fortinet.fortimanager.fmgr_system_admin_setting – Admin setting.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_setting.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_admin_setting
dictionary
the top level parameters set
access-banner
string
    Choices:
  • disable ←
  • enable
Enable/disable access banner.
disable - Disable setting.
enable - Enable setting.
admin-https-redirect
string
    Choices:
  • disable
  • enable ←
Enable/disable redirection of HTTP admin traffic to HTTPS.
disable - Disable setting.
enable - Enable setting.
admin-login-max
integer
Default:
256
Maximum number admin users logged in at one time (1 - 256).
admin_server_cert
string
Default:
"server.crt"
HTTPS & Web Service server certificate.
allow_register
string
    Choices:
  • disable ←
  • enable
Enable/disable allowance of register an unregistered device.
disable - Disable setting.
enable - Enable setting.
auth-addr
string
IP which is used by FGT to authorize FMG.
auth-port
integer
Default:
443
Port which is used by FGT to authorize FMG.
auto-update
string
    Choices:
  • disable
  • enable ←
Enable/disable FortiGate automatic update.
disable - Disable device automatic update.
enable - Enable device automatic update.
banner-message
string
Banner message.
chassis-mgmt
string
    Choices:
  • disable ←
  • enable
Enable or disable chassis management.
disable - Disable setting.
enable - Enable setting.
chassis-update-interval
integer
Default:
15
Chassis background update interval (4 - 1440 mins).
device_sync_status
string
    Choices:
  • disable
  • enable ←
Enable/disable device synchronization status indication.
disable - Disable setting.
enable - Enable setting.
gui-theme
string
    Choices:
  • blue ←
  • green
  • red
  • melongene
  • spring
  • summer
  • autumn
  • winter
  • space
  • calla-lily
  • binary-tunnel
  • diving
  • dreamy
  • technology
  • landscape
  • twilight
  • canyon
  • northern-light
  • astronomy
  • fish
  • penguin
  • panda
  • polar-bear
  • parrot
  • cave
  • mountain
  • zebra
  • contrast-dark
  • circuit-board
  • mars
  • blue-sea
Color scheme to use for the administration GUI.
blue - Blueberry
green - Kiwi
red - Cherry
melongene - Plum
spring - Spring
summer - Summer
autumn - Autumn
winter - Winter
space - Space
calla-lily - Calla Lily
binary-tunnel - Binary Tunnel
diving - Diving
dreamy - Dreamy
technology - Technology
landscape - Landscape
twilight - Twilight
canyon - Canyon
northern-light - Northern Light
astronomy - Astronomy
fish - Fish
penguin - Penguin
panda - Panda
polar-bear - Polar Bear
parrot - Parrot
cave - Cave
http_port
integer
Default:
80
HTTP port.
https_port
integer
Default:
443
HTTPS port.
idle_timeout
integer
Default:
15
Idle timeout (1 - 480 min).
idle_timeout_api
integer
Default:
900
Idle timeout for API sessions (1 - 28800 sec).
idle_timeout_gui
integer
Default:
900
Idle timeout for GUI sessions (60 - 28800 sec).
install-ifpolicy-only
string
    Choices:
  • disable ←
  • enable
Allow install interface policy only.
disable - Disable setting.
enable - Enable setting.
mgmt-addr
string
IP of FortiManager used by FGFM.
mgmt-fqdn
string
FQDN of FortiManager used by FGFM.
objects-force-deletion
string
    Choices:
  • disable
  • enable ←
Enable/disable used objects force deletion.
disable - Disable setting.
enable - Enable setting.
offline_mode
string
    Choices:
  • disable ←
  • enable
Enable/disable offline mode.
disable - Disable offline mode.
enable - Enable offline mode.
register_passwd
string
no description
sdwan-monitor-history
string
    Choices:
  • disable ←
  • enable
Enable/disable hostname display in the GUI login page.
disable - Disable setting.
enable - Enable setting.
sdwan-skip-unmapped-input-device
string
    Choices:
  • disable ←
  • enable
Skip unmapped interface for sdwan/rule/input-device instead of report mapping error.
disable - Disable setting.
enable - Enable setting.
shell-access
string
    Choices:
  • disable ←
  • enable
Enable/disable shell access.
disable - Disable setting.
enable - Enable setting.
shell-password
string
no description
show-add-multiple
string
    Choices:
  • disable ←
  • enable
Show add multiple button.
disable - Disable setting.
enable - Enable setting.
show-adom-devman
string
    Choices:
  • disable
  • enable ←
Show ADOM device manager tools on GUI.
disable - Hide device manager tools on GUI.
enable - Show device manager tools on GUI.
show-checkbox-in-table
string
    Choices:
  • disable ←
  • enable
Show checkboxs in tables on GUI.
disable - Disable setting.
enable - Enable setting.
show-device-import-export
string
    Choices:
  • disable ←
  • enable
Enable/disable import/export of ADOM, device, and group lists.
disable - Disable setting.
enable - Enable setting.
show-fct-manager
string
    Choices:
  • disable ←
  • enable
Enable/disable FCT manager.
disable - Disable setting.
enable - Enable setting.
show-hostname
string
    Choices:
  • disable ←
  • enable
Enable/disable hostname display in the GUI login page.
disable - Disable setting.
enable - Enable setting.
show_automatic_script
string
    Choices:
  • disable ←
  • enable
Enable/disable automatic script.
disable - Disable script option.
enable - Enable script option.
show_grouping_script
string
    Choices:
  • disable
  • enable ←
Enable/disable grouping script.
disable - Disable script option.
enable - Enable script option.
show_schedule_script
string
    Choices:
  • disable ←
  • enable
Enable or disable schedule script.
disable - Disable script option.
enable - Enable script option.
show_tcl_script
string
    Choices:
  • disable ←
  • enable
Enable/disable TCL script.
disable - Disable script option.
enable - Enable script option.
unreg_dev_opt
string
    Choices:
  • add_no_service
  • ignore
  • add_allow_service ←
Action to take when unregistered device connects to FortiManager.
add_no_service - Add unregistered devices but deny service requests.
ignore - Ignore unregistered devices.
add_allow_service - Add unregistered devices and allow service requests.
webadmin_language
string
    Choices:
  • auto_detect ←
  • english
  • simplified_chinese
  • traditional_chinese
  • japanese
  • korean
  • spanish
Web admin language.
auto_detect - Automatically detect language.
english - English.
simplified_chinese - Simplified Chinese.
traditional_chinese - Traditional Chinese.
japanese - Japanese.
korean - Korean.
spanish - Spanish.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin setting.
     fmgr_system_admin_setting:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        system_admin_setting:
           access-banner: <value in [disable, enable]>
           admin-https-redirect: <value in [disable, enable]>
           admin-login-max: <value of integer>
           admin_server_cert: <value of string>
           allow_register: <value in [disable, enable]>
           auto-update: <value in [disable, enable]>
           banner-message: <value of string>
           chassis-mgmt: <value in [disable, enable]>
           chassis-update-interval: <value of integer>
           device_sync_status: <value in [disable, enable]>
           gui-theme: <value in [blue, green, red, ...]>
           http_port: <value of integer>
           https_port: <value of integer>
           idle_timeout: <value of integer>
           install-ifpolicy-only: <value in [disable, enable]>
           mgmt-addr: <value of string>
           mgmt-fqdn: <value of string>
           objects-force-deletion: <value in [disable, enable]>
           offline_mode: <value in [disable, enable]>
           register_passwd: <value of string>
           sdwan-monitor-history: <value in [disable, enable]>
           shell-access: <value in [disable, enable]>
           shell-password: <value of string>
           show-add-multiple: <value in [disable, enable]>
           show-adom-devman: <value in [disable, enable]>
           show-checkbox-in-table: <value in [disable, enable]>
           show-device-import-export: <value in [disable, enable]>
           show-hostname: <value in [disable, enable]>
           show_automatic_script: <value in [disable, enable]>
           show_grouping_script: <value in [disable, enable]>
           show_schedule_script: <value in [disable, enable]>
           show_tcl_script: <value in [disable, enable]>
           unreg_dev_opt: <value in [add_no_service, ignore, add_allow_service]>
           webadmin_language: <value in [auto_detect, english, simplified_chinese, ...]>
           show-fct-manager: <value in [disable, enable]>
           sdwan-skip-unmapped-input-device: <value in [disable, enable]>
           auth-addr: <value of string>
           auth-port: <value of integer>
           idle_timeout_api: <value of integer>
           idle_timeout_gui: <value of integer>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)