fortinet.fortimanager.fmgr_vap – Configure Virtual Access Points

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
vap
dictionary
the top level parameters set
_centmgmt
string
    Choices:
  • disable ←
  • enable
_Centmgmt.
_dhcp_svr_id
string
_Dhcp_Svr_Id.
_intf_allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
_Intf_Allowaccess.
_intf_device-access-list
string
_Intf_Device-Access-List.
_intf_device-identification
string
    Choices:
  • disable ←
  • enable
_Intf_Device-Identification.
_intf_device-netscan
string
    Choices:
  • disable ←
  • enable
_Intf_Device-Netscan.
_intf_dhcp-relay-ip
string
_Intf_Dhcp-Relay-Ip.
_intf_dhcp-relay-service
string
    Choices:
  • disable ←
  • enable
_Intf_Dhcp-Relay-Service.
_intf_dhcp-relay-type
string
    Choices:
  • regular ←
  • ipsec
_Intf_Dhcp-Relay-Type.
_intf_dhcp6-relay-ip
string
_Intf_Dhcp6-Relay-Ip.
_intf_dhcp6-relay-service
string
    Choices:
  • disable ←
  • enable
_Intf_Dhcp6-Relay-Service.
_intf_dhcp6-relay-type
string
    Choices:
  • regular ←
_Intf_Dhcp6-Relay-Type.
_intf_ip
string
_Intf_Ip.
_intf_ip6-address
string
_Intf_Ip6-Address.
_intf_ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • any
  • fgfm
  • capwap
_Intf_Ip6-Allowaccess.
_intf_listen-forticlient-connection
string
    Choices:
  • disable ←
  • enable
_Intf_Listen-Forticlient-Connection.
access-control-list
string
access-control-list profile name.
acct-interim-interval
integer
WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
additional-akms
list / elements=string
    Choices:
  • akm6
Additional AKMs.
address-group
string
Address group ID.
alias
string
Alias.
atf-weight
integer
Airtime weight in percentage (default = 20).
auth
string
    Choices:
  • PSK
  • psk
  • RADIUS
  • radius
  • usergroup
Authentication protocol.
broadcast-ssid
string
    Choices:
  • disable
  • enable
Enable/disable broadcasting the SSID (default = enable).
broadcast-suppression
list / elements=string
    Choices:
  • dhcp
  • arp
  • dhcp2
  • arp2
  • netbios-ns
  • netbios-ds
  • arp3
  • dhcp-up
  • dhcp-down
  • arp-known
  • arp-unknown
  • arp-reply
  • ipv6
  • dhcp-starvation
  • arp-poison
  • all-other-mc
  • all-other-bc
  • arp-proxy
  • dhcp-ucast
Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
bss-color-partial
string
    Choices:
  • disable
  • enable
Enable/disable 802.11ax partial BSS color (default = enable).
bstm-disassociation-imminent
string
    Choices:
  • disable
  • enable
Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable).
bstm-load-balancing-disassoc-timer
integer
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = ...
bstm-rssi-disassoc-timer
integer
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
captive-portal-ac-name
string
Local-bridging captive portal ac-name.
captive-portal-auth-timeout
integer
Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
captive-portal-macauth-radius-secret
string
Secret key to access the macauth RADIUS server.
captive-portal-macauth-radius-server
string
Captive portal external RADIUS server domain name or IP address.
captive-portal-radius-secret
string
Secret key to access the RADIUS server.
captive-portal-radius-server
string
Captive portal RADIUS server domain name or IP address.
captive-portal-session-timeout-interval
integer
Session timeout interval (0 - 864000 sec, default = 0).
dhcp-address-enforcement
string
    Choices:
  • disable
  • enable
Enable/disable DHCP address enforcement (default = disable).
dhcp-lease-time
integer
DHCP lease time in seconds for NAT IP address.
dhcp-option43-insertion
string
    Choices:
  • disable
  • enable
Enable/disable insertion of DHCP option 43 (default = enable).
dhcp-option82-circuit-id-insertion
string
    Choices:
  • disable
  • style-1
  • style-2
  • style-3
Enable/disable DHCP option 82 circuit-id insert (default = disable).
dhcp-option82-insertion
string
    Choices:
  • disable
  • enable
Enable/disable DHCP option 82 insert (default = disable).
dhcp-option82-remote-id-insertion
string
    Choices:
  • disable
  • style-1
Enable/disable DHCP option 82 remote-id insert (default = disable).
dynamic-vlan
string
    Choices:
  • disable
  • enable
Enable/disable dynamic VLAN assignment.
dynamic_mapping
list / elements=string
Dynamic_Mapping.
_centmgmt
string
    Choices:
  • disable ←
  • enable
_Centmgmt.
_dhcp_svr_id
string
_Dhcp_Svr_Id.
_intf_allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
_Intf_Allowaccess.
_intf_device-access-list
string
_Intf_Device-Access-List.
_intf_device-identification
string
    Choices:
  • disable ←
  • enable
_Intf_Device-Identification.
_intf_device-netscan
string
    Choices:
  • disable ←
  • enable
_Intf_Device-Netscan.
_intf_dhcp-relay-ip
string
_Intf_Dhcp-Relay-Ip.
_intf_dhcp-relay-service
string
    Choices:
  • disable ←
  • enable
_Intf_Dhcp-Relay-Service.
_intf_dhcp-relay-type
string
    Choices:
  • regular ←
  • ipsec
_Intf_Dhcp-Relay-Type.
_intf_dhcp6-relay-ip
string
_Intf_Dhcp6-Relay-Ip.
_intf_dhcp6-relay-service
string
    Choices:
  • disable ←
  • enable
_Intf_Dhcp6-Relay-Service.
_intf_dhcp6-relay-type
string
    Choices:
  • regular ←
_Intf_Dhcp6-Relay-Type.
_intf_ip
string
_Intf_Ip.
_intf_ip6-address
string
_Intf_Ip6-Address.
_intf_ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • any
  • fgfm
  • capwap
_Intf_Ip6-Allowaccess.
_intf_listen-forticlient-connection
string
    Choices:
  • disable ←
  • enable
_Intf_Listen-Forticlient-Connection.
_scope
list / elements=string
_Scope.
name
string
Name.
vdom
string
Vdom.
access-control-list
string
Access-Control-List.
acct-interim-interval
integer
WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
additional-akms
list / elements=string
    Choices:
  • akm6
Additional-Akms.
address-group
string
Address group ID.
alias
string
Alias.
atf-weight
integer
Airtime weight in percentage (default = 20).
auth
string
    Choices:
  • PSK
  • psk
  • RADIUS
  • radius
  • usergroup
Authentication protocol.
broadcast-ssid
string
    Choices:
  • disable
  • enable
Enable/disable broadcasting the SSID (default = enable).
broadcast-suppression
list / elements=string
    Choices:
  • dhcp
  • arp
  • dhcp2
  • arp2
  • netbios-ns
  • netbios-ds
  • arp3
  • dhcp-up
  • dhcp-down
  • arp-known
  • arp-unknown
  • arp-reply
  • ipv6
  • dhcp-starvation
  • arp-poison
  • all-other-mc
  • all-other-bc
  • arp-proxy
  • dhcp-ucast
Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
bss-color-partial
string
    Choices:
  • disable
  • enable
Bss-Color-Partial.
bstm-disassociation-imminent
string
    Choices:
  • disable
  • enable
Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable).
bstm-load-balancing-disassoc-timer
integer
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, de...
bstm-rssi-disassoc-timer
integer
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default =...
captive-portal-ac-name
string
Local-bridging captive portal ac-name.
captive-portal-auth-timeout
integer
Captive-Portal-Auth-Timeout.
captive-portal-macauth-radius-secret
string
Secret key to access the macauth RADIUS server.
captive-portal-macauth-radius-server
string
Captive portal external RADIUS server domain name or IP address.
captive-portal-radius-secret
string
Secret key to access the RADIUS server.
captive-portal-radius-server
string
Captive portal RADIUS server domain name or IP address.
captive-portal-session-timeout-interval
integer
Session timeout interval (0 - 864000 sec, default = 0).
client-count
integer
Client-Count.
dhcp-address-enforcement
string
    Choices:
  • disable
  • enable
Enable/disable DHCP address enforcement (default = disable).
dhcp-lease-time
integer
DHCP lease time in seconds for NAT IP address.
dhcp-option43-insertion
string
    Choices:
  • disable
  • enable
Dhcp-Option43-Insertion.
dhcp-option82-circuit-id-insertion
string
    Choices:
  • disable
  • style-1
  • style-2
  • style-3
Enable/disable DHCP option 82 circuit-id insert (default = disable).
dhcp-option82-insertion
string
    Choices:
  • disable
  • enable
Enable/disable DHCP option 82 insert (default = disable).
dhcp-option82-remote-id-insertion
string
    Choices:
  • disable
  • style-1
Enable/disable DHCP option 82 remote-id insert (default = disable).
dynamic-vlan
string
    Choices:
  • disable
  • enable
Enable/disable dynamic VLAN assignment.
eap-reauth
string
    Choices:
  • disable
  • enable
Enable/disable EAP re-authentication for WPA-Enterprise security.
eap-reauth-intv
integer
EAP re-authentication interval (1800 - 864000 sec, default = 86400).
eapol-key-retries
string
    Choices:
  • disable
  • enable
Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable).
encrypt
string
    Choices:
  • TKIP
  • AES
  • TKIP-AES
Encryption protocol to use (only available when security is set to a WPA type).
external-fast-roaming
string
    Choices:
  • disable
  • enable
Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable).
external-logout
string
URL of external authentication logout server.
external-web
string
URL of external authentication web server.
external-web-format
string
    Choices:
  • auto-detect
  • no-query-string
  • partial-query-string
URL query parameter detection (default = auto-detect).
fast-bss-transition
string
    Choices:
  • disable
  • enable
Enable/disable 802.11r Fast BSS Transition (FT) (default = disable).
fast-roaming
string
    Choices:
  • disable
  • enable
Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable).
ft-mobility-domain
integer
Mobility domain identifier in FT (1 - 65535, default = 1000).
ft-over-ds
string
    Choices:
  • disable
  • enable
Enable/disable FT over the Distribution System (DS).
ft-r0-key-lifetime
integer
Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
gas-comeback-delay
integer
GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
gas-fragmentation-limit
integer
GAS fragmentation limit (512 - 4096, default = 1024).
gtk-rekey
string
    Choices:
  • disable
  • enable
Enable/disable GTK rekey for WPA security.
gtk-rekey-intv
integer
GTK rekey interval (1800 - 864000 sec, default = 86400).
high-efficiency
string
    Choices:
  • disable
  • enable
Enable/disable 802.11ax high efficiency (default = enable).
hotspot20-profile
string
Hotspot 2.0 profile name.
igmp-snooping
string
    Choices:
  • disable
  • enable
Enable/disable IGMP snooping.
intra-vap-privacy
string
    Choices:
  • disable
  • enable
Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable).
ip
string
IP address and subnet mask for the local standalone NAT subnet.
ipv6-rules
list / elements=string
    Choices:
  • drop-icmp6ra
  • drop-icmp6rs
  • drop-llmnr6
  • drop-icmp6mld2
  • drop-dhcp6s
  • drop-dhcp6c
  • ndp-proxy
  • drop-ns-dad
  • drop-ns-nondad
Ipv6-Rules.
key
string
WEP Key.
keyindex
integer
WEP key index (1 - 4).
ldpc
string
    Choices:
  • disable
  • tx
  • rx
  • rxtx
VAP low-density parity-check (LDPC) coding configuration.
local-authentication
string
    Choices:
  • disable
  • enable
Enable/disable AP local authentication.
local-bridging
string
    Choices:
  • disable
  • enable
Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable).
local-lan
string
    Choices:
  • deny
  • allow
Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow).
local-standalone
string
    Choices:
  • disable
  • enable
Enable/disable AP local standalone (default = disable).
local-standalone-nat
string
    Choices:
  • disable
  • enable
Enable/disable AP local standalone NAT mode.
local-switching
string
    Choices:
  • disable
  • enable
Local-Switching.
mac-auth-bypass
string
    Choices:
  • disable
  • enable
Enable/disable MAC authentication bypass.
mac-called-station-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC called station delimiter (default = hyphen).
mac-calling-station-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC calling station delimiter (default = hyphen).
mac-case
string
    Choices:
  • uppercase
  • lowercase
MAC case (default = uppercase).
mac-filter
string
    Choices:
  • disable
  • enable
Enable/disable MAC filtering to block wireless clients by mac address.
mac-filter-policy-other
string
    Choices:
  • deny
  • allow
Allow or block clients with MAC addresses that are not in the filter list.
mac-password-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC authentication password delimiter (default = hyphen).
mac-username-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC authentication username delimiter (default = hyphen).
max-clients
integer
Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
max-clients-ap
integer
Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
mbo
string
    Choices:
  • disable
  • enable
Enable/disable Multiband Operation (default = disable).
mbo-cell-data-conn-pref
string
    Choices:
  • excluded
  • prefer-not
  • prefer-use
MBO cell data connection preference (0, 1, or 255, default = 1).
me-disable-thresh
integer
Disable multicast enhancement when this many clients are receiving multicast traffic.
mesh-backhaul
string
    Choices:
  • disable
  • enable
Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security ...
mpsk
string
    Choices:
  • disable
  • enable
Enable/disable multiple PSK authentication.
mpsk-concurrent-clients
integer
Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535,...
mpsk-profile
string
Mpsk-Profile.
mu-mimo
string
    Choices:
  • disable
  • enable
Enable/disable Multi-user MIMO (default = enable).
multicast-enhance
string
    Choices:
  • disable
  • enable
Enable/disable converting multicast to unicast to improve performance (default = disable).
multicast-rate
string
    Choices:
  • 0
  • 6000
  • 12000
  • 24000
Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0).
nac
string
    Choices:
  • disable
  • enable
Enable/disable network access control.
nac-profile
string
NAC profile name.
neighbor-report-dual-band
string
    Choices:
  • disable
  • enable
Enable/disable dual-band neighbor report (default = disable).
okc
string
    Choices:
  • disable
  • enable
Enable/disable Opportunistic Key Caching (OKC) (default = enable).
owe-groups
list / elements=string
    Choices:
  • 19
  • 20
  • 21
OWE-Groups.
owe-transition
string
    Choices:
  • disable
  • enable
Enable/disable OWE transition mode support.
owe-transition-ssid
string
OWE transition mode peer SSID.
passphrase
string
WPA pre-shared key (PSK) to be used to authenticate WiFi users.
pmf
string
    Choices:
  • disable
  • enable
  • optional
Protected Management Frames (PMF) support (default = disable).
pmf-assoc-comeback-timeout
integer
Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
pmf-sa-query-retry-timeout
integer
Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
port-macauth
string
    Choices:
  • disable
  • radius
  • address-group
Enable/disable LAN port MAC authentication (default = disable).
port-macauth-reauth-timeout
integer
LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
port-macauth-timeout
integer
LAN port MAC authentication idle timeout value (default = 600 sec).
portal-message-override-group
string
Replacement message group for this VAP (only available when security is set to a captive portal type).
portal-type
string
    Choices:
  • auth
  • auth+disclaimer
  • disclaimer
  • email-collect
  • cmcc
  • cmcc-macauth
  • auth-mac
  • external-auth
  • external-macauth
Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
primary-wag-profile
string
Primary wireless access gateway profile name.
probe-resp-suppression
string
    Choices:
  • disable
  • enable
Enable/disable probe response suppression (to ignore weak signals) (default = disable).
probe-resp-threshold
string
Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
ptk-rekey
string
    Choices:
  • disable
  • enable
Enable/disable PTK rekey for WPA-Enterprise security.
ptk-rekey-intv
integer
PTK rekey interval (1800 - 864000 sec, default = 86400).
qos-profile
string
Quality of service profile name.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable station quarantine (default = enable).
radio-2g-threshold
string
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, defau...
radio-5g-threshold
string
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default ...
radio-sensitivity
string
    Choices:
  • disable
  • enable
Enable/disable software radio sensitivity (to ignore weak signals) (default = disable).
radius-mac-auth
string
    Choices:
  • disable
  • enable
Enable/disable RADIUS-based MAC authentication of clients (default = disable).
radius-mac-auth-server
string
RADIUS-based MAC authentication server.
radius-mac-auth-usergroups
string
Selective user groups that are permitted for RADIUS mac authentication.
radius-server
string
RADIUS server to be used to authenticate WiFi users.
rates-11a
list / elements=string
    Choices:
  • 1
  • 1-basic
  • 2
  • 2-basic
  • 5.5
  • 5.5-basic
  • 6
  • 6-basic
  • 9
  • 9-basic
  • 12
  • 12-basic
  • 18
  • 18-basic
  • 24
  • 24-basic
  • 36
  • 36-basic
  • 48
  • 48-basic
  • 54
  • 54-basic
  • 11
  • 11-basic
Allowed data rates for 802.11a.
rates-11ac-ss12
list / elements=string
    Choices:
  • mcs0/1
  • mcs1/1
  • mcs2/1
  • mcs3/1
  • mcs4/1
  • mcs5/1
  • mcs6/1
  • mcs7/1
  • mcs8/1
  • mcs9/1
  • mcs0/2
  • mcs1/2
  • mcs2/2
  • mcs3/2
  • mcs4/2
  • mcs5/2
  • mcs6/2
  • mcs7/2
  • mcs8/2
  • mcs9/2
  • mcs10/1
  • mcs11/1
  • mcs10/2
  • mcs11/2
Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams.
rates-11ac-ss34
list / elements=string
    Choices:
  • mcs0/3
  • mcs1/3
  • mcs2/3
  • mcs3/3
  • mcs4/3
  • mcs5/3
  • mcs6/3
  • mcs7/3
  • mcs8/3
  • mcs9/3
  • mcs0/4
  • mcs1/4
  • mcs2/4
  • mcs3/4
  • mcs4/4
  • mcs5/4
  • mcs6/4
  • mcs7/4
  • mcs8/4
  • mcs9/4
  • mcs10/3
  • mcs11/3
  • mcs10/4
  • mcs11/4
Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams.
rates-11bg
list / elements=string
    Choices:
  • 1
  • 1-basic
  • 2
  • 2-basic
  • 5.5
  • 5.5-basic
  • 6
  • 6-basic
  • 9
  • 9-basic
  • 12
  • 12-basic
  • 18
  • 18-basic
  • 24
  • 24-basic
  • 36
  • 36-basic
  • 48
  • 48-basic
  • 54
  • 54-basic
  • 11
  • 11-basic
Allowed data rates for 802.11b/g.
rates-11n-ss12
list / elements=string
    Choices:
  • mcs0/1
  • mcs1/1
  • mcs2/1
  • mcs3/1
  • mcs4/1
  • mcs5/1
  • mcs6/1
  • mcs7/1
  • mcs8/2
  • mcs9/2
  • mcs10/2
  • mcs11/2
  • mcs12/2
  • mcs13/2
  • mcs14/2
  • mcs15/2
Allowed data rates for 802.11n with 1 or 2 spatial streams.
rates-11n-ss34
list / elements=string
    Choices:
  • mcs16/3
  • mcs17/3
  • mcs18/3
  • mcs19/3
  • mcs20/3
  • mcs21/3
  • mcs22/3
  • mcs23/3
  • mcs24/4
  • mcs25/4
  • mcs26/4
  • mcs27/4
  • mcs28/4
  • mcs29/4
  • mcs30/4
  • mcs31/4
Allowed data rates for 802.11n with 3 or 4 spatial streams.
sae-groups
list / elements=string
    Choices:
  • 1
  • 2
  • 5
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 27
  • 28
  • 29
  • 30
  • 31
SAE-Groups.
sae-password
string
WPA3 SAE password to be used to authenticate WiFi users.
schedule
string
Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules i...
secondary-wag-profile
string
Secondary wireless access gateway profile name.
security
string
    Choices:
  • None
  • WEP64
  • wep64
  • WEP128
  • wep128
  • WPA_PSK
  • WPA_RADIUS
  • WPA
  • WPA2
  • WPA2_AUTO
  • open
  • wpa-personal
  • wpa-enterprise
  • captive-portal
  • wpa-only-personal
  • wpa-only-enterprise
  • wpa2-only-personal
  • wpa2-only-enterprise
  • wpa-personal+captive-portal
  • wpa-only-personal+captive-portal
  • wpa2-only-personal+captive-portal
  • osen
  • wpa3-enterprise
  • sae
  • sae-transition
  • owe
  • wpa3-sae
  • wpa3-sae-transition
  • wpa3-only-enterprise
  • wpa3-enterprise-transition
Security mode for the wireless interface (default = wpa2-only-personal).
security-exempt-list
string
Optional security exempt list for captive portal authentication.
security-obsolete-option
string
    Choices:
  • disable
  • enable
Enable/disable obsolete security options.
security-redirect-url
string
Optional URL for redirecting users after they pass captive portal authentication.
selected-usergroups
string
Selective user groups that are permitted to authenticate.
split-tunneling
string
    Choices:
  • disable
  • enable
Enable/disable split tunneling (default = disable).
ssid
string
IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must ...
sticky-client-remove
string
    Choices:
  • disable
  • enable
Sticky-Client-Remove.
sticky-client-threshold-2g
string
Sticky-Client-Threshold-2G.
sticky-client-threshold-5g
string
Sticky-Client-Threshold-5G.
target-wake-time
string
    Choices:
  • disable
  • enable
Enable/disable 802.11ax target wake time (default = enable).
tkip-counter-measure
string
    Choices:
  • disable
  • enable
Enable/disable TKIP counter measure.
tunnel-echo-interval
integer
The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
tunnel-fallback-interval
integer
The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
usergroup
string
Firewall user group to be used to authenticate WiFi users.
utm-profile
string
UTM profile name.
vdom
string
Vdom.
vlan-auto
string
    Choices:
  • disable
  • enable
Enable/disable automatic management of SSID VLAN interface.
vlan-pooling
string
    Choices:
  • wtp-group
  • round-robin
  • hash
  • disable
Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disabl...
vlanid
integer
Optional VLAN ID.
voice-enterprise
string
    Choices:
  • disable
  • enable
Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable).
eap-reauth
string
    Choices:
  • disable
  • enable
Enable/disable EAP re-authentication for WPA-Enterprise security.
eap-reauth-intv
integer
EAP re-authentication interval (1800 - 864000 sec, default = 86400).
eapol-key-retries
string
    Choices:
  • disable
  • enable
Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable).
encrypt
string
    Choices:
  • TKIP
  • AES
  • TKIP-AES
Encryption protocol to use (only available when security is set to a WPA type).
external-fast-roaming
string
    Choices:
  • disable
  • enable
Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable).
external-logout
string
URL of external authentication logout server.
external-web
string
URL of external authentication web server.
external-web-format
string
    Choices:
  • auto-detect
  • no-query-string
  • partial-query-string
URL query parameter detection (default = auto-detect).
fast-bss-transition
string
    Choices:
  • disable
  • enable
Enable/disable 802.11r Fast BSS Transition (FT) (default = disable).
fast-roaming
string
    Choices:
  • disable
  • enable
Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable).
ft-mobility-domain
integer
Mobility domain identifier in FT (1 - 65535, default = 1000).
ft-over-ds
string
    Choices:
  • disable
  • enable
Enable/disable FT over the Distribution System (DS).
ft-r0-key-lifetime
integer
Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
gas-comeback-delay
integer
GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
gas-fragmentation-limit
integer
GAS fragmentation limit (512 - 4096, default = 1024).
gtk-rekey
string
    Choices:
  • disable
  • enable
Enable/disable GTK rekey for WPA security.
gtk-rekey-intv
integer
GTK rekey interval (1800 - 864000 sec, default = 86400).
high-efficiency
string
    Choices:
  • disable
  • enable
Enable/disable 802.11ax high efficiency (default = enable).
hotspot20-profile
string
Hotspot 2.0 profile name.
igmp-snooping
string
    Choices:
  • disable
  • enable
Enable/disable IGMP snooping.
intra-vap-privacy
string
    Choices:
  • disable
  • enable
Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable).
ip
string
IP address and subnet mask for the local standalone NAT subnet.
ipv6-rules
list / elements=string
    Choices:
  • drop-icmp6ra
  • drop-icmp6rs
  • drop-llmnr6
  • drop-icmp6mld2
  • drop-dhcp6s
  • drop-dhcp6c
  • ndp-proxy
  • drop-ns-dad
  • drop-ns-nondad
Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network.
key
string
WEP Key.
keyindex
integer
WEP key index (1 - 4).
ldpc
string
    Choices:
  • disable
  • tx
  • rx
  • rxtx
VAP low-density parity-check (LDPC) coding configuration.
local-authentication
string
    Choices:
  • disable
  • enable
Enable/disable AP local authentication.
local-bridging
string
    Choices:
  • disable
  • enable
Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable).
local-lan
string
    Choices:
  • deny
  • allow
Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow).
local-standalone
string
    Choices:
  • disable
  • enable
Enable/disable AP local standalone (default = disable).
local-standalone-nat
string
    Choices:
  • disable
  • enable
Enable/disable AP local standalone NAT mode.
mac-auth-bypass
string
    Choices:
  • disable
  • enable
Enable/disable MAC authentication bypass.
mac-called-station-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC called station delimiter (default = hyphen).
mac-calling-station-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC calling station delimiter (default = hyphen).
mac-case
string
    Choices:
  • uppercase
  • lowercase
MAC case (default = uppercase).
mac-filter
string
    Choices:
  • disable
  • enable
Enable/disable MAC filtering to block wireless clients by mac address.
mac-filter-list
list / elements=string
Mac-Filter-List.
id
integer
ID.
mac
string
MAC address.
mac-filter-policy
string
    Choices:
  • deny
  • allow
Deny or allow the client with this MAC address.
mac-filter-policy-other
string
    Choices:
  • deny
  • allow
Allow or block clients with MAC addresses that are not in the filter list.
mac-password-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC authentication password delimiter (default = hyphen).
mac-username-delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC authentication username delimiter (default = hyphen).
max-clients
integer
Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
max-clients-ap
integer
Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
mbo
string
    Choices:
  • disable
  • enable
Enable/disable Multiband Operation (default = disable).
mbo-cell-data-conn-pref
string
    Choices:
  • excluded
  • prefer-not
  • prefer-use
MBO cell data connection preference (0, 1, or 255, default = 1).
me-disable-thresh
integer
Disable multicast enhancement when this many clients are receiving multicast traffic.
mesh-backhaul
string
    Choices:
  • disable
  • enable
Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set t...
mpsk
string
    Choices:
  • disable
  • enable
Enable/disable multiple pre-shared keys (PSKs.)
mpsk-concurrent-clients
integer
Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
mpsk-key
list / elements=string
Mpsk-Key.
comment
string
Comment.
concurrent-clients
string
Number of clients that can connect using this pre-shared key.
key-name
string
Pre-shared key name.
mpsk-schedules
string
Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
passphrase
string
WPA Pre-shared key.
mpsk-profile
string
MPSK profile name.
mu-mimo
string
    Choices:
  • disable
  • enable
Enable/disable Multi-user MIMO (default = enable).
multicast-enhance
string
    Choices:
  • disable
  • enable
Enable/disable converting multicast to unicast to improve performance (default = disable).
multicast-rate
string
    Choices:
  • 0
  • 6000
  • 12000
  • 24000
Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0).
nac
string
    Choices:
  • disable
  • enable
Enable/disable network access control.
nac-profile
string
NAC profile name.
name
string
Virtual AP name.
neighbor-report-dual-band
string
    Choices:
  • disable
  • enable
Enable/disable dual-band neighbor report (default = disable).
okc
string
    Choices:
  • disable
  • enable
Enable/disable Opportunistic Key Caching (OKC) (default = enable).
owe-groups
list / elements=string
    Choices:
  • 19
  • 20
  • 21
OWE-Groups.
owe-transition
string
    Choices:
  • disable
  • enable
Enable/disable OWE transition mode support.
owe-transition-ssid
string
OWE transition mode peer SSID.
passphrase
string
WPA pre-shared key (PSK) to be used to authenticate WiFi users.
pmf
string
    Choices:
  • disable
  • enable
  • optional
Protected Management Frames (PMF) support (default = disable).
pmf-assoc-comeback-timeout
integer
Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
pmf-sa-query-retry-timeout
integer
Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
port-macauth
string
    Choices:
  • disable
  • radius
  • address-group
Enable/disable LAN port MAC authentication (default = disable).
port-macauth-reauth-timeout
integer
LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
port-macauth-timeout
integer
LAN port MAC authentication idle timeout value (default = 600 sec).
portal-message-override-group
string
Replacement message group for this VAP (only available when security is set to a captive portal type).
portal-message-overrides
dictionary
no description
auth-disclaimer-page
string
Override auth-disclaimer-page message with message from portal-message-overrides group.
auth-login-failed-page
string
Override auth-login-failed-page message with message from portal-message-overrides group.
auth-login-page
string
Override auth-login-page message with message from portal-message-overrides group.
auth-reject-page
string
Override auth-reject-page message with message from portal-message-overrides group.
portal-type
string
    Choices:
  • auth
  • auth+disclaimer
  • disclaimer
  • email-collect
  • cmcc
  • cmcc-macauth
  • auth-mac
  • external-auth
  • external-macauth
Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
primary-wag-profile
string
Primary wireless access gateway profile name.
probe-resp-suppression
string
    Choices:
  • disable
  • enable
Enable/disable probe response suppression (to ignore weak signals) (default = disable).
probe-resp-threshold
string
Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
ptk-rekey
string
    Choices:
  • disable
  • enable
Enable/disable PTK rekey for WPA-Enterprise security.
ptk-rekey-intv
integer
PTK rekey interval (1800 - 864000 sec, default = 86400).
qos-profile
string
Quality of service profile name.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable station quarantine (default = enable).
radio-2g-threshold
string
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
radio-5g-threshold
string
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
radio-sensitivity
string
    Choices:
  • disable
  • enable
Enable/disable software radio sensitivity (to ignore weak signals) (default = disable).
radius-mac-auth
string
    Choices:
  • disable
  • enable
Enable/disable RADIUS-based MAC authentication of clients (default = disable).
radius-mac-auth-server
string
RADIUS-based MAC authentication server.
radius-mac-auth-usergroups
string
Selective user groups that are permitted for RADIUS mac authentication.
radius-server
string
RADIUS server to be used to authenticate WiFi users.
rates-11a
list / elements=string
    Choices:
  • 1
  • 1-basic
  • 2
  • 2-basic
  • 5.5
  • 5.5-basic
  • 6
  • 6-basic
  • 9
  • 9-basic
  • 12
  • 12-basic
  • 18
  • 18-basic
  • 24
  • 24-basic
  • 36
  • 36-basic
  • 48
  • 48-basic
  • 54
  • 54-basic
  • 11
  • 11-basic
Allowed data rates for 802.11a.
rates-11ac-ss12
list / elements=string
    Choices:
  • mcs0/1
  • mcs1/1
  • mcs2/1
  • mcs3/1
  • mcs4/1
  • mcs5/1
  • mcs6/1
  • mcs7/1
  • mcs8/1
  • mcs9/1
  • mcs0/2
  • mcs1/2
  • mcs2/2
  • mcs3/2
  • mcs4/2
  • mcs5/2
  • mcs6/2
  • mcs7/2
  • mcs8/2
  • mcs9/2
  • mcs10/1
  • mcs11/1
  • mcs10/2
  • mcs11/2
Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams.
rates-11ac-ss34
list / elements=string
    Choices:
  • mcs0/3
  • mcs1/3
  • mcs2/3
  • mcs3/3
  • mcs4/3
  • mcs5/3
  • mcs6/3
  • mcs7/3
  • mcs8/3
  • mcs9/3
  • mcs0/4
  • mcs1/4
  • mcs2/4
  • mcs3/4
  • mcs4/4
  • mcs5/4
  • mcs6/4
  • mcs7/4
  • mcs8/4
  • mcs9/4
  • mcs10/3
  • mcs11/3
  • mcs10/4
  • mcs11/4
Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams.
rates-11bg
list / elements=string
    Choices:
  • 1
  • 1-basic
  • 2
  • 2-basic
  • 5.5
  • 5.5-basic
  • 6
  • 6-basic
  • 9
  • 9-basic
  • 12
  • 12-basic
  • 18
  • 18-basic
  • 24
  • 24-basic
  • 36
  • 36-basic
  • 48
  • 48-basic
  • 54
  • 54-basic
  • 11
  • 11-basic
Allowed data rates for 802.11b/g.
rates-11n-ss12
list / elements=string
    Choices:
  • mcs0/1
  • mcs1/1
  • mcs2/1
  • mcs3/1
  • mcs4/1
  • mcs5/1
  • mcs6/1
  • mcs7/1
  • mcs8/2
  • mcs9/2
  • mcs10/2
  • mcs11/2
  • mcs12/2
  • mcs13/2
  • mcs14/2
  • mcs15/2
Allowed data rates for 802.11n with 1 or 2 spatial streams.
rates-11n-ss34
list / elements=string
    Choices:
  • mcs16/3
  • mcs17/3
  • mcs18/3
  • mcs19/3
  • mcs20/3
  • mcs21/3
  • mcs22/3
  • mcs23/3
  • mcs24/4
  • mcs25/4
  • mcs26/4
  • mcs27/4
  • mcs28/4
  • mcs29/4
  • mcs30/4
  • mcs31/4
Allowed data rates for 802.11n with 3 or 4 spatial streams.
sae-groups
list / elements=string
    Choices:
  • 1
  • 2
  • 5
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 27
  • 28
  • 29
  • 30
  • 31
SAE-Groups.
sae-password
string
WPA3 SAE password to be used to authenticate WiFi users.
schedule
string
VAP schedule name.
secondary-wag-profile
string
Secondary wireless access gateway profile name.
security
string
    Choices:
  • None
  • WEP64
  • wep64
  • WEP128
  • wep128
  • WPA_PSK
  • WPA_RADIUS
  • WPA
  • WPA2
  • WPA2_AUTO
  • open
  • wpa-personal
  • wpa-enterprise
  • captive-portal
  • wpa-only-personal
  • wpa-only-enterprise
  • wpa2-only-personal
  • wpa2-only-enterprise
  • wpa-personal+captive-portal
  • wpa-only-personal+captive-portal
  • wpa2-only-personal+captive-portal
  • osen
  • wpa3-enterprise
  • sae
  • sae-transition
  • owe
  • wpa3-sae
  • wpa3-sae-transition
  • wpa3-only-enterprise
  • wpa3-enterprise-transition
Security mode for the wireless interface (default = wpa2-only-personal).
security-exempt-list
string
Optional security exempt list for captive portal authentication.
security-obsolete-option
string
    Choices:
  • disable
  • enable
Enable/disable obsolete security options.
security-redirect-url
string
Optional URL for redirecting users after they pass captive portal authentication.
selected-usergroups
string
Selective user groups that are permitted to authenticate.
split-tunneling
string
    Choices:
  • disable
  • enable
Enable/disable split tunneling (default = disable).
ssid
string
IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configur...
sticky-client-remove
string
    Choices:
  • disable
  • enable
Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable).
sticky-client-threshold-2g
string
Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
sticky-client-threshold-5g
string
Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
target-wake-time
string
    Choices:
  • disable
  • enable
Enable/disable 802.11ax target wake time (default = enable).
tkip-counter-measure
string
    Choices:
  • disable
  • enable
Enable/disable TKIP counter measure.
tunnel-echo-interval
integer
The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
tunnel-fallback-interval
integer
The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
usergroup
string
Firewall user group to be used to authenticate WiFi users.
utm-profile
string
UTM profile name.
vdom
string
Name of the VDOM that the Virtual AP has been added to.
vlan-auto
string
    Choices:
  • disable
  • enable
Enable/disable automatic management of SSID VLAN interface.
vlan-pool
list / elements=string
Vlan-Pool.
_wtp-group
string
_Wtp-Group.
id
integer
ID.
wtp-group
string
WTP group name.
vlan-pooling
string
    Choices:
  • wtp-group
  • round-robin
  • hash
  • disable
Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When...
vlanid
integer
Optional VLAN ID.
voice-enterprise
string
    Choices:
  • disable
  • enable
Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable).
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure Virtual Access Points
     fmgr_vap:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        vap:
           _centmgmt: <value in [disable, enable]>
           _dhcp_svr_id: <value of string>
           _intf_allowaccess:
             - https
             - ping
             - ssh
             - snmp
             - http
             - telnet
             - fgfm
             - auto-ipsec
             - radius-acct
             - probe-response
             - capwap
           _intf_device-identification: <value in [disable, enable]>
           _intf_device-netscan: <value in [disable, enable]>
           _intf_dhcp-relay-ip: <value of string>
           _intf_dhcp-relay-service: <value in [disable, enable]>
           _intf_dhcp-relay-type: <value in [regular, ipsec]>
           _intf_dhcp6-relay-ip: <value of string>
           _intf_dhcp6-relay-service: <value in [disable, enable]>
           _intf_dhcp6-relay-type: <value in [regular]>
           _intf_ip: <value of string>
           _intf_ip6-address: <value of string>
           _intf_ip6-allowaccess:
             - https
             - ping
             - ssh
             - snmp
             - http
             - telnet
             - any
             - fgfm
             - capwap
           _intf_listen-forticlient-connection: <value in [disable, enable]>
           acct-interim-interval: <value of integer>
           alias: <value of string>
           auth: <value in [PSK, psk, RADIUS, ...]>
           broadcast-ssid: <value in [disable, enable]>
           broadcast-suppression:
             - dhcp
             - arp
             - dhcp2
             - arp2
             - netbios-ns
             - netbios-ds
             - arp3
             - dhcp-up
             - dhcp-down
             - arp-known
             - arp-unknown
             - arp-reply
             - ipv6
             - dhcp-starvation
             - arp-poison
             - all-other-mc
             - all-other-bc
             - arp-proxy
             - dhcp-ucast
           captive-portal-ac-name: <value of string>
           captive-portal-macauth-radius-secret: <value of string>
           captive-portal-macauth-radius-server: <value of string>
           captive-portal-radius-secret: <value of string>
           captive-portal-radius-server: <value of string>
           captive-portal-session-timeout-interval: <value of integer>
           dhcp-lease-time: <value of integer>
           dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
           dhcp-option82-insertion: <value in [disable, enable]>
           dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
           dynamic-vlan: <value in [disable, enable]>
           dynamic_mapping:
             -
                 _centmgmt: <value in [disable, enable]>
                 _dhcp_svr_id: <value of string>
                 _intf_allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - fgfm
                   - auto-ipsec
                   - radius-acct
                   - probe-response
                   - capwap
                 _intf_device-identification: <value in [disable, enable]>
                 _intf_device-netscan: <value in [disable, enable]>
                 _intf_dhcp-relay-ip: <value of string>
                 _intf_dhcp-relay-service: <value in [disable, enable]>
                 _intf_dhcp-relay-type: <value in [regular, ipsec]>
                 _intf_dhcp6-relay-ip: <value of string>
                 _intf_dhcp6-relay-service: <value in [disable, enable]>
                 _intf_dhcp6-relay-type: <value in [regular]>
                 _intf_ip: <value of string>
                 _intf_ip6-address: <value of string>
                 _intf_ip6-allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - any
                   - fgfm
                   - capwap
                 _intf_listen-forticlient-connection: <value in [disable, enable]>
                 _scope:
                   -
                       name: <value of string>
                       vdom: <value of string>
                 acct-interim-interval: <value of integer>
                 address-group: <value of string>
                 alias: <value of string>
                 atf-weight: <value of integer>
                 auth: <value in [PSK, psk, RADIUS, ...]>
                 broadcast-ssid: <value in [disable, enable]>
                 broadcast-suppression:
                   - dhcp
                   - arp
                   - dhcp2
                   - arp2
                   - netbios-ns
                   - netbios-ds
                   - arp3
                   - dhcp-up
                   - dhcp-down
                   - arp-known
                   - arp-unknown
                   - arp-reply
                   - ipv6
                   - dhcp-starvation
                   - arp-poison
                   - all-other-mc
                   - all-other-bc
                   - arp-proxy
                   - dhcp-ucast
                 captive-portal-ac-name: <value of string>
                 captive-portal-macauth-radius-secret: <value of string>
                 captive-portal-macauth-radius-server: <value of string>
                 captive-portal-radius-secret: <value of string>
                 captive-portal-radius-server: <value of string>
                 captive-portal-session-timeout-interval: <value of integer>
                 client-count: <value of integer>
                 dhcp-lease-time: <value of integer>
                 dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
                 dhcp-option82-insertion: <value in [disable, enable]>
                 dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
                 dynamic-vlan: <value in [disable, enable]>
                 eap-reauth: <value in [disable, enable]>
                 eap-reauth-intv: <value of integer>
                 eapol-key-retries: <value in [disable, enable]>
                 encrypt: <value in [TKIP, AES, TKIP-AES]>
                 external-fast-roaming: <value in [disable, enable]>
                 external-logout: <value of string>
                 external-web: <value of string>
                 fast-bss-transition: <value in [disable, enable]>
                 fast-roaming: <value in [disable, enable]>
                 ft-mobility-domain: <value of integer>
                 ft-over-ds: <value in [disable, enable]>
                 ft-r0-key-lifetime: <value of integer>
                 gtk-rekey: <value in [disable, enable]>
                 gtk-rekey-intv: <value of integer>
                 hotspot20-profile: <value of string>
                 intra-vap-privacy: <value in [disable, enable]>
                 ip: <value of string>
                 key: <value of string>
                 keyindex: <value of integer>
                 ldpc: <value in [disable, tx, rx, ...]>
                 local-authentication: <value in [disable, enable]>
                 local-bridging: <value in [disable, enable]>
                 local-lan: <value in [deny, allow]>
                 local-standalone: <value in [disable, enable]>
                 local-standalone-nat: <value in [disable, enable]>
                 local-switching: <value in [disable, enable]>
                 mac-auth-bypass: <value in [disable, enable]>
                 mac-filter: <value in [disable, enable]>
                 mac-filter-policy-other: <value in [deny, allow]>
                 max-clients: <value of integer>
                 max-clients-ap: <value of integer>
                 me-disable-thresh: <value of integer>
                 mesh-backhaul: <value in [disable, enable]>
                 mpsk: <value in [disable, enable]>
                 mpsk-concurrent-clients: <value of integer>
                 multicast-enhance: <value in [disable, enable]>
                 multicast-rate: <value in [0, 6000, 12000, ...]>
                 okc: <value in [disable, enable]>
                 owe-groups:
                   - 19
                   - 20
                   - 21
                 owe-transition: <value in [disable, enable]>
                 owe-transition-ssid: <value of string>
                 passphrase: <value of string>
                 pmf: <value in [disable, enable, optional]>
                 pmf-assoc-comeback-timeout: <value of integer>
                 pmf-sa-query-retry-timeout: <value of integer>
                 portal-message-override-group: <value of string>
                 portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
                 probe-resp-suppression: <value in [disable, enable]>
                 probe-resp-threshold: <value of string>
                 ptk-rekey: <value in [disable, enable]>
                 ptk-rekey-intv: <value of integer>
                 qos-profile: <value of string>
                 quarantine: <value in [disable, enable]>
                 radio-2g-threshold: <value of string>
                 radio-5g-threshold: <value of string>
                 radio-sensitivity: <value in [disable, enable]>
                 radius-mac-auth: <value in [disable, enable]>
                 radius-mac-auth-server: <value of string>
                 radius-mac-auth-usergroups: <value of string>
                 radius-server: <value of string>
                 rates-11a:
                   - 1
                   - 1-basic
                   - 2
                   - 2-basic
                   - 5.5
                   - 5.5-basic
                   - 6
                   - 6-basic
                   - 9
                   - 9-basic
                   - 12
                   - 12-basic
                   - 18
                   - 18-basic
                   - 24
                   - 24-basic
                   - 36
                   - 36-basic
                   - 48
                   - 48-basic
                   - 54
                   - 54-basic
                   - 11
                   - 11-basic
                 rates-11ac-ss12:
                   - mcs0/1
                   - mcs1/1
                   - mcs2/1
                   - mcs3/1
                   - mcs4/1
                   - mcs5/1
                   - mcs6/1
                   - mcs7/1
                   - mcs8/1
                   - mcs9/1
                   - mcs0/2
                   - mcs1/2
                   - mcs2/2
                   - mcs3/2
                   - mcs4/2
                   - mcs5/2
                   - mcs6/2
                   - mcs7/2
                   - mcs8/2
                   - mcs9/2
                   - mcs10/1
                   - mcs11/1
                   - mcs10/2
                   - mcs11/2
                 rates-11ac-ss34:
                   - mcs0/3
                   - mcs1/3
                   - mcs2/3
                   - mcs3/3
                   - mcs4/3
                   - mcs5/3
                   - mcs6/3
                   - mcs7/3
                   - mcs8/3
                   - mcs9/3
                   - mcs0/4
                   - mcs1/4
                   - mcs2/4
                   - mcs3/4
                   - mcs4/4
                   - mcs5/4
                   - mcs6/4
                   - mcs7/4
                   - mcs8/4
                   - mcs9/4
                   - mcs10/3
                   - mcs11/3
                   - mcs10/4
                   - mcs11/4
                 rates-11bg:
                   - 1
                   - 1-basic
                   - 2
                   - 2-basic
                   - 5.5
                   - 5.5-basic
                   - 6
                   - 6-basic
                   - 9
                   - 9-basic
                   - 12
                   - 12-basic
                   - 18
                   - 18-basic
                   - 24
                   - 24-basic
                   - 36
                   - 36-basic
                   - 48
                   - 48-basic
                   - 54
                   - 54-basic
                   - 11
                   - 11-basic
                 rates-11n-ss12:
                   - mcs0/1
                   - mcs1/1
                   - mcs2/1
                   - mcs3/1
                   - mcs4/1
                   - mcs5/1
                   - mcs6/1
                   - mcs7/1
                   - mcs8/2
                   - mcs9/2
                   - mcs10/2
                   - mcs11/2
                   - mcs12/2
                   - mcs13/2
                   - mcs14/2
                   - mcs15/2
                 rates-11n-ss34:
                   - mcs16/3
                   - mcs17/3
                   - mcs18/3
                   - mcs19/3
                   - mcs20/3
                   - mcs21/3
                   - mcs22/3
                   - mcs23/3
                   - mcs24/4
                   - mcs25/4
                   - mcs26/4
                   - mcs27/4
                   - mcs28/4
                   - mcs29/4
                   - mcs30/4
                   - mcs31/4
                 sae-groups:
                   - 1
                   - 2
                   - 5
                   - 14
                   - 15
                   - 16
                   - 17
                   - 18
                   - 19
                   - 20
                   - 21
                   - 27
                   - 28
                   - 29
                   - 30
                   - 31
                 sae-password: <value of string>
                 schedule: <value of string>
                 security: <value in [None, WEP64, wep64, ...]>
                 security-exempt-list: <value of string>
                 security-obsolete-option: <value in [disable, enable]>
                 security-redirect-url: <value of string>
                 selected-usergroups: <value of string>
                 split-tunneling: <value in [disable, enable]>
                 ssid: <value of string>
                 tkip-counter-measure: <value in [disable, enable]>
                 usergroup: <value of string>
                 utm-profile: <value of string>
                 vdom: <value of string>
                 vlan-auto: <value in [disable, enable]>
                 vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
                 vlanid: <value of integer>
                 voice-enterprise: <value in [disable, enable]>
                 mu-mimo: <value in [disable, enable]>
                 _intf_device-access-list: <value of string>
                 external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
                 high-efficiency: <value in [disable, enable]>
                 primary-wag-profile: <value of string>
                 secondary-wag-profile: <value of string>
                 target-wake-time: <value in [disable, enable]>
                 tunnel-echo-interval: <value of integer>
                 tunnel-fallback-interval: <value of integer>
                 access-control-list: <value of string>
                 captive-portal-auth-timeout: <value of integer>
                 ipv6-rules:
                   - drop-icmp6ra
                   - drop-icmp6rs
                   - drop-llmnr6
                   - drop-icmp6mld2
                   - drop-dhcp6s
                   - drop-dhcp6c
                   - ndp-proxy
                   - drop-ns-dad
                   - drop-ns-nondad
                 sticky-client-remove: <value in [disable, enable]>
                 sticky-client-threshold-2g: <value of string>
                 sticky-client-threshold-5g: <value of string>
                 bss-color-partial: <value in [disable, enable]>
                 dhcp-option43-insertion: <value in [disable, enable]>
                 mpsk-profile: <value of string>
                 igmp-snooping: <value in [disable, enable]>
                 port-macauth: <value in [disable, radius, address-group]>
                 port-macauth-reauth-timeout: <value of integer>
                 port-macauth-timeout: <value of integer>
                 additional-akms:
                   - akm6
                 bstm-disassociation-imminent: <value in [disable, enable]>
                 bstm-load-balancing-disassoc-timer: <value of integer>
                 bstm-rssi-disassoc-timer: <value of integer>
                 dhcp-address-enforcement: <value in [disable, enable]>
                 gas-comeback-delay: <value of integer>
                 gas-fragmentation-limit: <value of integer>
                 mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mac-case: <value in [uppercase, lowercase]>
                 mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mbo: <value in [disable, enable]>
                 mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
                 nac: <value in [disable, enable]>
                 nac-profile: <value of string>
                 neighbor-report-dual-band: <value in [disable, enable]>
           eap-reauth: <value in [disable, enable]>
           eap-reauth-intv: <value of integer>
           eapol-key-retries: <value in [disable, enable]>
           encrypt: <value in [TKIP, AES, TKIP-AES]>
           external-fast-roaming: <value in [disable, enable]>
           external-logout: <value of string>
           external-web: <value of string>
           fast-bss-transition: <value in [disable, enable]>
           fast-roaming: <value in [disable, enable]>
           ft-mobility-domain: <value of integer>
           ft-over-ds: <value in [disable, enable]>
           ft-r0-key-lifetime: <value of integer>
           gtk-rekey: <value in [disable, enable]>
           gtk-rekey-intv: <value of integer>
           hotspot20-profile: <value of string>
           intra-vap-privacy: <value in [disable, enable]>
           ip: <value of string>
           key: <value of string>
           keyindex: <value of integer>
           ldpc: <value in [disable, tx, rx, ...]>
           local-authentication: <value in [disable, enable]>
           local-bridging: <value in [disable, enable]>
           local-lan: <value in [deny, allow]>
           local-standalone: <value in [disable, enable]>
           local-standalone-nat: <value in [disable, enable]>
           mac-auth-bypass: <value in [disable, enable]>
           mac-filter: <value in [disable, enable]>
           mac-filter-list:
             -
                 id: <value of integer>
                 mac: <value of string>
                 mac-filter-policy: <value in [deny, allow]>
           mac-filter-policy-other: <value in [deny, allow]>
           max-clients: <value of integer>
           max-clients-ap: <value of integer>
           me-disable-thresh: <value of integer>
           mesh-backhaul: <value in [disable, enable]>
           mpsk: <value in [disable, enable]>
           mpsk-concurrent-clients: <value of integer>
           mpsk-key:
             -
                 comment: <value of string>
                 concurrent-clients: <value of string>
                 key-name: <value of string>
                 passphrase: <value of string>
                 mpsk-schedules: <value of string>
           multicast-enhance: <value in [disable, enable]>
           multicast-rate: <value in [0, 6000, 12000, ...]>
           name: <value of string>
           okc: <value in [disable, enable]>
           passphrase: <value of string>
           pmf: <value in [disable, enable, optional]>
           pmf-assoc-comeback-timeout: <value of integer>
           pmf-sa-query-retry-timeout: <value of integer>
           portal-message-override-group: <value of string>
           portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
           probe-resp-suppression: <value in [disable, enable]>
           probe-resp-threshold: <value of string>
           ptk-rekey: <value in [disable, enable]>
           ptk-rekey-intv: <value of integer>
           qos-profile: <value of string>
           quarantine: <value in [disable, enable]>
           radio-2g-threshold: <value of string>
           radio-5g-threshold: <value of string>
           radio-sensitivity: <value in [disable, enable]>
           radius-mac-auth: <value in [disable, enable]>
           radius-mac-auth-server: <value of string>
           radius-mac-auth-usergroups: <value of string>
           radius-server: <value of string>
           rates-11a:
             - 1
             - 1-basic
             - 2
             - 2-basic
             - 5.5
             - 5.5-basic
             - 6
             - 6-basic
             - 9
             - 9-basic
             - 12
             - 12-basic
             - 18
             - 18-basic
             - 24
             - 24-basic
             - 36
             - 36-basic
             - 48
             - 48-basic
             - 54
             - 54-basic
             - 11
             - 11-basic
           rates-11ac-ss12:
             - mcs0/1
             - mcs1/1
             - mcs2/1
             - mcs3/1
             - mcs4/1
             - mcs5/1
             - mcs6/1
             - mcs7/1
             - mcs8/1
             - mcs9/1
             - mcs0/2
             - mcs1/2
             - mcs2/2
             - mcs3/2
             - mcs4/2
             - mcs5/2
             - mcs6/2
             - mcs7/2
             - mcs8/2
             - mcs9/2
             - mcs10/1
             - mcs11/1
             - mcs10/2
             - mcs11/2
           rates-11ac-ss34:
             - mcs0/3
             - mcs1/3
             - mcs2/3
             - mcs3/3
             - mcs4/3
             - mcs5/3
             - mcs6/3
             - mcs7/3
             - mcs8/3
             - mcs9/3
             - mcs0/4
             - mcs1/4
             - mcs2/4
             - mcs3/4
             - mcs4/4
             - mcs5/4
             - mcs6/4
             - mcs7/4
             - mcs8/4
             - mcs9/4
             - mcs10/3
             - mcs11/3
             - mcs10/4
             - mcs11/4
           rates-11bg:
             - 1
             - 1-basic
             - 2
             - 2-basic
             - 5.5
             - 5.5-basic
             - 6
             - 6-basic
             - 9
             - 9-basic
             - 12
             - 12-basic
             - 18
             - 18-basic
             - 24
             - 24-basic
             - 36
             - 36-basic
             - 48
             - 48-basic
             - 54
             - 54-basic
             - 11
             - 11-basic
           rates-11n-ss12:
             - mcs0/1
             - mcs1/1
             - mcs2/1
             - mcs3/1
             - mcs4/1
             - mcs5/1
             - mcs6/1
             - mcs7/1
             - mcs8/2
             - mcs9/2
             - mcs10/2
             - mcs11/2
             - mcs12/2
             - mcs13/2
             - mcs14/2
             - mcs15/2
           rates-11n-ss34:
             - mcs16/3
             - mcs17/3
             - mcs18/3
             - mcs19/3
             - mcs20/3
             - mcs21/3
             - mcs22/3
             - mcs23/3
             - mcs24/4
             - mcs25/4
             - mcs26/4
             - mcs27/4
             - mcs28/4
             - mcs29/4
             - mcs30/4
             - mcs31/4
           schedule: <value of string>
           security: <value in [None, WEP64, wep64, ...]>
           security-exempt-list: <value of string>
           security-obsolete-option: <value in [disable, enable]>
           security-redirect-url: <value of string>
           selected-usergroups: <value of string>
           split-tunneling: <value in [disable, enable]>
           ssid: <value of string>
           tkip-counter-measure: <value in [disable, enable]>
           usergroup: <value of string>
           utm-profile: <value of string>
           vdom: <value of string>
           vlan-auto: <value in [disable, enable]>
           vlan-pool:
             -
                 _wtp-group: <value of string>
                 id: <value of integer>
                 wtp-group: <value of string>
           vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
           vlanid: <value of integer>
           voice-enterprise: <value in [disable, enable]>
           address-group: <value of string>
           atf-weight: <value of integer>
           mu-mimo: <value in [disable, enable]>
           owe-groups:
             - 19
             - 20
             - 21
           owe-transition: <value in [disable, enable]>
           owe-transition-ssid: <value of string>
           sae-groups:
             - 1
             - 2
             - 5
             - 14
             - 15
             - 16
             - 17
             - 18
             - 19
             - 20
             - 21
             - 27
             - 28
             - 29
             - 30
             - 31
           sae-password: <value of string>
           _intf_device-access-list: <value of string>
           external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
           high-efficiency: <value in [disable, enable]>
           primary-wag-profile: <value of string>
           secondary-wag-profile: <value of string>
           target-wake-time: <value in [disable, enable]>
           tunnel-echo-interval: <value of integer>
           tunnel-fallback-interval: <value of integer>
           access-control-list: <value of string>
           captive-portal-auth-timeout: <value of integer>
           ipv6-rules:
             - drop-icmp6ra
             - drop-icmp6rs
             - drop-llmnr6
             - drop-icmp6mld2
             - drop-dhcp6s
             - drop-dhcp6c
             - ndp-proxy
             - drop-ns-dad
             - drop-ns-nondad
           sticky-client-remove: <value in [disable, enable]>
           sticky-client-threshold-2g: <value of string>
           sticky-client-threshold-5g: <value of string>
           bss-color-partial: <value in [disable, enable]>
           dhcp-option43-insertion: <value in [disable, enable]>
           mpsk-profile: <value of string>
           igmp-snooping: <value in [disable, enable]>
           port-macauth: <value in [disable, radius, address-group]>
           port-macauth-reauth-timeout: <value of integer>
           port-macauth-timeout: <value of integer>
           portal-message-overrides:
              auth-disclaimer-page: <value of string>
              auth-login-failed-page: <value of string>
              auth-login-page: <value of string>
              auth-reject-page: <value of string>
           additional-akms:
             - akm6
           bstm-disassociation-imminent: <value in [disable, enable]>
           bstm-load-balancing-disassoc-timer: <value of integer>
           bstm-rssi-disassoc-timer: <value of integer>
           dhcp-address-enforcement: <value in [disable, enable]>
           gas-comeback-delay: <value of integer>
           gas-fragmentation-limit: <value of integer>
           mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mac-case: <value in [uppercase, lowercase]>
           mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mbo: <value in [disable, enable]>
           mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
           nac: <value in [disable, enable]>
           nac-profile: <value of string>
           neighbor-report-dual-band: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)