fortinet.fortios.fortios_switch_controller_managed_switch – Configure FortiSwitch devices that are managed by this FortiGate in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_switch_controller_managed_switch.

New in version 2.10: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and managed_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter Choices/Defaults Comments
access_token
string
Token-based authentication. Generated from GUI of Fortigate.
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task.
state
string / required
    Choices:
  • present
  • absent
Indicates whether to create or remove the object.
switch_controller_managed_switch
dictionary
Configure FortiSwitch devices that are managed by this FortiGate.
access_profile
string
FortiSwitch access profile. Source switch-controller.security-policy.local-access.name.
custom_command
list / elements=string
Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.
command_entry
string
List of FortiSwitch commands.
command_name
string
Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name.
delayed_restart_trigger
integer
Delayed restart triggered for this FortiSwitch.
description
string
Description.
directly_connected
integer
Directly connected FortiSwitch.
dynamic_capability
integer
List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device.
dynamically_discovered
integer
Dynamically discovered FortiSwitch.
firmware_provision
string
    Choices:
  • enable
  • disable
Enable/disable provisioning of firmware to FortiSwitches on join connection.
firmware_provision_version
string
Firmware version to provision to this FortiSwitch on bootup (major.minor.build, i.e. 6.2.1234).
flow_identity
string
Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF ).
fsw_wan1_admin
string
    Choices:
  • discovered
  • disable
  • enable
FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch.
fsw_wan1_peer
string
Fortiswitch WAN1 peer port. Source system.interface.name.
fsw_wan2_admin
string
    Choices:
  • discovered
  • disable
  • enable
FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch.
fsw_wan2_peer
string
FortiSwitch WAN2 peer port.
igmp_snooping
dictionary
Configure FortiSwitch IGMP snooping global settings.
aging_time
integer
Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec).
flood_unknown_multicast
string
    Choices:
  • enable
  • disable
Enable/disable unknown multicast flooding.
local_override
string
    Choices:
  • enable
  • disable
Enable/disable overriding the global IGMP snooping configuration.
ip_source_guard
list / elements=string
IP source guard.
binding_entry
list / elements=string
IP and MAC address configuration.
entry_name
string
Configure binding pair.
ip
string
Source IP for this rule.
mac
string
MAC address for this rule.
description
string
Description.
port
string / required
Ingress interface to which source guard is bound.
l3_discovered
integer
Layer 3 management discovered.
max_allowed_trunk_members
integer
FortiSwitch maximum allowed trunk members.
mclag_igmp_snooping_aware
string
    Choices:
  • enable
  • disable
Enable/disable MCLAG IGMP-snooping awareness.
mirror
list / elements=string
Configuration method to edit FortiSwitch packet mirror.
dst
string
Destination port.
name
string / required
Mirror name.
src_egress
list / elements=string
Source egress interfaces.
name
string / required
Interface name.
src_ingress
list / elements=string
Source ingress interfaces.
name
string / required
Interface name.
status
string
    Choices:
  • active
  • inactive
Active/inactive mirror configuration.
switching_packet
string
    Choices:
  • enable
  • disable
Enable/disable switching functionality when mirroring.
name
string
Managed-switch name.
override_snmp_community
string
    Choices:
  • enable
  • disable
Enable/disable overriding the global SNMP communities.
override_snmp_sysinfo
string
    Choices:
  • disable
  • enable
Enable/disable overriding the global SNMP system information.
override_snmp_trap_threshold
string
    Choices:
  • enable
  • disable
Enable/disable overriding the global SNMP trap threshold values.
override_snmp_user
string
    Choices:
  • enable
  • disable
Enable/disable overriding the global SNMP users.
owner_vdom
string
VDOM which owner of port belongs to.
poe_detection_type
integer
PoE detection type for FortiSwitch.
poe_lldp_detection
string
    Choices:
  • enable
  • disable
Enable/disable PoE LLDP detection.
poe_pre_standard_detection
string
    Choices:
  • enable
  • disable
Enable/disable PoE pre-standard detection.
ports
list / elements=string
Managed-switch port list.
access_mode
string
    Choices:
  • normal
  • nac
  • dynamic
  • static
Access mode of the port.
aggregator_mode
string
    Choices:
  • bandwidth
  • count
LACP member select mode.
allowed_vlans
list / elements=string
Configure switch port tagged vlans
vlan_name
string
VLAN name. Source system.interface.name.
allowed_vlans_all
string
    Choices:
  • enable
  • disable
Enable/disable all defined vlans on this port.
arp_inspection_trust
string
    Choices:
  • untrusted
  • trusted
Trusted or untrusted dynamic ARP inspection.
bundle
string
    Choices:
  • enable
  • disable
Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces.
description
string
Description for port.
dhcp_snoop_option82_trust
string
    Choices:
  • enable
  • disable
Enable/disable allowance of DHCP with option-82 on untrusted interface.
dhcp_snooping
string
    Choices:
  • untrusted
  • trusted
Trusted or untrusted DHCP-snooping interface.
discard_mode
string
    Choices:
  • none
  • all-untagged
  • all-tagged
Configure discard mode for port.
edge_port
string
    Choices:
  • enable
  • disable
Enable/disable this interface as an edge port, bridging connections between workstations and/or computers.
export_tags
list / elements=string
Switch controller export tag name.
tag_name
string
Switch tag name. Source switch-controller.switch-interface-tag.name.
export_to
string
Export managed-switch port to a tenant VDOM. Source system.vdom.name.
export_to_pool
string
Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name.
export_to_pool_flag
integer
Switch controller export port to pool-list.
fec_capable
integer
FEC capable.
fec_state
string
    Choices:
  • disabled
  • cl74
  • cl91
State of forward error correction.
fgt_peer_device_name
string
FGT peer device name.
fgt_peer_port_name
string
FGT peer port name.
fiber_port
integer
Fiber-port.
flags
integer
Port properties flags.
flow_control
string
    Choices:
  • disable
  • tx
  • rx
  • both
Flow control direction.
fortilink_port
integer
FortiLink uplink port.
igmp_snooping
string
    Choices:
  • enable
  • disable
Set IGMP snooping mode for the physical port interface.
igmps_flood_reports
string
    Choices:
  • enable
  • disable
Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled.
igmps_flood_traffic
string
    Choices:
  • enable
  • disable
Enable/disable flooding of IGMP snooping traffic to this interface.
ip_source_guard
string
    Choices:
  • disable
  • enable
Enable/disable IP source guard.
isl_local_trunk_name
string
ISL local trunk name.
isl_peer_device_name
string
ISL peer device name.
isl_peer_port_name
string
ISL peer port name.
lacp_speed
string
    Choices:
  • slow
  • fast
end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast).
learning_limit
integer
Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default).
lldp_profile
string
LLDP port TLV profile. Source switch-controller.lldp-profile.name.
lldp_status
string
    Choices:
  • disable
  • rx-only
  • tx-only
  • tx-rx
LLDP transmit and receive status.
loop_guard
string
    Choices:
  • enabled
  • disabled
Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops.
loop_guard_timeout
integer
Loop-guard timeout (0 - 120 min).
mac_addr
string
Port/Trunk MAC.
matched_dpp_intf_tags
string
Matched interface tags in the dynamic port policy.
matched_dpp_policy
string
Matched child policy in the dynamic port policy.
max_bundle
integer
Maximum size of LAG bundle (1 - 24)
mclag
string
    Choices:
  • enable
  • disable
Enable/disable multi-chassis link aggregation (MCLAG).
mclag_icl_port
integer
MCLAG-ICL port.
media_type
string
Media type.
member_withdrawal_behavior
string
    Choices:
  • forward
  • block
Port behavior after it withdraws because of loss of control packets.
members
list / elements=string
Aggregated LAG bundle interfaces.
member_name
string
Interface name from available options.
min_bundle
integer
Minimum size of LAG bundle (1 - 24)
mode
string
    Choices:
  • static
  • lacp-passive
  • lacp-active
LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively.
p2p_port
integer
General peer to peer tunnel port.
packet_sample_rate
integer
Packet sampling rate (0 - 99999 p/sec).
packet_sampler
string
    Choices:
  • enabled
  • disabled
Enable/disable packet sampling on this interface.
pause_meter
integer
Configure ingress pause metering rate, in kbps .
pause_meter_resume
string
    Choices:
  • 75%
  • 50%
  • 25%
Resume threshold for resuming traffic on ingress port.
poe_capable
integer
PoE capable.
poe_pre_standard_detection
string
    Choices:
  • enable
  • disable
Enable/disable PoE pre-standard detection.
poe_status
string
    Choices:
  • enable
  • disable
Enable/disable PoE status.
port_name
string
Switch port name.
port_number
integer
Port number.
port_owner
string
Switch port name.
port_policy
string
Switch controller dynamic port policy from available options. Source switch-controller.dynamic-port-policy.name.
port_prefix_type
integer
Port prefix type.
port_security_policy
string
Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name switch-controller.security-policy.captive-portal.name.
port_selection_criteria
string
    Choices:
  • src-mac
  • dst-mac
  • src-dst-mac
  • src-ip
  • dst-ip
  • src-dst-ip
Algorithm for aggregate port selection.
ptp_policy
string
PTP policy configuration. Source switch-controller.ptp.policy.name.
qos_policy
string
Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name.
rpvst_port
string
    Choices:
  • disabled
  • enabled
Enable/disable inter-operability with rapid PVST on this interface.
sample_direction
string
    Choices:
  • tx
  • rx
  • both
sFlow sample direction.
sflow_counter_interval
integer
sFlow sampler counter polling interval (1 - 255 sec).
sflow_sample_rate
integer
sFlow sampler sample rate (0 - 99999 p/sec).
sflow_sampler
string
    Choices:
  • enabled
  • disabled
Enable/disable sFlow protocol on this interface.
speed
string
    Choices:
  • 10half
  • 10full
  • 100half
  • 100full
  • 1000auto
  • 1000fiber
  • 1000full
  • 10000
  • 40000
  • auto
  • auto-module
  • 100FX-half
  • 100FX-full
  • 100000full
  • 2500full
  • 25000full
  • 50000full
  • 10000cr
  • 10000sr
  • 100000sr4
  • 100000cr4
  • 25000cr4
  • 25000sr4
  • 5000full
  • 2500auto
Switch port speed; default and available settings depend on hardware.
speed_mask
integer
Switch port speed mask.
stacking_port
integer
Stacking port.
status
string
    Choices:
  • up
  • down
Switch port admin status: up or down.
sticky_mac
string
    Choices:
  • enable
  • disable
Enable or disable sticky-mac on the interface.
storm_control_policy
string
Switch controller storm control policy from available options. Source switch-controller.storm-control-policy.name.
stp_bpdu_guard
string
    Choices:
  • enabled
  • disabled
Enable/disable STP BPDU guard on this interface.
stp_bpdu_guard_timeout
integer
BPDU Guard disabling protection (0 - 120 min).
stp_root_guard
string
    Choices:
  • enabled
  • disabled
Enable/disable STP root guard on this interface.
stp_state
string
    Choices:
  • enabled
  • disabled
Enable/disable Spanning Tree Protocol (STP) on this interface.
switch_id
string
Switch id.
type
string
    Choices:
  • physical
  • trunk
Interface type: physical or trunk port.
untagged_vlans
list / elements=string
Configure switch port untagged vlans
vlan_name
string
VLAN name. Source system.interface.name.
virtual_port
integer
Virtualized switch port.
vlan
string
Assign switch ports to a VLAN. Source system.interface.name.
pre_provisioned
integer
Pre-provisioned managed switch.
qos_drop_policy
string
    Choices:
  • taildrop
  • random-early-detection
Set QoS drop-policy.
qos_red_probability
integer
Set QoS RED/WRED drop probability.
remote_log
list / elements=string
Configure logging by FortiSwitch device to a remote syslog server.
csv
string
    Choices:
  • enable
  • disable
Enable/disable comma-separated value (CSV) strings.
facility
string
    Choices:
  • kernel
  • user
  • mail
  • daemon
  • auth
  • syslog
  • lpr
  • news
  • uucp
  • cron
  • authpriv
  • ftp
  • ntp
  • audit
  • alert
  • clock
  • local0
  • local1
  • local2
  • local3
  • local4
  • local5
  • local6
  • local7
Facility to log to remote syslog server.
name
string / required
Remote log name.
port
integer
Remote syslog server listening port.
server
string
IPv4 address of the remote syslog server.
severity
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warning
  • notification
  • information
  • debug
Severity of logs to be transferred to remote log server.
status
string
    Choices:
  • enable
  • disable
Enable/disable logging by FortiSwitch device to a remote syslog server.
settings_802_1X
dictionary
Configuration method to edit FortiSwitch 802.1X global settings.
link_down_auth
string
    Choices:
  • set-unauth
  • no-action
Authentication state to set if a link is down.
local_override
string
    Choices:
  • enable
  • disable
Enable to override global 802.1X settings on individual FortiSwitches.
max_reauth_attempt
integer
Maximum number of authentication attempts (0 - 15).
reauth_period
integer
Reauthentication time interval (1 - 1440 min).
tx_period
integer
802.1X Tx period (seconds).
snmp_community
list / elements=string
Configuration method to edit Simple Network Management Protocol (SNMP) communities.
events
string
    Choices:
  • cpu-high
  • mem-low
  • log-full
  • intf-ip
  • ent-conf-change
SNMP notifications (traps) to send.
hosts
list / elements=string
Configure IPv4 SNMP managers (hosts).
id
integer / required
Host entry ID.
ip
string
IPv4 address of the SNMP manager (host).
id
integer / required
SNMP community ID.
name
string
SNMP community name.
query_v1_port
integer
SNMP v1 query port .
query_v1_status
string
    Choices:
  • disable
  • enable
Enable/disable SNMP v1 queries.
query_v2c_port
integer
SNMP v2c query port .
query_v2c_status
string
    Choices:
  • disable
  • enable
Enable/disable SNMP v2c queries.
status
string
    Choices:
  • disable
  • enable
Enable/disable this SNMP community.
trap_v1_lport
integer
SNMP v2c trap local port .
trap_v1_rport
integer
SNMP v2c trap remote port .
trap_v1_status
string
    Choices:
  • disable
  • enable
Enable/disable SNMP v1 traps.
trap_v2c_lport
integer
SNMP v2c trap local port .
trap_v2c_rport
integer
SNMP v2c trap remote port .
trap_v2c_status
string
    Choices:
  • disable
  • enable
Enable/disable SNMP v2c traps.
snmp_sysinfo
dictionary
Configuration method to edit Simple Network Management Protocol (SNMP) system info.
contact_info
string
Contact information.
description
string
System description.
engine_id
string
Local SNMP engine ID string (max 24 char).
location
string
System location.
status
string
    Choices:
  • disable
  • enable
Enable/disable SNMP.
snmp_trap_threshold
dictionary
Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.
trap_high_cpu_threshold
integer
CPU usage when trap is sent.
trap_log_full_threshold
integer
Log disk usage when trap is sent.
trap_low_memory_threshold
integer
Memory usage when trap is sent.
snmp_user
list / elements=string
Configuration method to edit Simple Network Management Protocol (SNMP) users.
auth_proto
string
    Choices:
  • md5
  • sha
  • sha1
  • sha224
  • sha256
  • sha384
  • sha512
Authentication protocol.
auth_pwd
string
Password for authentication protocol.
name
string / required
SNMP user name.
priv_proto
string
    Choices:
  • aes
  • des
  • aes128
  • aes192
  • aes192c
  • aes256
  • aes256c
Privacy (encryption) protocol.
priv_pwd
string
Password for privacy (encryption) protocol.
queries
string
    Choices:
  • disable
  • enable
Enable/disable SNMP queries for this user.
query_port
integer
SNMPv3 query port .
security_level
string
    Choices:
  • no-auth-no-priv
  • auth-no-priv
  • auth-priv
Security level for message authentication and encryption.
staged_image_version
string
Staged image version for FortiSwitch.
static_mac
list / elements=string
Configuration method to edit FortiSwitch Static and Sticky MAC.
description
string
Description.
id
integer / required
Id
interface
string
Interface name.
mac
string
MAC address.
type
string
    Choices:
  • static
  • sticky
Type.
vlan
string
Vlan. Source system.interface.name.
storm_control
dictionary
Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.
broadcast
string
    Choices:
  • enable
  • disable
Enable/disable storm control to drop broadcast traffic.
local_override
string
    Choices:
  • enable
  • disable
Enable to override global FortiSwitch storm control settings for this FortiSwitch.
rate
integer
Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond this threshold.
unknown_multicast
string
    Choices:
  • enable
  • disable
Enable/disable storm control to drop unknown multicast traffic.
unknown_unicast
string
    Choices:
  • enable
  • disable
Enable/disable storm control to drop unknown unicast traffic.
stp_instance
list / elements=string
Configuration method to edit Spanning Tree Protocol (STP) instances.
id
string / required
Instance ID.
priority
string
    Choices:
  • 0
  • 4096
  • 8192
  • 12288
  • 16384
  • 20480
  • 24576
  • 28672
  • 32768
  • 36864
  • 40960
  • 45056
  • 49152
  • 53248
  • 57344
  • 61440
Priority.
stp_settings
dictionary
Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.
forward_time
integer
Period of time a port is in listening and learning state (4 - 30 sec).
hello_time
integer
Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec).
local_override
string
    Choices:
  • enable
  • disable
Enable to configure local STP settings that override global STP settings.
max_age
integer
Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec).
max_hops
integer
Maximum number of hops between the root bridge and the furthest bridge (1- 40).
name
string
Name of local STP settings configuration.
pending_timer
integer
Pending time (1 - 15 sec).
revision
integer
STP revision number (0 - 65535).
status
string
    Choices:
  • enable
  • disable
Enable/disable STP.
switch_device_tag
string
User definable label/tag.
switch_dhcp_opt43_key
string
DHCP option43 key.
switch_id
string
Managed-switch id.
switch_log
dictionary
Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).
local_override
string
    Choices:
  • enable
  • disable
Enable to configure local logging settings that override global logging settings.
severity
string
    Choices:
  • emergency
  • alert
  • critical
  • error
  • warning
  • notification
  • information
  • debug
Severity of FortiSwitch logs that are added to the FortiGate event log.
status
string
    Choices:
  • enable
  • disable
Enable/disable adding FortiSwitch logs to the FortiGate event log.
switch_profile
string
FortiSwitch profile. Source switch-controller.switch-profile.name.
switch_stp_settings
dictionary
Configure spanning tree protocol (STP).
status
string
    Choices:
  • enable
  • disable
Enable/disable STP.
tdr_supported
string
TDR supported.
type
string
    Choices:
  • virtual
  • physical
Indication of switch type, physical or virtual.
version
integer
FortiSwitch version.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure FortiSwitch devices that are managed by this FortiGate.
    fortios_switch_controller_managed_switch:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      switch_controller_managed_switch:
        settings_802_1X:
            link_down_auth: "set-unauth"
            local_override: "enable"
            max_reauth_attempt: "6"
            reauth_period: "7"
            tx_period: "8"
        access_profile: "<your_own_value> (source switch-controller.security-policy.local-access.name)"
        custom_command:
         -
            command_entry: "<your_own_value>"
            command_name: "<your_own_value> (source switch-controller.custom-command.command-name)"
        delayed_restart_trigger: "13"
        description: "<your_own_value>"
        directly_connected: "15"
        dynamic_capability: "16"
        dynamically_discovered: "17"
        firmware_provision: "enable"
        firmware_provision_version: "<your_own_value>"
        flow_identity: "<your_own_value>"
        fsw_wan1_admin: "discovered"
        fsw_wan1_peer: "<your_own_value> (source system.interface.name)"
        fsw_wan2_admin: "discovered"
        fsw_wan2_peer: "<your_own_value>"
        igmp_snooping:
            aging_time: "26"
            flood_unknown_multicast: "enable"
            local_override: "enable"
        ip_source_guard:
         -
            binding_entry:
             -
                entry_name: "<your_own_value>"
                ip: "<your_own_value>"
                mac: "<your_own_value>"
            description: "<your_own_value>"
            port: "<your_own_value>"
        l3_discovered: "36"
        max_allowed_trunk_members: "37"
        mclag_igmp_snooping_aware: "enable"
        mirror:
         -
            dst: "<your_own_value>"
            name: "default_name_41"
            src_egress:
             -
                name: "default_name_43"
            src_ingress:
             -
                name: "default_name_45"
            status: "active"
            switching_packet: "enable"
        name: "default_name_48"
        override_snmp_community: "enable"
        override_snmp_sysinfo: "disable"
        override_snmp_trap_threshold: "enable"
        override_snmp_user: "enable"
        owner_vdom: "<your_own_value>"
        poe_detection_type: "54"
        poe_lldp_detection: "enable"
        poe_pre_standard_detection: "enable"
        ports:
         -
            access_mode: "normal"
            aggregator_mode: "bandwidth"
            allowed_vlans:
             -
                vlan_name: "<your_own_value> (source system.interface.name)"
            allowed_vlans_all: "enable"
            arp_inspection_trust: "untrusted"
            bundle: "enable"
            description: "<your_own_value>"
            dhcp_snoop_option82_trust: "enable"
            dhcp_snooping: "untrusted"
            discard_mode: "none"
            edge_port: "enable"
            export_tags:
             -
                tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
            export_to: "<your_own_value> (source system.vdom.name)"
            export_to_pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)"
            export_to_pool_flag: "74"
            export_to_pool_flag: "75"
            fec_capable: "76"
            fec_state: "disabled"
            fgt_peer_device_name: "<your_own_value>"
            fgt_peer_port_name: "<your_own_value>"
            fiber_port: "80"
            flags: "81"
            flow_control: "disable"
            fortilink_port: "83"
            igmp_snooping: "enable"
            igmps_flood_reports: "enable"
            igmps_flood_traffic: "enable"
            ip_source_guard: "disable"
            isl_local_trunk_name: "<your_own_value>"
            isl_peer_device_name: "<your_own_value>"
            isl_peer_port_name: "<your_own_value>"
            lacp_speed: "slow"
            learning_limit: "92"
            lldp_profile: "<your_own_value> (source switch-controller.lldp-profile.name)"
            lldp_status: "disable"
            loop_guard: "enabled"
            loop_guard_timeout: "96"
            mac_addr: "<your_own_value>"
            matched_dpp_intf_tags: "<your_own_value>"
            matched_dpp_policy: "<your_own_value>"
            max_bundle: "100"
            mclag: "enable"
            mclag_icl_port: "102"
            media_type: "<your_own_value>"
            member_withdrawal_behavior: "forward"
            members:
             -
                member_name: "<your_own_value>"
            min_bundle: "107"
            mode: "static"
            p2p_port: "109"
            packet_sample_rate: "110"
            packet_sampler: "enabled"
            pause_meter: "112"
            pause_meter_resume: "75%"
            poe_capable: "114"
            poe_pre_standard_detection: "enable"
            poe_status: "enable"
            port_name: "<your_own_value>"
            port_number: "118"
            port_owner: "<your_own_value>"
            port_policy: "<your_own_value> (source switch-controller.dynamic-port-policy.name)"
            port_prefix_type: "121"
            port_security_policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal
              .name)"
            port_selection_criteria: "src-mac"
            ptp_policy: "<your_own_value> (source switch-controller.ptp.policy.name)"
            qos_policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)"
            rpvst_port: "disabled"
            sample_direction: "tx"
            sflow_counter_interval: "128"
            sflow_sample_rate: "129"
            sflow_sampler: "enabled"
            speed: "10half"
            speed_mask: "132"
            stacking_port: "133"
            status: "up"
            sticky_mac: "enable"
            storm_control_policy: "<your_own_value> (source switch-controller.storm-control-policy.name)"
            stp_bpdu_guard: "enabled"
            stp_bpdu_guard_timeout: "138"
            stp_root_guard: "enabled"
            stp_state: "enabled"
            switch_id: "<your_own_value>"
            type: "physical"
            untagged_vlans:
             -
                vlan_name: "<your_own_value> (source system.interface.name)"
            virtual_port: "145"
            vlan: "<your_own_value> (source system.interface.name)"
        pre_provisioned: "147"
        qos_drop_policy: "taildrop"
        qos_red_probability: "149"
        remote_log:
         -
            csv: "enable"
            facility: "kernel"
            name: "default_name_153"
            port: "154"
            server: "192.168.100.40"
            severity: "emergency"
            status: "enable"
        snmp_community:
         -
            events: "cpu-high"
            hosts:
             -
                id:  "161"
                ip: "<your_own_value>"
            id:  "163"
            name: "default_name_164"
            query_v1_port: "165"
            query_v1_status: "disable"
            query_v2c_port: "167"
            query_v2c_status: "disable"
            status: "disable"
            trap_v1_lport: "170"
            trap_v1_rport: "171"
            trap_v1_status: "disable"
            trap_v2c_lport: "173"
            trap_v2c_rport: "174"
            trap_v2c_status: "disable"
        snmp_sysinfo:
            contact_info: "<your_own_value>"
            description: "<your_own_value>"
            engine_id: "<your_own_value>"
            location: "<your_own_value>"
            status: "disable"
        snmp_trap_threshold:
            trap_high_cpu_threshold: "183"
            trap_log_full_threshold: "184"
            trap_low_memory_threshold: "185"
        snmp_user:
         -
            auth_proto: "md5"
            auth_pwd: "<your_own_value>"
            name: "default_name_189"
            priv_proto: "aes"
            priv_pwd: "<your_own_value>"
            queries: "disable"
            query_port: "193"
            security_level: "no-auth-no-priv"
        staged_image_version: "<your_own_value>"
        static_mac:
         -
            description: "<your_own_value>"
            id:  "198"
            interface: "<your_own_value>"
            mac: "<your_own_value>"
            type: "static"
            vlan: "<your_own_value> (source system.interface.name)"
        storm_control:
            broadcast: "enable"
            local_override: "enable"
            rate: "206"
            unknown_multicast: "enable"
            unknown_unicast: "enable"
        stp_instance:
         -
            id:  "210"
            priority: "0"
        stp_settings:
            forward_time: "213"
            hello_time: "214"
            local_override: "enable"
            max_age: "216"
            max_hops: "217"
            name: "default_name_218"
            pending_timer: "219"
            revision: "220"
            status: "enable"
        switch_device_tag: "<your_own_value>"
        switch_dhcp_opt43_key: "<your_own_value>"
        switch_id: "<your_own_value>"
        switch_log:
            local_override: "enable"
            severity: "emergency"
            status: "enable"
        switch_profile: "<your_own_value> (source switch-controller.switch-profile.name)"
        switch_stp_settings:
            status: "enable"
        tdr_supported: "<your_own_value>"
        type: "virtual"
        version: "234"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)