. |
|
Type of aggregation. Choices:
|
|
Frame distribution algorithm. Choices:
|
|
Alias will be displayed with the interface name to make it easier to distinguish. |
|
Permitted types of management access to this interface. Choices:
|
|
Set xDSL annex type. Choices:
|
|
Enable/disable automatic registration of unknown FortiAP devices. Choices:
|
|
Enable/disable ARP forwarding. Choices:
|
|
ATM protocol. Choices:
|
|
HTTPS server certificate. |
|
Address of captive portal. |
|
PPP authentication type to use. Choices:
|
|
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Choices:
|
|
Bandwidth measure time |
|
Bidirectional Forwarding Detection Choices:
|
|
BFD desired minimal transmit interval. |
|
BFD detection multiplier. |
|
BFD required minimal receive interval. |
|
Enable/disable broadcasting FortiClient discovery messages. Choices:
|
|
Enable/disable broadcast forwarding. Choices:
|
|
Enable/disable captive portal. |
|
Cli conn status. |
|
Color of icon on the GUI. |
|
Ddns. Choices:
|
|
Ddns auth. Choices:
|
|
Ddns domain. |
|
(list or str) Ddns key. |
|
Ddns keyname. |
|
(list) Ddns password. |
|
Ddns server. Choices:
|
|
Ddns server ip. |
|
Ddns sn. |
|
Ddns ttl. |
|
Ddns username. |
|
Ddns zone. |
|
Configure interface for single purpose. Choices:
|
|
Default purdue level of device detected on this interface. Choices:
|
|
Enable to get the gateway IP from the DHCP or PPPoE server. Choices:
|
|
Description. |
|
Detected peer mtu. |
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
(list or str) Device access list. |
|
Enable/disable passively gathering of device identity information about the devices on the network connected to th… Choices:
|
|
Enable/disable active gathering of device identity information about the devices on the network connected to this … Choices:
|
|
Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Choices:
|
|
Enable/disable passive gathering of user identity information about users on this interface. Choices:
|
|
Devindex. |
|
Enable/disable setting of the broadcast flag in messages sent by the DHCP client Choices:
|
|
Enable/disable addition of classless static routes retrieved from DHCP server. Choices:
|
|
DHCP client identifier. |
|
Enable/disable DHCP relay agent option. Choices:
|
|
Enable/disable relaying DHCP messages with no end option. Choices:
|
|
DHCP relay circuit ID. |
|
Specify outgoing interface to reach server. |
|
Specify how to select outgoing interface to reach server. Choices:
|
|
(list) DHCP relay IP address. |
|
DHCP relay link selection. |
|
Enable/disable sending of DHCP requests to all servers. Choices:
|
|
Enable/disable allowing this interface to act as a DHCP relay. Choices:
|
|
IP address used by the DHCP relay as its source IP. |
|
DHCP relay type Choices:
|
|
DHCP renew time in seconds |
|
Enable/disable DHCP smart relay. Choices:
|
|
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. |
|
Time in milliseconds to wait before sending a notification that this interface is down or disconnected. |
|
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. |
|
Dns query. Choices:
|
|
Enable/disable use DNS acquired by DHCP or PPPoE. Choices:
|
|
DNS transport protocols. Choices:
|
|
Enable/disable drop fragment packets. Choices:
|
|
Enable/disable drop overlapped fragment packets. Choices:
|
|
EAP CA certificate name. |
|
EAP identity. |
|
EAP method. Choices:
|
|
(list) EAP password. |
|
Enable/disable EAP-Supplicant. Choices:
|
|
EAP user certificate name. |
|
Override outgoing CoS in user VLAN tag. Choices:
|
|
Outgoing traffic shaping profile. |
|
Eip. |
|
Enable/disable endpoint compliance enforcement. Choices:
|
|
Estimated maximum downstream bandwidth |
|
Estimated maximum upstream bandwidth |
|
Enable/disable the explicit FTP proxy on this interface. Choices:
|
|
Enable/disable the explicit web proxy on this interface. Choices:
|
|
Enable/disable identifying the interface as an external interface Choices:
|
|
Action on extender when interface fail . Choices:
|
|
(list or str) Names of the FortiGate interfaces to which the link failure alert is sent. |
|
Select link-failed-signal or link-down method to alert about a failed link. Choices:
|
|
Enable/disable fail detection features for this interface. Choices:
|
|
Options for detecting that this interface has failed. Choices:
|
|
Fdp. Choices:
|
|
Enable/disable FortiHeartBeat Choices:
|
|
Enable FortiLink to dedicate this interface to manage other Fortinet devices. Choices:
|
|
Fortilink backup link. |
|
Protocol for FortiGate neighbor discovery. Choices:
|
|
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redun… Choices:
|
|
Enable/disable FortiLink switch-stacking on this interface. Choices:
|
|
Transparent mode forward domain. |
|
Enable/disable forward error correction Choices:
|
|
Pass or drop different types of anomalies using Fastpath Choices:
|
|
Fp disable. Choices:
|
|
Gateway address |
|
Generic receive offload. Choices:
|
|
Enable/disable Gi Gatekeeper. Choices:
|
|
Gateway address |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
Enable/disable ICMP accept redirect. Choices:
|
|
Enable/disable ICMP redirect. Choices:
|
|
Enable/disable sending of ICMP redirects. Choices:
|
|
Enable/disable authentication for this interface. Choices:
|
|
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. |
|
Interface MDIX mode Choices:
|
|
Select interface media type Choices:
|
|
Configure IKE authentication SAML server. |
|
In force vlan cos. |
|
Bandwidth limit for incoming traffic |
|
Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. Choices:
|
|
Incoming traffic shaping profile. |
|
Ingress Spillover threshold |
|
Set interconnect profile. Choices:
|
|
Implicitly created. |
|
Interface IPv4 address and subnet mask, syntax |
|
Enable/disable automatic IP address assignment of this interface by FortiIPAM. Choices:
|
|
Enable/disable IP/MAC binding. Choices:
|
|
Enable/disable the use of this interface as a one-armed sniffer. Choices:
|
|
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. |
|
Ipv6. |
|
Enable/disable address auto config. Choices:
|
|
Cli conn6 status. |
|
Dhcp6 client options. Choices:
|
|
Enable/disable DHCPv6 information request. Choices:
|
|
Enable/disable DHCPv6 prefix delegation. Choices:
|
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time |
|
DHCPv6 prefix hint valid life time |
|
DHCP6 relay interface ID. |
|
DHCPv6 relay IP address. |
|
Enable/disable DHCPv6 relay. Choices:
|
|
Enable/disable use of address on this interface as the source address of the relay message. Choices:
|
|
IPv6 address used by the DHCP6 relay as its source IP. |
|
DHCPv6 relay type. Choices:
|
|
Enable/disable sending of ICMPv6 redirects. Choices:
|
|
IPv6 interface identifier. |
|
Primary IPv6 address prefix, syntax |
|
Allow management access to the interface. Choices:
|
|
Default life |
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Ip6 delegated prefix list. |
|
Enable/disable the autonomous flag. Choices:
|
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Enable/disable the onlink flag. Choices:
|
|
Prefix ID. |
|
(list) Recursive DNS server option. |
|
Recursive DNS service option. Choices:
|
|
Add subnet ID to routing prefix. |
|
Name of the interface that provides delegated information. |
|
Enable/disable using the DNS server acquired by DHCP. Choices:
|
|
Ip6 extra addr. |
|
IPv6 address prefix. |
|
Hop limit |
|
IPv6 link MTU. |
|
Enable/disable the managed flag. Choices:
|
|
IPv6 maximum interval |
|
IPv6 minimum interval |
|
Addressing mode Choices:
|
|
Enable/disable the other IPv6 flag. Choices:
|
|
Ip6 prefix list. |
|
Enable/disable the autonomous flag. Choices:
|
|
(list) DNS search list option. |
|
Enable/disable the onlink flag. Choices:
|
|
Preferred life time |
|
IPv6 prefix. |
|
(list) Recursive DNS server option. |
|
Valid life time |
|
Assigning a prefix from DHCP or RA. Choices:
|
|
IPv6 reachable time |
|
IPv6 retransmit time |
|
Enable/disable sending advertisements about the interface. Choices:
|
|
Subnet to routing prefix, syntax |
|
Interface name providing delegated information. |
|
Neighbor discovery certificate. |
|
Neighbor discovery CGA modifier. |
|
Neighbor discovery mode. Choices:
|
|
Neighbor discovery security level |
|
Neighbor discovery timestamp delta value |
|
Neighbor discovery timestamp fuzz factor |
|
Enable/disable sending link MTU in RA packet. Choices:
|
|
Enable/disable unique auto config address. Choices:
|
|
Link-local IPv6 address of virtual router. |
|
Vrrp6. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
Startup time |
|
Enable/disable VRRP. Choices:
|
|
Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable |
|
VRRP group ID |
|
Virtual router identifier |
|
IPv6 address of the virtual router. |
|
Enable/disable virtual MAC for VRRP. Choices:
|
|
Enable/disable l2 forwarding. Choices:
|
|
Enable/disable this interface as a Layer 2 Tunnelling Protocol Choices:
|
|
Lacp ha secondary. Choices:
|
|
LACP HA slave. Choices:
|
|
LACP mode. Choices:
|
|
How often the interface sends LACP messages. Choices:
|
|
Large receive offload. Choices:
|
|
Time in seconds between PPPoE Link Control Protocol |
|
Maximum missed LCP echo messages before disconnect. |
|
Number of milliseconds to wait before considering a link is up. |
|
Listen forticlient connection. Choices:
|
|
LLDP-MED network policy profile. |
|
Enable/disable Link Layer Discovery Protocol Choices:
|
|
Enable/disable Link Layer Discovery Protocol Choices:
|
|
Log. Choices:
|
|
Change the interfaces MAC address. |
|
Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate units DHCP server settings. Choices:
|
|
High Availability in-band management IP address of this interface. |
|
Max egress burst rate |
|
Max egress rate |
|
Measured downstream bandwidth |
|
Measured upstream bandwidth |
|
Select SFP media interface type Choices:
|
|
(list or str) Physical interfaces that belong to the aggregate or redundant interface. |
|
Minimum number of aggregated ports that must be up. |
|
Action to take when less than the configured minimum number of links are active. Choices:
|
|
Port mirroring direction. Choices:
|
|
Mirroring port. |
|
Addressing mode Choices:
|
|
Enable monitoring bandwidth on this interface. Choices:
|
|
MTU value for this interface. |
|
Enable to set a custom MTU for this interface. Choices:
|
|
Multiplexer type Choices:
|
|
Name. |
|
Enable/disable NDISC forwarding. Choices:
|
|
Enable/disable NETBIOS forwarding. Choices:
|
|
NetFlow sample rate. |
|
Enable/disable NetFlow on this interface and set the data that NetFlow collects Choices:
|
|
Netflow sampler ID. |
|
NP QoS profile ID. |
|
Npu fastpath. Choices:
|
|
Nst. Choices:
|
|
Out force vlan cos. |
|
Bandwidth limit for outgoing traffic |
|
PPPoE Active Discovery Terminate |
|
(list) PPPoE accounts password. |
|
(list or str) Peer interface. |
|
DSL physical mode. Choices:
|
|
Ping serv status. |
|
Enable/disable PoE status. Choices:
|
|
SFlow polling interval |
|
Enable/disable NP port mirroring. Choices:
|
|
CoS in VLAN tag for outgoing PPPoE/PPP packets. Choices:
|
|
Enable/disable PPPoE unnumbered negotiation. Choices:
|
|
PPTP authentication type. Choices:
|
|
Enable/disable PPTP client. Choices:
|
|
(list) PPTP password. |
|
PPTP server IP address. |
|
Idle timer in minutes |
|
PPTP user name. |
|
Enable/disable preservation of session route when dirty. Choices:
|
|
Priority of learned routes. |
|
Enable/disable fail back to higher priority port once recovered. Choices:
|
|
Enable/disable proxy captive portal on this interface. Choices:
|
|
SFP-DSL ADSL Fallback PVC ATM QoS. Choices:
|
|
SFP-DSL ADSL Fallback PVC Channel. |
|
SFP-DSL ADSL Fallback PVC CRC Option |
|
SFP-DSL ADSL Fallback PVC Packet Cell Rate in cells |
|
SFP-DSL ADSL Fallback PVC Sustainable Cell Rate in cells |
|
SFP-DSL ADSL Fallback PVC VLAN ID. |
|
SFP-DSL ADSL Fallback PVC VLANID RX. |
|
SFP-DSL ADSL Fallback PVC VLAN RX op. Choices:
|
|
SFP-DSL ADSL Fallback PVC VLAN ID TX. |
|
SFP-DSL ADSL Fallback PVC VLAN TX op. Choices:
|
|
IPv4 reachable time in milliseconds |
|
Redundant interface. |
|
Remote IP address of tunnel. |
|
Replacement message override group. |
|
Enable/disable DSL retransmission. Choices:
|
|
RX ring size. |
|
TX ring size. |
|
Interface role. Choices:
|
|
Data that NetFlow collects Choices:
|
|
SFlow sample rate |
|
Enable monitoring or blocking connections to Botnet servers through this interface. Choices:
|
|
Enable/disable adding a secondary IP to this interface. Choices:
|
|
Secondaryip. |
|
Management access settings for the secondary IP address. Choices:
|
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
ID. |
|
Secondary IP address of the interface. |
|
Ping serv status. |
|
DHCP relay IP address. |
|
Seq. |
|
VLAN ID for virtual switch. |
|
Choices:
|
|
Choices:
|
|
Name of security-exempt-list. |
|
URL of external authentication logout server. |
|
URL of external authentication web server. |
|
(list or str) User groups that can authenticate with the captive portal. |
|
Enable/disable IP authentication bypass. Choices:
|
|
Enable/disable MAC authentication bypass. Choices:
|
|
Turn on captive portal authentication for this interface. Choices:
|
|
URL redirection after disclaimer/authentication. |
|
Select VDSL Profile 30a or 35b. Choices:
|
|
PPPoE service name. |
|
Enable/disable sFlow on this interface. Choices:
|
|
Enable/disable SFP DSL. Choices:
|
|
Enable/disable SFP DSL ADSL fallback. Choices:
|
|
Enable/disable SFP DSL MAC address autodetect. Choices:
|
|
SFP DSL MAC address. |
|
Interface speed. Choices:
|
|
Egress Spillover threshold |
|
Enable/disable source IP check. Choices:
|
|
Bring the interface up or shut the interface down. Choices:
|
|
Enable/disable STP. Choices:
|
|
Enable/disable as STP edge port. Choices:
|
|
Control STP behaviour on HA secondary. Choices:
|
|
Control STP behaviour on HA slave. Choices:
|
|
Enable/disable STP forwarding. Choices:
|
|
Configure STP forwarding mode. Choices:
|
|
Strip priority vlan tag. Choices:
|
|
Enable to always send packets from this interface to a destination MAC address. Choices:
|
|
Destination MAC address that all packets are sent to from this interface. |
|
Frame distribution algorithm for switch. Choices:
|
|
Initial create for switch-controller VLANs. |
|
Swc vlan. |
|
Switch. |
|
Block FortiSwitch port-to-port traffic. Choices:
|
|
Enable/disable FortiSwitch ARP inspection. Choices:
|
|
Switch controller authentication. Choices:
|
|
Switch controller DHCP snooping. Choices:
|
|
Switch controller DHCP snooping option82. Choices:
|
|
Switch controller DHCP snooping verify MAC. Choices:
|
|
Integrated FortiLink settings for managed FortiSwitch. |
|
Interfaces purpose when assigning traffic Choices:
|
|
Switch controller IGMP snooping. Choices:
|
|
Switch controller IGMP snooping fast-leave. Choices:
|
|
Switch controller IGMP snooping proxy. Choices:
|
|
Enable/disable managed FortiSwitch IoT scanning. Choices:
|
|
Limit the number of dynamic MAC addresses on this VLAN |
|
VLAN to use for FortiLink management purposes. |
|
Integrated NAC settings for managed FortiSwitch. |
|
NetFlow collection and processing. Choices:
|
|
Enable/disable managed FortiSwitch routing offload. Choices:
|
|
Enable/disable managed FortiSwitch routing offload gateway. Choices:
|
|
IP for routing offload on FortiSwitch. |
|
Switch controller offloading. Choices:
|
|
Switch controller offloading gw. Choices:
|
|
Switch controller offloading ip. |
|
RADIUS server name for this FortiSwitch VLAN. |
|
Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Choices:
|
|
Source IP address used in FortiLink over L3 connections. Choices:
|
|
Switch controller traffic policy for the VLAN. |
|
Define a system ID for the aggregate interface. |
|
Method in which system ID is generated. Choices:
|
|
DSL transfer mode. Choices:
|
|
TCP maximum segment size. |
|
Enable/disable VLAN trunk. Choices:
|
|
Trusted IPv6 host for dedicated management traffic |
|
Trusted IPv6 host for dedicated management traffic |
|
Trusted IPv6 host for dedicated management traffic |
|
Trusted host for dedicated management traffic |
|
Trusted host for dedicated management traffic |
|
Trusted host for dedicated management traffic |
|
Interface type. Choices:
|
|
Username of the PPPoE account, provided by your ISP. |
|
Virtual Channel ID |
|
Enable/disable DSL vectoring. Choices:
|
|
Vindex. |
|
Change the interfaces virtual MAC address. |
|
Vlan ID |
|
Configure DSL 802. Choices:
|
|
Ethernet protocol of VLAN. Choices:
|
|
Enable/disable traffic forwarding between VLANs on this interface. Choices:
|
|
VLAN ID |
|
Virtual Path ID |
|
Virtual Routing Forwarding ID. |
|
Vrrp. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
Proxy arp. |
|
ID. |
|
Set IP addresses of proxy ARP. |
|
Startup time |
|
Enable/disable this VRRP configuration. Choices:
|
|
VRRP version. Choices:
|
|
(list) Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable |
|
VRRP group ID |
|
Virtual router identifier |
|
IP address of the virtual router. |
|
Enable/disable use of virtual MAC for VRRP. Choices:
|
|
Enable/disable WCCP on this interface. Choices:
|
|
Default weight for static routes |
|
Minimal signal strength to be considered as a good 5G AP. |
|
Access control for MAC addresses in the MAC list. Choices:
|
|
How to select the AP to connect. Choices:
|
|
WiFi authentication. Choices:
|
|
Enable/disable WiFi network auto connect. Choices:
|
|
Enable/disable WiFi network automatic save. Choices:
|
|
Enable/disable SSID broadcast in the beacon. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
Data encryption. Choices:
|
|
WiFi fragment threshold |
|
IPv4 default gateway IP address. |
|
(list) WiFi WEP Key. |
|
WEP key index |
|
Enable/disable MAC filter status. Choices:
|
|
(list) WiFi pre-shared key for WPA. |
|
WiFi RADIUS server for WPA. |
|
WiFi RTS threshold |
|
Wireless access security of SSID. Choices:
|
|
IEEE 802. |
|
WiFi user group for WPA. |
|
WINS server IP. |
|
Name. |
|
Portal message override group. |
|
Radius server. |
|
Security. Choices:
|
|
Selected usergroups. |
|
Usergroup. |
|
Vdom. |
|
Vlanid. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: FortiSwitch VLAN template.
fortinet.fortimanager.fmgr_fsp_vlan:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
fsp_vlan:
_dhcp_status: <value in [disable, enable]>
auth: <value in [radius, usergroup]>
color: <integer>
comments: <string>
dynamic_mapping:
-
_dhcp_status: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
dhcp_server:
auto_configuration: <value in [disable, enable]>
auto_managed_status: <value in [disable, enable]>
conflicted_ip_timeout: <integer>
ddns_auth: <value in [disable, tsig]>
ddns_key: <list or string>
ddns_keyname: <string>
ddns_server_ip: <string>
ddns_ttl: <integer>
ddns_update: <value in [disable, enable]>
ddns_update_override: <value in [disable, enable]>
ddns_zone: <string>
default_gateway: <string>
dhcp_settings_from_fortiipam: <value in [disable, enable]>
dns_server1: <string>
dns_server2: <string>
dns_server3: <string>
dns_server4: <string>
dns_service: <value in [default, specify, local]>
domain: <string>
enable: <value in [disable, enable]>
exclude_range:
-
end_ip: <string>
id: <integer>
start_ip: <string>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
lease_time: <integer>
uci_match: <value in [disable, enable]>
uci_string: <list or string>
filename: <string>
forticlient_on_net_status: <value in [disable, enable]>
id: <integer>
ip_mode: <value in [range, usrgrp]>
ip_range:
-
end_ip: <string>
id: <integer>
start_ip: <string>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
lease_time: <integer>
uci_match: <value in [disable, enable]>
uci_string: <list or string>
ipsec_lease_hold: <integer>
lease_time: <integer>
mac_acl_default_action: <value in [assign, block]>
netmask: <string>
next_server: <string>
ntp_server1: <string>
ntp_server2: <string>
ntp_server3: <string>
ntp_service: <value in [default, specify, local]>
option1: <list or string>
option2: <list or string>
option3: <list or string>
option4: <string>
option5: <string>
option6: <string>
options:
-
code: <integer>
id: <integer>
ip: <list or string>
type: <value in [hex, string, ip, ...]>
value: <string>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
uci_match: <value in [disable, enable]>
uci_string: <list or string>
reserved_address:
-
action: <value in [assign, block, reserved]>
circuit_id: <string>
circuit_id_type: <value in [hex, string]>
description: <string>
id: <integer>
ip: <string>
mac: <string>
remote_id: <string>
remote_id_type: <value in [hex, string]>
type: <value in [mac, option82]>
server_type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp_server: <list or string>
timezone: <value in [00, 01, 02, ...]>
timezone_option: <value in [disable, default, specify]>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
wifi_ac_service: <value in [specify, local]>
wifi_ac1: <string>
wifi_ac2: <string>
wifi_ac3: <string>
wins_server1: <string>
wins_server2: <string>
relay_agent: <string>
shared_subnet: <value in [disable, enable]>
interface:
dhcp_relay_agent_option: <value in [disable, enable]>
dhcp_relay_ip: <list or string>
dhcp_relay_service: <value in [disable, enable]>
dhcp_relay_type: <value in [regular, ipsec]>
ip: <string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6_client_options:
- "rapid"
- "iapd"
- "iana"
- "dns"
- "dnsname"
dhcp6_information_request: <value in [disable, enable]>
dhcp6_prefix_delegation: <value in [disable, enable]>
dhcp6_prefix_hint: <string>
dhcp6_prefix_hint_plt: <integer>
dhcp6_prefix_hint_vlt: <integer>
dhcp6_relay_ip: <string>
dhcp6_relay_service: <value in [disable, enable]>
dhcp6_relay_type: <value in [regular]>
icmp6_send_redirect: <value in [disable, enable]>
interface_identifier: <string>
ip6_address: <string>
ip6_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "capwap"
- "fabric"
ip6_default_life: <integer>
ip6_delegated_prefix_list:
-
autonomous_flag: <value in [disable, enable]>
onlink_flag: <value in [disable, enable]>
prefix_id: <integer>
rdnss: <list or string>
rdnss_service: <value in [delegated, default, specify]>
subnet: <string>
upstream_interface: <string>
delegated_prefix_iaid: <integer>
ip6_dns_server_override: <value in [disable, enable]>
ip6_extra_addr:
-
prefix: <string>
ip6_hop_limit: <integer>
ip6_link_mtu: <integer>
ip6_manage_flag: <value in [disable, enable]>
ip6_max_interval: <integer>
ip6_min_interval: <integer>
ip6_mode: <value in [static, dhcp, pppoe, ...]>
ip6_other_flag: <value in [disable, enable]>
ip6_prefix_list:
-
autonomous_flag: <value in [disable, enable]>
dnssl: <list or string>
onlink_flag: <value in [disable, enable]>
preferred_life_time: <integer>
prefix: <string>
rdnss: <list or string>
valid_life_time: <integer>
ip6_reachable_time: <integer>
ip6_retrans_time: <integer>
ip6_send_adv: <value in [disable, enable]>
ip6_subnet: <string>
ip6_upstream_interface: <string>
nd_cert: <string>
nd_cga_modifier: <string>
nd_mode: <value in [basic, SEND-compatible]>
nd_security_level: <integer>
nd_timestamp_delta: <integer>
nd_timestamp_fuzz: <integer>
unique_autoconf_addr: <value in [disable, enable]>
vrip6_link_local: <string>
vrrp_virtual_mac6: <value in [disable, enable]>
vrrp6:
-
accept_mode: <value in [disable, enable]>
adv_interval: <integer>
preempt: <value in [disable, enable]>
priority: <integer>
start_time: <integer>
status: <value in [disable, enable]>
vrdst6: <string>
vrgrp: <integer>
vrid: <integer>
vrip6: <string>
ignore_default_route: <value in [disable, enable]>
vrdst_priority: <integer>
cli_conn6_status: <integer>
ip6_prefix_mode: <value in [dhcp6, ra]>
ra_send_mtu: <value in [disable, enable]>
ip6_delegated_prefix_iaid: <integer>
dhcp6_relay_source_interface: <value in [disable, enable]>
dhcp6_relay_interface_id: <string>
dhcp6_relay_source_ip: <string>
secondary_IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "auto-ipsec"
- "radius-acct"
- "probe-response"
- "capwap"
- "dnp"
- "ftm"
- "fabric"
- "speed-test"
- "icond"
- "scim"
detectprotocol:
- "ping"
- "tcp-echo"
- "udp-echo"
detectserver: <string>
gwdetect: <value in [disable, enable]>
ha_priority: <integer>
id: <integer>
ip: <string>
ping_serv_status: <integer>
seq: <integer>
secip_relay_ip: <string>
vlanid: <integer>
dhcp_relay_interface_select_method: <value in [auto, sdwan, specify]>
vrrp:
-
accept_mode: <value in [disable, enable]>
adv_interval: <integer>
ignore_default_route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <integer>
proxy_arp:
-
id: <integer>
ip: <string>
start_time: <integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <list or string>
vrdst_priority: <integer>
vrgrp: <integer>
vrid: <integer>
vrip: <string>
name: <string>
portal_message_override_group: <string>
radius_server: <string>
security: <value in [open, captive-portal, 8021x]>
selected_usergroups: <string>
usergroup: <string>
vdom: <string>
vlanid: <integer>
dhcp_server:
auto_configuration: <value in [disable, enable]>
auto_managed_status: <value in [disable, enable]>
conflicted_ip_timeout: <integer>
ddns_auth: <value in [disable, tsig]>
ddns_key: <list or string>
ddns_keyname: <string>
ddns_server_ip: <string>
ddns_ttl: <integer>
ddns_update: <value in [disable, enable]>
ddns_update_override: <value in [disable, enable]>
ddns_zone: <string>
default_gateway: <string>
dhcp_settings_from_fortiipam: <value in [disable, enable]>
dns_server1: <string>
dns_server2: <string>
dns_server3: <string>
dns_server4: <string>
dns_service: <value in [default, specify, local]>
domain: <string>
enable: <value in [disable, enable]>
exclude_range:
-
end_ip: <string>
id: <integer>
start_ip: <string>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
lease_time: <integer>
uci_match: <value in [disable, enable]>
uci_string: <list or string>
filename: <string>
forticlient_on_net_status: <value in [disable, enable]>
id: <integer>
ip_mode: <value in [range, usrgrp]>
ip_range:
-
end_ip: <string>
id: <integer>
start_ip: <string>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
lease_time: <integer>
uci_match: <value in [disable, enable]>
uci_string: <list or string>
ipsec_lease_hold: <integer>
lease_time: <integer>
mac_acl_default_action: <value in [assign, block]>
netmask: <string>
next_server: <string>
ntp_server1: <string>
ntp_server2: <string>
ntp_server3: <string>
ntp_service: <value in [default, specify, local]>
option1: <list or string>
option2: <list or string>
option3: <list or string>
option4: <string>
option5: <string>
option6: <string>
options:
-
code: <integer>
id: <integer>
ip: <list or string>
type: <value in [hex, string, ip, ...]>
value: <string>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
uci_match: <value in [disable, enable]>
uci_string: <list or string>
reserved_address:
-
action: <value in [assign, block, reserved]>
circuit_id: <string>
circuit_id_type: <value in [hex, string]>
description: <string>
id: <integer>
ip: <string>
mac: <string>
remote_id: <string>
remote_id_type: <value in [hex, string]>
type: <value in [mac, option82]>
server_type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp_server: <list or string>
timezone: <value in [00, 01, 02, ...]>
timezone_option: <value in [disable, default, specify]>
vci_match: <value in [disable, enable]>
vci_string: <list or string>
wifi_ac_service: <value in [specify, local]>
wifi_ac1: <string>
wifi_ac2: <string>
wifi_ac3: <string>
wins_server1: <string>
wins_server2: <string>
relay_agent: <string>
shared_subnet: <value in [disable, enable]>
interface:
ac_name: <string>
aggregate: <string>
algorithm: <value in [L2, L3, L4, ...]>
alias: <string>
allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "auto-ipsec"
- "radius-acct"
- "probe-response"
- "capwap"
- "dnp"
- "ftm"
- "fabric"
- "speed-test"
ap_discover: <value in [disable, enable]>
arpforward: <value in [disable, enable]>
atm_protocol: <value in [none, ipoa]>
auth_type: <value in [auto, pap, chap, ...]>
auto_auth_extension_device: <value in [disable, enable]>
bandwidth_measure_time: <integer>
bfd: <value in [global, enable, disable]>
bfd_desired_min_tx: <integer>
bfd_detect_mult: <integer>
bfd_required_min_rx: <integer>
broadcast_forticlient_discovery: <value in [disable, enable]>
broadcast_forward: <value in [disable, enable]>
captive_portal: <integer>
cli_conn_status: <integer>
color: <integer>
ddns: <value in [disable, enable]>
ddns_auth: <value in [disable, tsig]>
ddns_domain: <string>
ddns_key: <list or string>
ddns_keyname: <string>
ddns_password: <list or string>
ddns_server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
ddns_server_ip: <string>
ddns_sn: <string>
ddns_ttl: <integer>
ddns_username: <string>
ddns_zone: <string>
dedicated_to: <value in [none, management]>
defaultgw: <value in [disable, enable]>
description: <string>
detected_peer_mtu: <integer>
detectprotocol:
- "ping"
- "tcp-echo"
- "udp-echo"
detectserver: <string>
device_access_list: <list or string>
device_identification: <value in [disable, enable]>
device_identification_active_scan: <value in [disable, enable]>
device_netscan: <value in [disable, enable]>
device_user_identification: <value in [disable, enable]>
devindex: <integer>
dhcp_client_identifier: <string>
dhcp_relay_agent_option: <value in [disable, enable]>
dhcp_relay_interface: <string>
dhcp_relay_interface_select_method: <value in [auto, sdwan, specify]>
dhcp_relay_ip: <list or string>
dhcp_relay_service: <value in [disable, enable]>
dhcp_relay_type: <value in [regular, ipsec]>
dhcp_renew_time: <integer>
disc_retry_timeout: <integer>
disconnect_threshold: <integer>
distance: <integer>
dns_query: <value in [disable, recursive, non-recursive]>
dns_server_override: <value in [disable, enable]>
drop_fragment: <value in [disable, enable]>
drop_overlapped_fragment: <value in [disable, enable]>
egress_cos: <value in [disable, cos0, cos1, ...]>
egress_shaping_profile: <string>
eip: <string>
endpoint_compliance: <value in [disable, enable]>
estimated_downstream_bandwidth: <integer>
estimated_upstream_bandwidth: <integer>
explicit_ftp_proxy: <value in [disable, enable]>
explicit_web_proxy: <value in [disable, enable]>
external: <value in [disable, enable]>
fail_action_on_extender: <value in [soft-restart, hard-restart, reboot]>
fail_alert_interfaces: <list or string>
fail_alert_method: <value in [link-failed-signal, link-down]>
fail_detect: <value in [disable, enable]>
fail_detect_option:
- "detectserver"
- "link-down"
fdp: <value in [disable, enable]>
fortiheartbeat: <value in [disable, enable]>
fortilink: <value in [disable, enable]>
fortilink_backup_link: <integer>
fortilink_neighbor_detect: <value in [lldp, fortilink]>
fortilink_split_interface: <value in [disable, enable]>
fortilink_stacking: <value in [disable, enable]>
forward_domain: <integer>
forward_error_correction: <value in [disable, enable, rs-fec, ...]>
fp_anomaly:
- "drop_tcp_fin_noack"
- "pass_winnuke"
- "pass_tcpland"
- "pass_udpland"
- "pass_icmpland"
- "pass_ipland"
- "pass_iprr"
- "pass_ipssrr"
- "pass_iplsrr"
- "pass_ipstream"
- "pass_ipsecurity"
- "pass_iptimestamp"
- "pass_ipunknown_option"
- "pass_ipunknown_prot"
- "pass_icmp_frag"
- "pass_tcp_no_flag"
- "pass_tcp_fin_noack"
- "drop_winnuke"
- "drop_tcpland"
- "drop_udpland"
- "drop_icmpland"
- "drop_ipland"
- "drop_iprr"
- "drop_ipssrr"
- "drop_iplsrr"
- "drop_ipstream"
- "drop_ipsecurity"
- "drop_iptimestamp"
- "drop_ipunknown_option"
- "drop_ipunknown_prot"
- "drop_icmp_frag"
- "drop_tcp_no_flag"
fp_disable:
- "all"
- "ipsec"
- "none"
gateway_address: <string>
gi_gk: <value in [disable, enable]>
gwaddr: <string>
gwdetect: <value in [disable, enable]>
ha_priority: <integer>
icmp_accept_redirect: <value in [disable, enable]>
icmp_redirect: <value in [disable, enable]>
icmp_send_redirect: <value in [disable, enable]>
ident_accept: <value in [disable, enable]>
idle_timeout: <integer>
if_mdix: <value in [auto, normal, crossover]>
if_media: <value in [auto, copper, fiber]>
in_force_vlan_cos: <integer>
inbandwidth: <integer>
ingress_cos: <value in [disable, cos0, cos1, ...]>
ingress_shaping_profile: <string>
ingress_spillover_threshold: <integer>
internal: <integer>
ip: <string>
ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
ipmac: <value in [disable, enable]>
ips_sniffer_mode: <value in [disable, enable]>
ipunnumbered: <string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6_client_options:
- "rapid"
- "iapd"
- "iana"
- "dns"
- "dnsname"
dhcp6_information_request: <value in [disable, enable]>
dhcp6_prefix_delegation: <value in [disable, enable]>
dhcp6_prefix_hint: <string>
dhcp6_prefix_hint_plt: <integer>
dhcp6_prefix_hint_vlt: <integer>
dhcp6_relay_ip: <string>
dhcp6_relay_service: <value in [disable, enable]>
dhcp6_relay_type: <value in [regular]>
icmp6_send_redirect: <value in [disable, enable]>
interface_identifier: <string>
ip6_address: <string>
ip6_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "capwap"
- "fabric"
ip6_default_life: <integer>
ip6_delegated_prefix_list:
-
autonomous_flag: <value in [disable, enable]>
onlink_flag: <value in [disable, enable]>
prefix_id: <integer>
rdnss: <list or string>
rdnss_service: <value in [delegated, default, specify]>
subnet: <string>
upstream_interface: <string>
delegated_prefix_iaid: <integer>
ip6_dns_server_override: <value in [disable, enable]>
ip6_extra_addr:
-
prefix: <string>
ip6_hop_limit: <integer>
ip6_link_mtu: <integer>
ip6_manage_flag: <value in [disable, enable]>
ip6_max_interval: <integer>
ip6_min_interval: <integer>
ip6_mode: <value in [static, dhcp, pppoe, ...]>
ip6_other_flag: <value in [disable, enable]>
ip6_prefix_list:
-
autonomous_flag: <value in [disable, enable]>
dnssl: <list or string>
onlink_flag: <value in [disable, enable]>
preferred_life_time: <integer>
prefix: <string>
rdnss: <list or string>
valid_life_time: <integer>
ip6_reachable_time: <integer>
ip6_retrans_time: <integer>
ip6_send_adv: <value in [disable, enable]>
ip6_subnet: <string>
ip6_upstream_interface: <string>
nd_cert: <string>
nd_cga_modifier: <string>
nd_mode: <value in [basic, SEND-compatible]>
nd_security_level: <integer>
nd_timestamp_delta: <integer>
nd_timestamp_fuzz: <integer>
unique_autoconf_addr: <value in [disable, enable]>
vrip6_link_local: <string>
vrrp_virtual_mac6: <value in [disable, enable]>
vrrp6:
-
accept_mode: <value in [disable, enable]>
adv_interval: <integer>
preempt: <value in [disable, enable]>
priority: <integer>
start_time: <integer>
status: <value in [disable, enable]>
vrdst6: <string>
vrgrp: <integer>
vrid: <integer>
vrip6: <string>
ignore_default_route: <value in [disable, enable]>
vrdst_priority: <integer>
cli_conn6_status: <integer>
ip6_prefix_mode: <value in [dhcp6, ra]>
ra_send_mtu: <value in [disable, enable]>
ip6_delegated_prefix_iaid: <integer>
dhcp6_relay_source_interface: <value in [disable, enable]>
dhcp6_relay_interface_id: <string>
dhcp6_relay_source_ip: <string>
l2forward: <value in [disable, enable]>
l2tp_client: <value in [disable, enable]>
lacp_ha_slave: <value in [disable, enable]>
lacp_mode: <value in [static, passive, active]>
lacp_speed: <value in [slow, fast]>
lcp_echo_interval: <integer>
lcp_max_echo_fails: <integer>
link_up_delay: <integer>
listen_forticlient_connection: <value in [disable, enable]>
lldp_network_policy: <string>
lldp_reception: <value in [disable, enable, vdom]>
lldp_transmission: <value in [enable, disable, vdom]>
log: <value in [disable, enable]>
macaddr: <string>
managed_subnetwork_size: <value in [256, 512, 1024, ...]>
management_ip: <string>
max_egress_burst_rate: <integer>
max_egress_rate: <integer>
measured_downstream_bandwidth: <integer>
measured_upstream_bandwidth: <integer>
mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
member: <list or string>
min_links: <integer>
min_links_down: <value in [operational, administrative]>
mode: <value in [static, dhcp, pppoe, ...]>
monitor_bandwidth: <value in [disable, enable]>
mtu: <integer>
mtu_override: <value in [disable, enable]>
mux_type: <value in [llc-encaps, vc-encaps]>
name: <string>
ndiscforward: <value in [disable, enable]>
netbios_forward: <value in [disable, enable]>
netflow_sampler: <value in [disable, tx, rx, ...]>
np_qos_profile: <integer>
npu_fastpath: <value in [disable, enable]>
nst: <value in [disable, enable]>
out_force_vlan_cos: <integer>
outbandwidth: <integer>
padt_retry_timeout: <integer>
password: <list or string>
peer_interface: <list or string>
phy_mode: <value in [auto, adsl, vdsl, ...]>
ping_serv_status: <integer>
poe: <value in [disable, enable]>
polling_interval: <integer>
pppoe_unnumbered_negotiate: <value in [disable, enable]>
pptp_auth_type: <value in [auto, pap, chap, ...]>
pptp_client: <value in [disable, enable]>
pptp_password: <list or string>
pptp_server_ip: <string>
pptp_timeout: <integer>
pptp_user: <string>
preserve_session_route: <value in [disable, enable]>
priority: <integer>
priority_override: <value in [disable, enable]>
proxy_captive_portal: <value in [disable, enable]>
redundant_interface: <string>
remote_ip: <string>
replacemsg_override_group: <string>
retransmission: <value in [disable, enable]>
ring_rx: <integer>
ring_tx: <integer>
role: <value in [lan, wan, dmz, ...]>
sample_direction: <value in [rx, tx, both]>
sample_rate: <integer>
scan_botnet_connections: <value in [disable, block, monitor]>
secondary_IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "auto-ipsec"
- "radius-acct"
- "probe-response"
- "capwap"
- "dnp"
- "ftm"
- "fabric"
- "speed-test"
- "icond"
- "scim"
detectprotocol:
- "ping"
- "tcp-echo"
- "udp-echo"
detectserver: <string>
gwdetect: <value in [disable, enable]>
ha_priority: <integer>
id: <integer>
ip: <string>
ping_serv_status: <integer>
seq: <integer>
secip_relay_ip: <string>
security_8021x_dynamic_vlan_id: <integer>
security_8021x_master: <string>
security_8021x_mode: <value in [default, dynamic-vlan, fallback, ...]>
security_exempt_list: <string>
security_external_logout: <string>
security_external_web: <string>
security_groups: <list or string>
security_mac_auth_bypass: <value in [disable, enable, mac-auth-only]>
security_mode: <value in [none, captive-portal, 802.1X]>
security_redirect_url: <string>
service_name: <string>
sflow_sampler: <value in [disable, enable]>
speed: <value in [auto, 10full, 10half, ...]>
spillover_threshold: <integer>
src_check: <value in [disable, enable]>
status: <value in [down, up]>
stp: <value in [disable, enable]>
stp_ha_slave: <value in [disable, enable, priority-adjust]>
stpforward: <value in [disable, enable]>
stpforward_mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
strip_priority_vlan_tag: <value in [disable, enable]>
subst: <value in [disable, enable]>
substitute_dst_mac: <string>
swc_first_create: <integer>
swc_vlan: <integer>
switch: <string>
switch_controller_access_vlan: <value in [disable, enable]>
switch_controller_arp_inspection: <value in [disable, enable, monitor]>
switch_controller_auth: <value in [radius, usergroup]>
switch_controller_dhcp_snooping: <value in [disable, enable]>
switch_controller_dhcp_snooping_option82: <value in [disable, enable]>
switch_controller_dhcp_snooping_verify_mac: <value in [disable, enable]>
switch_controller_feature: <value in [none, default-vlan, quarantine, ...]>
switch_controller_igmp_snooping: <value in [disable, enable]>
switch_controller_igmp_snooping_fast_leave: <value in [disable, enable]>
switch_controller_igmp_snooping_proxy: <value in [disable, enable]>
switch_controller_iot_scanning: <value in [disable, enable]>
switch_controller_learning_limit: <integer>
switch_controller_mgmt_vlan: <integer>
switch_controller_nac: <string>
switch_controller_radius_server: <string>
switch_controller_rspan_mode: <value in [disable, enable]>
switch_controller_source_ip: <value in [outbound, fixed]>
switch_controller_traffic_policy: <string>
tc_mode: <value in [ptm, atm]>
tcp_mss: <integer>
trunk: <value in [disable, enable]>
trust_ip_1: <string>
trust_ip_2: <string>
trust_ip_3: <string>
trust_ip6_1: <string>
trust_ip6_2: <string>
trust_ip6_3: <string>
type: <value in [physical, vlan, aggregate, ...]>
username: <string>
vci: <integer>
vectoring: <value in [disable, enable]>
vindex: <integer>
vlan_protocol: <value in [8021q, 8021ad]>
vlanforward: <value in [disable, enable]>
vlanid: <integer>
vpi: <integer>
vrf: <integer>
vrrp:
-
accept_mode: <value in [disable, enable]>
adv_interval: <integer>
ignore_default_route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <integer>
start_time: <integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <list or string>
vrdst_priority: <integer>
vrgrp: <integer>
vrid: <integer>
vrip: <string>
proxy_arp:
-
id: <integer>
ip: <string>
vrrp_virtual_mac: <value in [disable, enable]>
wccp: <value in [disable, enable]>
weight: <integer>
wifi_5g_threshold: <string>
wifi_acl: <value in [deny, allow]>
wifi_ap_band: <value in [any, 5g-preferred, 5g-only]>
wifi_auth: <value in [PSK, RADIUS, radius, ...]>
wifi_auto_connect: <value in [disable, enable]>
wifi_auto_save: <value in [disable, enable]>
wifi_broadcast_ssid: <value in [disable, enable]>
wifi_encrypt: <value in [TKIP, AES]>
wifi_fragment_threshold: <integer>
wifi_key: <list or string>
wifi_keyindex: <integer>
wifi_mac_filter: <value in [disable, enable]>
wifi_passphrase: <list or string>
wifi_radius_server: <string>
wifi_rts_threshold: <integer>
wifi_security: <value in [None, WEP64, wep64, ...]>
wifi_ssid: <string>
wifi_usergroup: <string>
wins_ip: <string>
dhcp_relay_request_all_server: <value in [disable, enable]>
stp_ha_secondary: <value in [disable, enable, priority-adjust]>
switch_controller_dynamic: <string>
auth_cert: <string>
auth_portal_addr: <string>
dhcp_classless_route_addition: <value in [disable, enable]>
dhcp_relay_link_selection: <string>
dns_server_protocol:
- "cleartext"
- "dot"
- "doh"
eap_ca_cert: <string>
eap_identity: <string>
eap_method: <value in [tls, peap]>
eap_password: <list or string>
eap_supplicant: <value in [disable, enable]>
eap_user_cert: <string>
ike_saml_server: <string>
lacp_ha_secondary: <value in [disable, enable]>
pvc_atm_qos: <value in [cbr, rt-vbr, nrt-vbr, ...]>
pvc_chan: <integer>
pvc_crc: <integer>
pvc_pcr: <integer>
pvc_scr: <integer>
pvc_vlan_id: <integer>
pvc_vlan_rx_id: <integer>
pvc_vlan_rx_op: <value in [pass-through, replace, remove]>
pvc_vlan_tx_id: <integer>
pvc_vlan_tx_op: <value in [pass-through, replace, remove]>
reachable_time: <integer>
select_profile_30a_35b: <value in [30A, 35B]>
sfp_dsl: <value in [disable, enable]>
sfp_dsl_adsl_fallback: <value in [disable, enable]>
sfp_dsl_autodetect: <value in [disable, enable]>
sfp_dsl_mac: <string>
sw_algorithm: <value in [l2, l3, eh, ...]>
system_id: <string>
system_id_type: <value in [auto, user]>
vlan_id: <integer>
vlan_op_mode: <value in [tag, untag, passthrough]>
generic_receive_offload: <value in [disable, enable]>
interconnect_profile: <value in [default, profile1, profile2]>
large_receive_offload: <value in [disable, enable]>
annex: <value in [a, b, j, ...]>
aggregate_type: <value in [physical, vxlan]>
switch_controller_netflow_collect: <value in [disable, enable]>
wifi_dns_server1: <string>
wifi_dns_server2: <string>
wifi_gateway: <string>
default_purdue_level: <value in [1, 2, 3, ...]>
dhcp_broadcast_flag: <value in [disable, enable]>
dhcp_smart_relay: <value in [disable, enable]>
switch_controller_offloading: <value in [disable, enable]>
switch_controller_offloading_gw: <value in [disable, enable]>
switch_controller_offloading_ip: <string>
dhcp_relay_circuit_id: <string>
dhcp_relay_source_ip: <string>
switch_controller_offload: <value in [disable, enable]>
switch_controller_offload_gw: <value in [disable, enable]>
switch_controller_offload_ip: <string>
mirroring_direction: <value in [rx, tx, both]>
mirroring_port: <string>
port_mirroring: <value in [disable, enable]>
security_8021x_member_mode: <value in [disable, switch]>
stp_edge: <value in [disable, enable]>
dhcp_relay_allow_no_end_option: <value in [disable, enable]>
netflow_sample_rate: <integer>
netflow_sampler_id: <integer>
pppoe_egress_cos: <value in [cos0, cos1, cos2, ...]>
security_ip_auth_bypass: <value in [disable, enable]>
virtual_mac: <string>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |