fortinet.fortimanager.fmgr_system_global – Global range attributes.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_global
dictionary
the top level parameters set
admin-lockout-duration
integer
Default:
60
Lockout duration(sec) for administration.
admin-lockout-threshold
integer
Default:
3
Lockout threshold for administration.
adom-mode
string
    Choices:
  • normal ←
  • advanced
ADOM mode.
normal - Normal ADOM mode.
advanced - Advanced ADOM mode.
adom-rev-auto-delete
string
    Choices:
  • disable
  • by-revisions ←
  • by-days
Auto delete features for old ADOM revisions.
disable - Disable auto delete function for ADOM revision.
by-revisions - Auto delete ADOM revisions by maximum number of revisions.
by-days - Auto delete ADOM revisions by maximum days.
adom-rev-max-backup-revisions
integer
Default:
5
Maximum number of ADOM revisions to backup.
adom-rev-max-days
integer
Default:
30
Number of days to keep old ADOM revisions.
adom-rev-max-revisions
integer
Default:
120
Maximum number of ADOM revisions to keep.
adom-select
string
    Choices:
  • disable
  • enable ←
Enable/disable select ADOM after login.
disable - Disable select ADOM after login.
enable - Enable select ADOM after login.
adom-status
string
    Choices:
  • disable ←
  • enable
ADOM status.
disable - Disable ADOM mode.
enable - Enable ADOM mode.
clone-name-option
string
    Choices:
  • default ←
  • keep
set the clone object names option.
default - Add a prefix of Clone of to the clone name.
keep - Keep the original name for user to edit.
clt-cert-req
string
    Choices:
  • disable ←
  • enable
  • optional
Require client certificate for GUI login.
disable - Disable setting.
enable - Require client certificate for GUI login.
optional - Optional client certificate for GUI login.
console-output
string
    Choices:
  • standard ←
  • more
Console output mode.
standard - Standard output.
more - More page output.
country-flag
string
    Choices:
  • disable
  • enable ←
Country flag Status.
disable - Disable country flag icon beside ip address.
enable - Enable country flag icon beside ip address.
create-revision
string
    Choices:
  • disable ←
  • enable
Enable/disable create revision by default.
disable - Disable create revision by default.
enable - Enable create revision by default.
daylightsavetime
string
    Choices:
  • disable
  • enable ←
Enable/disable daylight saving time.
disable - Disable setting.
enable - Enable setting.
default-disk-quota
integer
Default:
1000
Default disk quota for registered device (MB).
detect-unregistered-log-device
string
    Choices:
  • disable
  • enable ←
Detect unregistered logging device from log message.
disable - Disable attribute function.
enable - Enable attribute function.
device-view-mode
string
    Choices:
  • regular ←
  • tree
Set devices/groups view mode.
regular - Regular view mode.
tree - Tree view mode.
dh-params
string
    Choices:
  • 1024
  • 1536
  • 2048 ←
  • 3072
  • 4096
  • 6144
  • 8192
Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits).
1024 - 1024 bits.
1536 - 1536 bits.
2048 - 2048 bits.
3072 - 3072 bits.
4096 - 4096 bits.
6144 - 6144 bits.
8192 - 8192 bits.
disable-module
list / elements=string
    Choices:
  • fortiview-noc
  • none
  • fortirecorder
  • siem
  • soc
  • ai
no description
enc-algorithm
string
    Choices:
  • low
  • medium
  • high ←
SSL communication encryption algorithms.
low - SSL communication using all available encryption algorithms.
medium - SSL communication using high and medium encryption algorithms.
high - SSL communication using high encryption algorithms.
faz-status
string
    Choices:
  • disable ←
  • enable
FAZ status.
disable - Disable FAZ feature.
enable - Enable FAZ feature.
fgfm-ca-cert
string
set the extra fgfm CA certificates.
fgfm-local-cert
string
set the fgfm local certificate.
fgfm-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
set the lowest SSL protocols for fgfmsd.
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
ha-member-auto-grouping
string
    Choices:
  • disable
  • enable ←
Enable/disable automatically group HA members feature
disable - Disable automatically grouping HA members feature.
enable - Enable automatically grouping HA members only when group name is unique in your network.
hitcount_concurrent
integer
Default:
100
The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100).
hitcount_interval
integer
Default:
300
The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300).
hostname
string
Default:
"FMG-VM64"
System hostname.
import-ignore-addr-cmt
string
    Choices:
  • disable ←
  • enable
Enable/Disable import ignore of address comments.
disable - Disable import ignore of address comments.
enable - Enable import ignore of address comments.
language
string
    Choices:
  • english ←
  • simch
  • japanese
  • korean
  • spanish
  • trach
System global language.
english - English
simch - Simplified Chinese
japanese - Japanese
korean - Korean
spanish - Spanish
trach - Traditional Chinese
latitude
string
fmg location latitude
ldap-cache-timeout
integer
Default:
86400
LDAP browser cache timeout (seconds).
ldapconntimeout
integer
Default:
60000
LDAP connection timeout (msec).
lock-preempt
string
    Choices:
  • disable ←
  • enable
Enable/disable ADOM lock override.
disable - Disable lock preempt.
enable - Enable lock preempt.
log-checksum
string
    Choices:
  • none ←
  • md5
  • md5-auth
Record log file hash value, timestamp, and authentication code at transmission or rolling.
none - No record log file checksum.
md5 - Record log files MD5 hash value only.
md5-auth - Record log files MD5 hash value and authentication code.
log-forward-cache-size
integer
Default:
0
Log forwarding disk cache size (GB).
longitude
string
fmg location longitude
max-log-forward
integer
Default:
5
Maximum number of log-forward and aggregation settings.
max-running-reports
integer
Default:
1
Maximum number of reports generating at one time.
mc-policy-disabled-adoms
list / elements=string
no description
adom-name
string
Adom names.
multiple-steps-upgrade-in-autolink
string
    Choices:
  • disable ←
  • enable
Enable/disable multiple steps upgade in autolink process
disable - Disable setting.
enable - Enable setting.
object-revision-db-max
integer
Default:
100000
Maximum revisions for a single database (10,000-1,000,000 default 100,000).
object-revision-mandatory-note
string
    Choices:
  • disable
  • enable ←
Enable/disable mandatory note when create revision.
disable - Disable object revision.
enable - Enable object revision.
object-revision-object-max
integer
Default:
100
Maximum revisions for a single object (10-1000 default 100).
object-revision-status
string
    Choices:
  • disable
  • enable ←
Enable/disable create revision when modify objects.
disable - Disable object revision.
enable - Enable object revision.
oftp-ssl-protocol
string
    Choices:
  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2 ←
  • tlsv1.3
set the lowest SSL protocols for oftpd.
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
partial-install
string
    Choices:
  • disable ←
  • enable
Enable/Disable partial install (install some objects).
disable - Disable partial install function.
enable - Enable partial install function.
partial-install-force
string
    Choices:
  • disable ←
  • enable
Enable/Disable partial install when devdb is modified.
disable - Disable partial install when devdb is modified.
enable - Enable partial install when devdb is modified.
partial-install-rev
string
    Choices:
  • disable ←
  • enable
Enable/Disable auto creating adom revision for partial install.
disable - Disable partial install revision.
enable - Enable partial install revision.
per-policy-lock
string
    Choices:
  • disable ←
  • enable
Enable/Disable per policy lock.
disable - Disable per policy lock.
enable - Enable per policy lock.
perform-improve-by-ha
string
    Choices:
  • disable ←
  • enable
Enable/Disable performance improvement by distributing tasks to HA slaves.
disable - Disable performance improvement by HA.
enable - Enable performance improvement by HA.
policy-hit-count
string
    Choices:
  • disable ←
  • enable
show policy hit count.
disable - Disable policy hit count.
enable - Enable policy hit count.
policy-object-icon
string
    Choices:
  • disable ←
  • enable
show icons of policy objects.
disable - Disable icon of policy objects.
enable - Enable icon of policy objects.
policy-object-in-dual-pane
string
    Choices:
  • disable ←
  • enable
show policies and objects in dual pane.
disable - Disable polices and objects in dual pane.
enable - Enable polices and objects in dual pane.
pre-login-banner
string
    Choices:
  • disable ←
  • enable
Enable/disable pre-login banner.
disable - Disable pre-login banner.
enable - Enable pre-login banner.
pre-login-banner-message
string
Pre-login banner message.
private-data-encryption
string
    Choices:
  • disable ←
  • enable
Enable/disable private data encryption using an AES 128-bit key.
disable - Disable private data encryption using an AES 128-bit key.
enable - Enable private data encryption using an AES 128-bit key.
remoteauthtimeout
integer
Default:
10
Remote authentication (RADIUS/LDAP) timeout (sec).
search-all-adoms
string
    Choices:
  • disable ←
  • enable
Enable/Disable Search all ADOMs for where-used query.
disable - Disable search all ADOMs for where-used queries.
enable - Enable search all ADOMs for where-used queries.
ssl-low-encryption
string
    Choices:
  • disable ←
  • enable
SSL low-grade encryption.
disable - Disable SSL low-grade encryption.
enable - Enable SSL low-grade encryption.
ssl-protocol
list / elements=string
    Choices:
  • tlsv1.2
  • tlsv1.1
  • tlsv1.0
  • sslv3
  • tlsv1.3
no description
ssl-static-key-ciphers
string
    Choices:
  • disable
  • enable ←
Enable/disable SSL static key ciphers.
disable - Disable setting.
enable - Enable setting.
task-list-size
integer
Default:
2000
Maximum number of completed tasks to keep.
tftp
string
    Choices:
  • disable ←
  • enable
Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode)
disable - Disable TFTP
enable - Enable TFTP
timezone
string
    Choices:
  • 00
  • 01
  • 02
  • 03
  • 04 ←
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
Time zone.
00 - (GMT-12:00) Eniwetak, Kwajalein.
01 - (GMT-11:00) Midway Island, Samoa.
02 - (GMT-10:00) Hawaii.
03 - (GMT-9:00) Alaska.
04 - (GMT-8:00) Pacific Time (US & Canada).
05 - (GMT-7:00) Arizona.
06 - (GMT-7:00) Mountain Time (US & Canada).
07 - (GMT-6:00) Central America.
08 - (GMT-6:00) Central Time (US & Canada).
09 - (GMT-6:00) Mexico City.
10 - (GMT-6:00) Saskatchewan.
11 - (GMT-5:00) Bogota, Lima, Quito.
12 - (GMT-5:00) Eastern Time (US & Canada).
13 - (GMT-5:00) Indiana (East).
14 - (GMT-4:00) Atlantic Time (Canada).
15 - (GMT-4:00) La Paz.
16 - (GMT-4:00) Santiago.
17 - (GMT-3:30) Newfoundland.
18 - (GMT-3:00) Brasilia.
19 - (GMT-3:00) Buenos Aires, Georgetown.
20 - (GMT-3:00) Nuuk (Greenland).
21 - (GMT-2:00) Mid-Atlantic.
22 - (GMT-1:00) Azores.
23 - (GMT-1:00) Cape Verde Is.
24 - (GMT) Monrovia.
25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London.
26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague.
28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris.
29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb.
30 - (GMT+1:00) West Central Africa.
31 - (GMT+2:00) Athens, Sofia, Vilnius.
32 - (GMT+2:00) Bucharest.
33 - (GMT+2:00) Cairo.
34 - (GMT+2:00) Harare, Pretoria.
35 - (GMT+2:00) Helsinki, Riga,Tallinn.
36 - (GMT+2:00) Jerusalem.
37 - (GMT+3:00) Baghdad.
38 - (GMT+3:00) Kuwait, Riyadh.
39 - (GMT+3:00) St.Petersburg, Volgograd.
40 - (GMT+3:00) Nairobi.
41 - (GMT+3:30) Tehran.
42 - (GMT+4:00) Abu Dhabi, Muscat.
43 - (GMT+4:00) Baku.
44 - (GMT+4:30) Kabul.
45 - (GMT+5:00) Ekaterinburg.
46 - (GMT+5:00) Islamabad, Karachi,Tashkent.
47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi.
48 - (GMT+5:45) Kathmandu.
49 - (GMT+6:00) Almaty, Novosibirsk.
50 - (GMT+6:00) Astana, Dhaka.
51 - (GMT+6:00) Sri Jayawardenapura.
52 - (GMT+6:30) Rangoon.
53 - (GMT+7:00) Bangkok, Hanoi, Jakarta.
54 - (GMT+7:00) Krasnoyarsk.
55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi.
56 - (GMT+8:00) Irkutsk, Ulaanbaatar.
57 - (GMT+8:00) Kuala Lumpur, Singapore.
58 - (GMT+8:00) Perth.
59 - (GMT+8:00) Taipei.
60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul.
61 - (GMT+9:00) Yakutsk.
62 - (GMT+9:30) Adelaide.
63 - (GMT+9:30) Darwin.
64 - (GMT+10:00) Brisbane.
65 - (GMT+10:00) Canberra, Melbourne, Sydney.
66 - (GMT+10:00) Guam, Port Moresby.
67 - (GMT+10:00) Hobart.
68 - (GMT+10:00) Vladivostok.
69 - (GMT+11:00) Magadan.
70 - (GMT+11:00) Solomon Is., New Caledonia.
71 - (GMT+12:00) Auckland, Wellington.
72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is.
73 - (GMT+13:00) Nukualofa.
74 - (GMT-4:30) Caracas.
75 - (GMT+1:00) Namibia.
76 - (GMT-5:00) Brazil-Acre.
77 - (GMT-4:00) Brazil-West.
78 - (GMT-3:00) Brazil-East.
79 - (GMT-2:00) Brazil-DeNoronha.
80 - (GMT+14:00) Kiritimati.
81 - (GMT-7:00) Baja California Sur, Chihuahua.
82 - (GMT+12:45) Chatham Islands.
83 - (GMT+3:00) Minsk.
84 - (GMT+13:00) Samoa.
85 - (GMT+3:00) Istanbul.
86 - (GMT-4:00) Paraguay.
87 - (GMT) Casablanca.
88 - (GMT+3:00) Moscow.
89 - (GMT) Greenwich Mean Time.
tunnel-mtu
integer
Default:
1500
Maximum transportation unit(68 - 9000).
usg
string
    Choices:
  • disable ←
  • enable
Enable/disable Fortiguard server restriction.
disable - Contact any Fortiguard server
enable - Contact Fortiguard server in USA only
vdom-mirror
string
    Choices:
  • disable ←
  • enable
VDOM mirror.
disable - Disable VDOM mirror function.
enable - Enable VDOM mirror function.
webservice-proto
list / elements=string
    Choices:
  • tlsv1.2
  • tlsv1.1
  • tlsv1.0
  • sslv3
  • sslv2
  • tlsv1.3
no description
workflow-max-sessions
integer
Default:
500
Maximum number of workflow sessions per ADOM (minimum 100).
workspace-mode
string
    Choices:
  • disabled ←
  • normal
  • workflow
  • per-adom
Set workspace mode (ADOM Locking).
disabled - Workspace disabled.
normal - Workspace lock mode.
workflow - Workspace workflow mode.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Global range attributes.
     fmgr_system_global:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        system_global:
           admin-lockout-duration: <value of integer>
           admin-lockout-threshold: <value of integer>
           adom-mode: <value in [normal, advanced]>
           adom-rev-auto-delete: <value in [disable, by-revisions, by-days]>
           adom-rev-max-backup-revisions: <value of integer>
           adom-rev-max-days: <value of integer>
           adom-rev-max-revisions: <value of integer>
           adom-select: <value in [disable, enable]>
           adom-status: <value in [disable, enable]>
           clt-cert-req: <value in [disable, enable, optional]>
           console-output: <value in [standard, more]>
           country-flag: <value in [disable, enable]>
           create-revision: <value in [disable, enable]>
           daylightsavetime: <value in [disable, enable]>
           default-disk-quota: <value of integer>
           detect-unregistered-log-device: <value in [disable, enable]>
           device-view-mode: <value in [regular, tree]>
           dh-params: <value in [1024, 1536, 2048, ...]>
           disable-module:
             - fortiview-noc
             - none
             - fortirecorder
             - siem
             - soc
             - ai
           enc-algorithm: <value in [low, medium, high]>
           faz-status: <value in [disable, enable]>
           fgfm-local-cert: <value of string>
           fgfm-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           ha-member-auto-grouping: <value in [disable, enable]>
           hitcount_concurrent: <value of integer>
           hitcount_interval: <value of integer>
           hostname: <value of string>
           import-ignore-addr-cmt: <value in [disable, enable]>
           language: <value in [english, simch, japanese, ...]>
           latitude: <value of string>
           ldap-cache-timeout: <value of integer>
           ldapconntimeout: <value of integer>
           lock-preempt: <value in [disable, enable]>
           log-checksum: <value in [none, md5, md5-auth]>
           log-forward-cache-size: <value of integer>
           longitude: <value of string>
           max-log-forward: <value of integer>
           max-running-reports: <value of integer>
           oftp-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           partial-install: <value in [disable, enable]>
           partial-install-force: <value in [disable, enable]>
           partial-install-rev: <value in [disable, enable]>
           perform-improve-by-ha: <value in [disable, enable]>
           policy-hit-count: <value in [disable, enable]>
           policy-object-in-dual-pane: <value in [disable, enable]>
           pre-login-banner: <value in [disable, enable]>
           pre-login-banner-message: <value of string>
           remoteauthtimeout: <value of integer>
           search-all-adoms: <value in [disable, enable]>
           ssl-low-encryption: <value in [disable, enable]>
           ssl-protocol:
             - tlsv1.2
             - tlsv1.1
             - tlsv1.0
             - sslv3
             - tlsv1.3
           ssl-static-key-ciphers: <value in [disable, enable]>
           task-list-size: <value of integer>
           tftp: <value in [disable, enable]>
           timezone: <value in [00, 01, 02, ...]>
           tunnel-mtu: <value of integer>
           usg: <value in [disable, enable]>
           vdom-mirror: <value in [disable, enable]>
           webservice-proto:
             - tlsv1.2
             - tlsv1.1
             - tlsv1.0
             - sslv3
             - sslv2
             - tlsv1.3
           workflow-max-sessions: <value of integer>
           workspace-mode: <value in [disabled, normal, workflow, ...]>
           clone-name-option: <value in [default, keep]>
           fgfm-ca-cert: <value of string>
           mc-policy-disabled-adoms:
             -
                 adom-name: <value of string>
           policy-object-icon: <value in [disable, enable]>
           private-data-encryption: <value in [disable, enable]>
           per-policy-lock: <value in [disable, enable]>
           multiple-steps-upgrade-in-autolink: <value in [disable, enable]>
           object-revision-db-max: <value of integer>
           object-revision-mandatory-note: <value in [disable, enable]>
           object-revision-object-max: <value of integer>
           object-revision-status: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)