fortinet.fortimanager.fmgr_system_admin_setting – Admin setting.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_setting.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_admin_setting
dictionary
the top level parameters set
access-banner
string
    Choices:
  • disable ←
  • enable
Enable/disable access banner.
disable - Disable setting.
enable - Enable setting.
admin-https-redirect
string
    Choices:
  • disable
  • enable ←
Enable/disable redirection of HTTP admin traffic to HTTPS.
disable - Disable setting.
enable - Enable setting.
admin-login-max
integer
Default:
256
Maximum number admin users logged in at one time (1 - 256).
admin_server_cert
string
Default:
"server.crt"
HTTPS & Web Service server certificate.
allow_register
string
    Choices:
  • disable ←
  • enable
Enable/disable allowance of register an unregistered device.
disable - Disable setting.
enable - Enable setting.
auth-addr
string
IP which is used by FGT to authorize FMG.
auth-port
integer
Default:
443
Port which is used by FGT to authorize FMG.
auto-update
string
    Choices:
  • disable
  • enable ←
Enable/disable FortiGate automatic update.
disable - Disable device automatic update.
enable - Enable device automatic update.
banner-message
string
Banner message.
chassis-mgmt
string
    Choices:
  • disable ←
  • enable
Enable or disable chassis management.
disable - Disable setting.
enable - Enable setting.
chassis-update-interval
integer
Default:
15
Chassis background update interval (4 - 1440 mins).
device_sync_status
string
    Choices:
  • disable
  • enable ←
Enable/disable device synchronization status indication.
disable - Disable setting.
enable - Enable setting.
gui-theme
string
    Choices:
  • blue ←
  • green
  • red
  • melongene
  • spring
  • summer
  • autumn
  • winter
  • space
  • calla-lily
  • binary-tunnel
  • diving
  • dreamy
  • technology
  • landscape
  • twilight
  • canyon
  • northern-light
  • astronomy
  • fish
  • penguin
  • panda
  • polar-bear
  • parrot
  • cave
  • mountain
  • zebra
  • contrast-dark
  • circuit-board
  • mars
  • blue-sea
Color scheme to use for the administration GUI.
blue - Blueberry
green - Kiwi
red - Cherry
melongene - Plum
spring - Spring
summer - Summer
autumn - Autumn
winter - Winter
space - Space
calla-lily - Calla Lily
binary-tunnel - Binary Tunnel
diving - Diving
dreamy - Dreamy
technology - Technology
landscape - Landscape
twilight - Twilight
canyon - Canyon
northern-light - Northern Light
astronomy - Astronomy
fish - Fish
penguin - Penguin
panda - Panda
polar-bear - Polar Bear
parrot - Parrot
cave - Cave
http_port
integer
Default:
80
HTTP port.
https_port
integer
Default:
443
HTTPS port.
idle_timeout
integer
Default:
15
Idle timeout (1 - 480 min).
idle_timeout_api
integer
Default:
900
Idle timeout for API sessions (1 - 28800 sec).
idle_timeout_gui
integer
Default:
900
Idle timeout for GUI sessions (60 - 28800 sec).
install-ifpolicy-only
string
    Choices:
  • disable ←
  • enable
Allow install interface policy only.
disable - Disable setting.
enable - Enable setting.
mgmt-addr
string
IP of FortiManager used by FGFM.
mgmt-fqdn
string
FQDN of FortiManager used by FGFM.
objects-force-deletion
string
    Choices:
  • disable
  • enable ←
Enable/disable used objects force deletion.
disable - Disable setting.
enable - Enable setting.
offline_mode
string
    Choices:
  • disable ←
  • enable
Enable/disable offline mode.
disable - Disable offline mode.
enable - Enable offline mode.
register_passwd
string
Password for register a device.
sdwan-monitor-history
string
    Choices:
  • disable ←
  • enable
Enable/disable hostname display in the GUI login page.
disable - Disable setting.
enable - Enable setting.
sdwan-skip-unmapped-input-device
string
    Choices:
  • disable ←
  • enable
Skip unmapped interface for sdwan/rule/input-device instead of report mapping error.
disable - Disable setting.
enable - Enable setting.
shell-access
string
    Choices:
  • disable ←
  • enable
Enable/disable shell access.
disable - Disable setting.
enable - Enable setting.
shell-password
string
Password for shell access.
show-add-multiple
string
    Choices:
  • disable ←
  • enable
Show add multiple button.
disable - Disable setting.
enable - Enable setting.
show-adom-devman
string
    Choices:
  • disable
  • enable ←
Show ADOM device manager tools on GUI.
disable - Hide device manager tools on GUI.
enable - Show device manager tools on GUI.
show-checkbox-in-table
string
    Choices:
  • disable ←
  • enable
Show checkboxs in tables on GUI.
disable - Disable setting.
enable - Enable setting.
show-device-import-export
string
    Choices:
  • disable ←
  • enable
Enable/disable import/export of ADOM, device, and group lists.
disable - Disable setting.
enable - Enable setting.
show-fct-manager
string
    Choices:
  • disable ←
  • enable
Enable/disable FCT manager.
disable - Disable setting.
enable - Enable setting.
show-hostname
string
    Choices:
  • disable ←
  • enable
Enable/disable hostname display in the GUI login page.
disable - Disable setting.
enable - Enable setting.
show_automatic_script
string
    Choices:
  • disable ←
  • enable
Enable/disable automatic script.
disable - Disable script option.
enable - Enable script option.
show_grouping_script
string
    Choices:
  • disable
  • enable ←
Enable/disable grouping script.
disable - Disable script option.
enable - Enable script option.
show_schedule_script
string
    Choices:
  • disable ←
  • enable
Enable or disable schedule script.
disable - Disable script option.
enable - Enable script option.
show_tcl_script
string
    Choices:
  • disable ←
  • enable
Enable/disable TCL script.
disable - Disable script option.
enable - Enable script option.
unreg_dev_opt
string
    Choices:
  • add_no_service
  • ignore
  • add_allow_service ←
Action to take when unregistered device connects to FortiManager.
add_no_service - Add unregistered devices but deny service requests.
ignore - Ignore unregistered devices.
add_allow_service - Add unregistered devices and allow service requests.
webadmin_language
string
    Choices:
  • auto_detect ←
  • english
  • simplified_chinese
  • traditional_chinese
  • japanese
  • korean
  • spanish
Web admin language.
auto_detect - Automatically detect language.
english - English.
simplified_chinese - Simplified Chinese.
traditional_chinese - Traditional Chinese.
japanese - Japanese.
korean - Korean.
spanish - Spanish.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin setting.
     fmgr_system_admin_setting:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        system_admin_setting:
           access-banner: <value in [disable, enable]>
           admin-https-redirect: <value in [disable, enable]>
           admin-login-max: <value of integer>
           admin_server_cert: <value of string>
           allow_register: <value in [disable, enable]>
           auto-update: <value in [disable, enable]>
           banner-message: <value of string>
           chassis-mgmt: <value in [disable, enable]>
           chassis-update-interval: <value of integer>
           device_sync_status: <value in [disable, enable]>
           gui-theme: <value in [blue, green, red, ...]>
           http_port: <value of integer>
           https_port: <value of integer>
           idle_timeout: <value of integer>
           install-ifpolicy-only: <value in [disable, enable]>
           mgmt-addr: <value of string>
           mgmt-fqdn: <value of string>
           objects-force-deletion: <value in [disable, enable]>
           offline_mode: <value in [disable, enable]>
           register_passwd: <value of string>
           sdwan-monitor-history: <value in [disable, enable]>
           shell-access: <value in [disable, enable]>
           shell-password: <value of string>
           show-add-multiple: <value in [disable, enable]>
           show-adom-devman: <value in [disable, enable]>
           show-checkbox-in-table: <value in [disable, enable]>
           show-device-import-export: <value in [disable, enable]>
           show-hostname: <value in [disable, enable]>
           show_automatic_script: <value in [disable, enable]>
           show_grouping_script: <value in [disable, enable]>
           show_schedule_script: <value in [disable, enable]>
           show_tcl_script: <value in [disable, enable]>
           unreg_dev_opt: <value in [add_no_service, ignore, add_allow_service]>
           webadmin_language: <value in [auto_detect, english, simplified_chinese, ...]>
           show-fct-manager: <value in [disable, enable]>
           sdwan-skip-unmapped-input-device: <value in [disable, enable]>
           auth-addr: <value of string>
           auth-port: <value of integer>
           idle_timeout_api: <value of integer>
           idle_timeout_gui: <value of integer>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)