fortinet.fortimanager.fmgr_system_global – Global range attributes.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_global
dictionary
the top level parameters set
admin-lockout-duration
integer
Default:
60
Lockout duration(sec) for administration.
admin-lockout-threshold
integer
Default:
3
Lockout threshold for administration.
adom-mode
string
    Choices:
  • normal ←
  • advanced
ADOM mode.
normal - Normal ADOM mode.
advanced - Advanced ADOM mode.
adom-rev-auto-delete
string
    Choices:
  • disable
  • by-revisions ←
  • by-days
Auto delete features for old ADOM revisions.
disable - Disable auto delete function for ADOM revision.
by-revisions - Auto delete ADOM revisions by maximum number of revisions.
by-days - Auto delete ADOM revisions by maximum days.
adom-rev-max-backup-revisions
integer
Default:
5
Maximum number of ADOM revisions to backup.
adom-rev-max-days
integer
Default:
30
Number of days to keep old ADOM revisions.
adom-rev-max-revisions
integer
Default:
120
Maximum number of ADOM revisions to keep.
adom-select
string
    Choices:
  • disable
  • enable ←
Enable/disable select ADOM after login.
disable - Disable select ADOM after login.
enable - Enable select ADOM after login.
adom-status
string
    Choices:
  • disable ←
  • enable
ADOM status.
disable - Disable ADOM mode.
enable - Enable ADOM mode.
clone-name-option
string
    Choices:
  • default ←
  • keep
set the clone object names option.
default - Add a prefix of Clone of to the clone name.
keep - Keep the original name for user to edit.
clt-cert-req
string
    Choices:
  • disable ←
  • enable
  • optional
Require client certificate for GUI login.
disable - Disable setting.
enable - Require client certificate for GUI login.
optional - Optional client certificate for GUI login.
console-output
string
    Choices:
  • standard ←
  • more
Console output mode.
standard - Standard output.
more - More page output.
country-flag
string
    Choices:
  • disable
  • enable ←
Country flag Status.
disable - Disable country flag icon beside ip address.
enable - Enable country flag icon beside ip address.
create-revision
string
    Choices:
  • disable ←
  • enable
Enable/disable create revision by default.
disable - Disable create revision by default.
enable - Enable create revision by default.
daylightsavetime
string
    Choices:
  • disable
  • enable ←
Enable/disable daylight saving time.
disable - Disable setting.
enable - Enable setting.
default-disk-quota
integer
Default:
1000
Default disk quota for registered device (MB).
detect-unregistered-log-device
string
    Choices:
  • disable
  • enable ←
Detect unregistered logging device from log message.
disable - Disable attribute function.
enable - Enable attribute function.
device-view-mode
string
    Choices:
  • regular ←
  • tree
Set devices/groups view mode.
regular - Regular view mode.
tree - Tree view mode.
dh-params
string
    Choices:
  • 1024
  • 1536
  • 2048 ←
  • 3072
  • 4096
  • 6144
  • 8192
Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits).
1024 - 1024 bits.
1536 - 1536 bits.
2048 - 2048 bits.
3072 - 3072 bits.
4096 - 4096 bits.
6144 - 6144 bits.
8192 - 8192 bits.
disable-module
list / elements=string
    Choices:
  • fortiview-noc
  • none
  • fortirecorder
  • siem
  • soc
  • ai
Disable module list.
enc-algorithm
string
    Choices:
  • low
  • medium
  • high ←
SSL communication encryption algorithms.
low - SSL communication using all available encryption algorithms.
medium - SSL communication using high and medium encryption algorithms.
high - SSL communication using high encryption algorithms.
faz-status
string
    Choices:
  • disable ←
  • enable
FAZ status.
disable - Disable FAZ feature.
enable - Enable FAZ feature.
fgfm-ca-cert
string
set the extra fgfm CA certificates.
fgfm-local-cert
string
set the fgfm local certificate.
fgfm-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
set the lowest SSL protocols for fgfmsd.
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
ha-member-auto-grouping
string
    Choices:
  • disable
  • enable ←
Enable/disable automatically group HA members feature
disable - Disable automatically grouping HA members feature.
enable - Enable automatically grouping HA members only when group name is unique in your network.
hitcount_concurrent
integer
Default:
100
The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100).
hitcount_interval
integer
Default:
300
The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300).
hostname
string
Default:
"FMG-VM64"
System hostname.
import-ignore-addr-cmt
string
    Choices:
  • disable ←
  • enable
Enable/Disable import ignore of address comments.
disable - Disable import ignore of address comments.
enable - Enable import ignore of address comments.
language
string
    Choices:
  • english ←
  • simch
  • japanese
  • korean
  • spanish
  • trach
System global language.
english - English
simch - Simplified Chinese
japanese - Japanese
korean - Korean
spanish - Spanish
trach - Traditional Chinese
latitude
string
fmg location latitude
ldap-cache-timeout
integer
Default:
86400
LDAP browser cache timeout (seconds).
ldapconntimeout
integer
Default:
60000
LDAP connection timeout (msec).
lock-preempt
string
    Choices:
  • disable ←
  • enable
Enable/disable ADOM lock override.
disable - Disable lock preempt.
enable - Enable lock preempt.
log-checksum
string
    Choices:
  • none ←
  • md5
  • md5-auth
Record log file hash value, timestamp, and authentication code at transmission or rolling.
none - No record log file checksum.
md5 - Record log files MD5 hash value only.
md5-auth - Record log files MD5 hash value and authentication code.
log-forward-cache-size
integer
Default:
0
Log forwarding disk cache size (GB).
longitude
string
fmg location longitude
max-log-forward
integer
Default:
5
Maximum number of log-forward and aggregation settings.
max-running-reports
integer
Default:
1
Maximum number of reports generating at one time.
mc-policy-disabled-adoms
list / elements=string
Mc-Policy-Disabled-Adoms.
adom-name
string
Adom names.
multiple-steps-upgrade-in-autolink
string
    Choices:
  • disable ←
  • enable
Enable/disable multiple steps upgade in autolink process
disable - Disable setting.
enable - Enable setting.
object-revision-db-max
integer
Default:
100000
Maximum revisions for a single database (10,000-1,000,000 default 100,000).
object-revision-mandatory-note
string
    Choices:
  • disable
  • enable ←
Enable/disable mandatory note when create revision.
disable - Disable object revision.
enable - Enable object revision.
object-revision-object-max
integer
Default:
100
Maximum revisions for a single object (10-1000 default 100).
object-revision-status
string
    Choices:
  • disable
  • enable ←
Enable/disable create revision when modify objects.
disable - Disable object revision.
enable - Enable object revision.
oftp-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
set the lowest SSL protocols for oftpd.
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
partial-install
string
    Choices:
  • disable ←
  • enable
Enable/Disable partial install (install some objects).
disable - Disable partial install function.
enable - Enable partial install function.
partial-install-force
string
    Choices:
  • disable ←
  • enable
Enable/Disable partial install when devdb is modified.
disable - Disable partial install when devdb is modified.
enable - Enable partial install when devdb is modified.
partial-install-rev
string
    Choices:
  • disable ←
  • enable
Enable/Disable auto creating adom revision for partial install.
disable - Disable partial install revision.
enable - Enable partial install revision.
per-policy-lock
string
    Choices:
  • disable ←
  • enable
Enable/Disable per policy lock.
disable - Disable per policy lock.
enable - Enable per policy lock.
perform-improve-by-ha
string
    Choices:
  • disable ←
  • enable
Enable/Disable performance improvement by distributing tasks to HA slaves.
disable - Disable performance improvement by HA.
enable - Enable performance improvement by HA.
policy-hit-count
string
    Choices:
  • disable ←
  • enable
show policy hit count.
disable - Disable policy hit count.
enable - Enable policy hit count.
policy-object-icon
string
    Choices:
  • disable ←
  • enable
show icons of policy objects.
disable - Disable icon of policy objects.
enable - Enable icon of policy objects.
policy-object-in-dual-pane
string
    Choices:
  • disable ←
  • enable
show policies and objects in dual pane.
disable - Disable polices and objects in dual pane.
enable - Enable polices and objects in dual pane.
pre-login-banner
string
    Choices:
  • disable ←
  • enable
Enable/disable pre-login banner.
disable - Disable pre-login banner.
enable - Enable pre-login banner.
pre-login-banner-message
string
Pre-login banner message.
private-data-encryption
string
    Choices:
  • disable ←
  • enable
Enable/disable private data encryption using an AES 128-bit key.
disable - Disable private data encryption using an AES 128-bit key.
enable - Enable private data encryption using an AES 128-bit key.
remoteauthtimeout
integer
Default:
10
Remote authentication (RADIUS/LDAP) timeout (sec).
search-all-adoms
string
    Choices:
  • disable ←
  • enable
Enable/Disable Search all ADOMs for where-used query.
disable - Disable search all ADOMs for where-used queries.
enable - Enable search all ADOMs for where-used queries.
ssl-low-encryption
string
    Choices:
  • disable ←
  • enable
SSL low-grade encryption.
disable - Disable SSL low-grade encryption.
enable - Enable SSL low-grade encryption.
ssl-protocol
list / elements=string
    Choices:
  • tlsv1.2
  • tlsv1.1
  • tlsv1.0
  • sslv3
  • tlsv1.3
SSL protocols.
ssl-static-key-ciphers
string
    Choices:
  • disable
  • enable ←
Enable/disable SSL static key ciphers.
disable - Disable setting.
enable - Enable setting.
task-list-size
integer
Default:
2000
Maximum number of completed tasks to keep.
tftp
string
    Choices:
  • disable ←
  • enable
Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode)
disable - Disable TFTP
enable - Enable TFTP
timezone
string
    Choices:
  • 00
  • 01
  • 02
  • 03
  • 04 ←
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
Time zone.
00 - (GMT-12:00) Eniwetak, Kwajalein.
01 - (GMT-11:00) Midway Island, Samoa.
02 - (GMT-10:00) Hawaii.
03 - (GMT-9:00) Alaska.
04 - (GMT-8:00) Pacific Time (US & Canada).
05 - (GMT-7:00) Arizona.
06 - (GMT-7:00) Mountain Time (US & Canada).
07 - (GMT-6:00) Central America.
08 - (GMT-6:00) Central Time (US & Canada).
09 - (GMT-6:00) Mexico City.
10 - (GMT-6:00) Saskatchewan.
11 - (GMT-5:00) Bogota, Lima, Quito.
12 - (GMT-5:00) Eastern Time (US & Canada).
13 - (GMT-5:00) Indiana (East).
14 - (GMT-4:00) Atlantic Time (Canada).
15 - (GMT-4:00) La Paz.
16 - (GMT-4:00) Santiago.
17 - (GMT-3:30) Newfoundland.
18 - (GMT-3:00) Brasilia.
19 - (GMT-3:00) Buenos Aires, Georgetown.
20 - (GMT-3:00) Nuuk (Greenland).
21 - (GMT-2:00) Mid-Atlantic.
22 - (GMT-1:00) Azores.
23 - (GMT-1:00) Cape Verde Is.
24 - (GMT) Monrovia.
25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London.
26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague.
28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris.
29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb.
30 - (GMT+1:00) West Central Africa.
31 - (GMT+2:00) Athens, Sofia, Vilnius.
32 - (GMT+2:00) Bucharest.
33 - (GMT+2:00) Cairo.
34 - (GMT+2:00) Harare, Pretoria.
35 - (GMT+2:00) Helsinki, Riga,Tallinn.
36 - (GMT+2:00) Jerusalem.
37 - (GMT+3:00) Baghdad.
38 - (GMT+3:00) Kuwait, Riyadh.
39 - (GMT+3:00) St.Petersburg, Volgograd.
40 - (GMT+3:00) Nairobi.
41 - (GMT+3:30) Tehran.
42 - (GMT+4:00) Abu Dhabi, Muscat.
43 - (GMT+4:00) Baku.
44 - (GMT+4:30) Kabul.
45 - (GMT+5:00) Ekaterinburg.
46 - (GMT+5:00) Islamabad, Karachi,Tashkent.
47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi.
48 - (GMT+5:45) Kathmandu.
49 - (GMT+6:00) Almaty, Novosibirsk.
50 - (GMT+6:00) Astana, Dhaka.
51 - (GMT+6:00) Sri Jayawardenapura.
52 - (GMT+6:30) Rangoon.
53 - (GMT+7:00) Bangkok, Hanoi, Jakarta.
54 - (GMT+7:00) Krasnoyarsk.
55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi.
56 - (GMT+8:00) Irkutsk, Ulaanbaatar.
57 - (GMT+8:00) Kuala Lumpur, Singapore.
58 - (GMT+8:00) Perth.
59 - (GMT+8:00) Taipei.
60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul.
61 - (GMT+9:00) Yakutsk.
62 - (GMT+9:30) Adelaide.
63 - (GMT+9:30) Darwin.
64 - (GMT+10:00) Brisbane.
65 - (GMT+10:00) Canberra, Melbourne, Sydney.
66 - (GMT+10:00) Guam, Port Moresby.
67 - (GMT+10:00) Hobart.
68 - (GMT+10:00) Vladivostok.
69 - (GMT+11:00) Magadan.
70 - (GMT+11:00) Solomon Is., New Caledonia.
71 - (GMT+12:00) Auckland, Wellington.
72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is.
73 - (GMT+13:00) Nukualofa.
74 - (GMT-4:30) Caracas.
75 - (GMT+1:00) Namibia.
76 - (GMT-5:00) Brazil-Acre.
77 - (GMT-4:00) Brazil-West.
78 - (GMT-3:00) Brazil-East.
79 - (GMT-2:00) Brazil-DeNoronha.
80 - (GMT+14:00) Kiritimati.
81 - (GMT-7:00) Baja California Sur, Chihuahua.
82 - (GMT+12:45) Chatham Islands.
83 - (GMT+3:00) Minsk.
84 - (GMT+13:00) Samoa.
85 - (GMT+3:00) Istanbul.
86 - (GMT-4:00) Paraguay.
87 - (GMT) Casablanca.
88 - (GMT+3:00) Moscow.
89 - (GMT) Greenwich Mean Time.
tunnel-mtu
integer
Default:
1500
Maximum transportation unit(68 - 9000).
usg
string
    Choices:
  • disable ←
  • enable
Enable/disable Fortiguard server restriction.
disable - Contact any Fortiguard server
enable - Contact Fortiguard server in USA only
vdom-mirror
string
    Choices:
  • disable ←
  • enable
VDOM mirror.
disable - Disable VDOM mirror function.
enable - Enable VDOM mirror function.
webservice-proto
list / elements=string
    Choices:
  • tlsv1.2
  • tlsv1.1
  • tlsv1.0
  • sslv3
  • sslv2
  • tlsv1.3
Web Service connection support SSL protocols.
workflow-max-sessions
integer
Default:
500
Maximum number of workflow sessions per ADOM (minimum 100).
workspace-mode
string
    Choices:
  • disabled ←
  • normal
  • workflow
  • per-adom
Set workspace mode (ADOM Locking).
disabled - Workspace disabled.
normal - Workspace lock mode.
workflow - Workspace workflow mode.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: enable workspace mode
     fmgr_system_global:
        system_global:
             adom-status: enable
             workspace-mode: normal

   - name: Script table.
     fmgr_dvmdb_script:
        bypass_validation: False
        adom: root
        state: present
        workspace_locking_adom: 'root'
        dvmdb_script:
           content: 'ansiblt-test'
           name: 'fooscript000'
           target: device_database
           type: cli

   - name: verify script table
     fmgr_fact:
        facts:
           selector: 'dvmdb_script'
           params:
               adom: 'root'
               script: 'fooscript000'
     register: info
     failed_when: info.meta.response_code != 0

   - name: restore workspace mode
     fmgr_system_global:
        system_global:
            adom-status: enable
            workspace-mode: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)