fortinet.fortios.fortios_system_interface – Configure interfaces in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection.

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_system_interface.

New in version 2.8: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter Choices/Defaults Comments
host
string
FortiOS or FortiGate IP address.
https
boolean
    Choices:
  • no
  • yes ←
Indicates if the requests towards FortiGate must use HTTPS protocol.
password
string
Default:
""
FortiOS or FortiGate password.
ssl_verify
boolean
added in 2.9 of fortinet.fortios
    Choices:
  • no
  • yes ←
Ensures FortiGate certificate must be verified by a proper CA.
state
string
added in 2.9 of fortinet.fortios
    Choices:
  • present
  • absent
Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level.
system_interface
dictionary
Configure interfaces.
ac_name
string
PPPoE server name.
aggregate
string
Aggregate interface.
algorithm
string
    Choices:
  • L2
  • L3
  • L4
Frame distribution algorithm.
alias
string
Alias will be displayed with the interface name to make it easier to distinguish.
allowaccess
list / elements=string
    Choices:
  • ping
  • https
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • radius-acct
  • probe-response
  • capwap
  • ftm
Permitted types of management access to this interface.
ap_discover
string
    Choices:
  • enable
  • disable
Enable/disable automatic registration of unknown FortiAP devices.
arpforward
string
    Choices:
  • enable
  • disable
Enable/disable ARP forwarding.
auth_type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
PPP authentication type to use.
auto_auth_extension_device
string
    Choices:
  • enable
  • disable
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface.
bfd
string
    Choices:
  • global
  • enable
  • disable
Bidirectional Forwarding Detection (BFD) settings.
bfd_desired_min_tx
integer
BFD desired minimal transmit interval.
bfd_detect_mult
integer
BFD detection multiplier.
bfd_required_min_rx
integer
BFD required minimal receive interval.
broadcast_forticlient_discovery
string
    Choices:
  • enable
  • disable
Enable/disable broadcasting FortiClient discovery messages.
broadcast_forward
string
    Choices:
  • enable
  • disable
Enable/disable broadcast forwarding.
captive_portal
integer
Enable/disable captive portal.
cli_conn_status
integer
CLI connection status.
color
integer
Color of icon on the GUI.
dedicated_to
string
    Choices:
  • none
  • management
Configure interface for single purpose.
defaultgw
string
    Choices:
  • enable
  • disable
Enable to get the gateway IP from the DHCP or PPPoE server.
description
string
Description.
detected_peer_mtu
integer
MTU of detected peer (0 - 4294967295).
detectprotocol
string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
Protocols used to detect the server.
detectserver
string
Gateway"s ping server for this IP.
device_access_list
string
Device access list.
device_identification
string
    Choices:
  • enable
  • disable
Enable/disable passively gathering of device identity information about the devices on the network connected to this interface.
device_identification_active_scan
string
    Choices:
  • enable
  • disable
Enable/disable active gathering of device identity information about the devices on the network connected to this interface.
device_netscan
string
    Choices:
  • disable
  • enable
Enable/disable inclusion of devices detected on this interface in network vulnerability scans.
device_user_identification
string
    Choices:
  • enable
  • disable
Enable/disable passive gathering of user identity information about users on this interface.
devindex
integer
Device Index.
dhcp_client_identifier
string
DHCP client identifier.
dhcp_relay_agent_option
string
    Choices:
  • enable
  • disable
Enable/disable DHCP relay agent option.
dhcp_relay_ip
string
DHCP relay IP address.
dhcp_relay_service
string
    Choices:
  • disable
  • enable
Enable/disable allowing this interface to act as a DHCP relay.
dhcp_relay_type
string
    Choices:
  • regular
  • ipsec
DHCP relay type (regular or IPsec).
dhcp_renew_time
integer
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
disc_retry_timeout
integer
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
disconnect_threshold
integer
Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
distance
integer
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
dns_server_override
string
    Choices:
  • enable
  • disable
Enable/disable use DNS acquired by DHCP or PPPoE.
drop_fragment
string
    Choices:
  • enable
  • disable
Enable/disable drop fragment packets.
drop_overlapped_fragment
string
    Choices:
  • enable
  • disable
Enable/disable drop overlapped fragment packets.
egress_shaping_profile
string
Outgoing traffic shaping profile.
endpoint_compliance
string
    Choices:
  • enable
  • disable
Enable/disable endpoint compliance enforcement.
estimated_downstream_bandwidth
integer
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
estimated_upstream_bandwidth
integer
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
explicit_ftp_proxy
string
    Choices:
  • enable
  • disable
Enable/disable the explicit FTP proxy on this interface.
explicit_web_proxy
string
    Choices:
  • enable
  • disable
Enable/disable the explicit web proxy on this interface.
external
string
    Choices:
  • enable
  • disable
Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet).
fail_action_on_extender
string
    Choices:
  • soft-restart
  • hard-restart
  • reboot
Action on extender when interface fail .
fail_alert_interfaces
list / elements=string
Names of the FortiGate interfaces from which the link failure alert is sent for this interface.
name
string / required
Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name.
fail_alert_method
string
    Choices:
  • link-failed-signal
  • link-down
Select link-failed-signal or link-down method to alert about a failed link.
fail_detect
string
    Choices:
  • enable
  • disable
Enable/disable fail detection features for this interface.
fail_detect_option
string
    Choices:
  • detectserver
  • link-down
Options for detecting that this interface has failed.
fortiheartbeat
string
    Choices:
  • enable
  • disable
Enable/disable FortiHeartBeat (FortiTelemetry on GUI).
fortilink
string
    Choices:
  • enable
  • disable
Enable FortiLink to dedicate this interface to manage other Fortinet devices.
fortilink_backup_link
integer
fortilink split interface backup link.
fortilink_split_interface
string
    Choices:
  • enable
  • disable
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members" command).
fortilink_stacking
string
    Choices:
  • enable
  • disable
Enable/disable FortiLink switch-stacking on this interface.
forward_domain
integer
Transparent mode forward domain.
gwdetect
string
    Choices:
  • enable
  • disable
Enable/disable detect gateway alive for first.
ha_priority
integer
HA election priority for the PING server.
icmp_redirect
string
    Choices:
  • enable
  • disable
Enable/disable ICMP redirect.
ident_accept
string
    Choices:
  • enable
  • disable
Enable/disable authentication for this interface.
idle_timeout
integer
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
inbandwidth
integer
Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited.
ingress_spillover_threshold
integer
Ingress Spillover threshold (0 - 16776000 kbps).
interface
string
Interface name. Source system.interface.name.
internal
integer
Implicitly created.
ip
string
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
ipmac
string
    Choices:
  • enable
  • disable
Enable/disable IP/MAC binding.
ips_sniffer_mode
string
    Choices:
  • enable
  • disable
Enable/disable the use of this interface as a one-armed sniffer.
ipunnumbered
string
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
ipv6
dictionary
IPv6 of interface.
autoconf
string
    Choices:
  • enable
  • disable
Enable/disable address auto config.
dhcp6_client_options
string
    Choices:
  • rapid
  • iapd
  • iana
DHCPv6 client options.
dhcp6_information_request
string
    Choices:
  • enable
  • disable
Enable/disable DHCPv6 information request.
dhcp6_prefix_delegation
string
    Choices:
  • enable
  • disable
Enable/disable DHCPv6 prefix delegation.
dhcp6_prefix_hint
string
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
dhcp6_prefix_hint_plt
integer
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
dhcp6_prefix_hint_vlt
integer
DHCPv6 prefix hint valid life time (sec).
dhcp6_relay_ip
string
DHCPv6 relay IP address.
dhcp6_relay_service
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 relay.
dhcp6_relay_type
string
    Choices:
  • regular
DHCPv6 relay type.
ip6_address
string
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6_allowaccess
list / elements=string
    Choices:
  • ping
  • https
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
Allow management access to the interface.
ip6_default_life
integer
Default life (sec).
ip6_delegated_prefix_list
list / elements=string
Advertised IPv6 delegated prefix list.
autonomous_flag
string
    Choices:
  • enable
  • disable
Enable/disable the autonomous flag.
onlink_flag
string
    Choices:
  • enable
  • disable
Enable/disable the onlink flag.
prefix_id
integer
Prefix ID.
rdnss
string
Recursive DNS server option.
rdnss_service
string
    Choices:
  • delegated
  • default
  • specify
Recursive DNS service option.
subnet
string
Add subnet ID to routing prefix.
upstream_interface
string
Name of the interface that provides delegated information. Source system.interface.name.
ip6_dns_server_override
string
    Choices:
  • enable
  • disable
Enable/disable using the DNS server acquired by DHCP.
ip6_extra_addr
list / elements=string
Extra IPv6 address prefixes of interface.
prefix
string / required
IPv6 address prefix.
ip6_hop_limit
integer
Hop limit (0 means unspecified).
ip6_link_mtu
integer
IPv6 link MTU.
ip6_manage_flag
string
    Choices:
  • enable
  • disable
Enable/disable the managed flag.
ip6_max_interval
integer
IPv6 maximum interval (4 to 1800 sec).
ip6_min_interval
integer
IPv6 minimum interval (3 to 1350 sec).
ip6_mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
Addressing mode (static, DHCP, delegated).
ip6_other_flag
string
    Choices:
  • enable
  • disable
Enable/disable the other IPv6 flag.
ip6_prefix_list
list / elements=string
Advertised prefix list.
autonomous_flag
string
    Choices:
  • enable
  • disable
Enable/disable the autonomous flag.
dnssl
list / elements=string
DNS search list option.
domain
string / required
Domain name.
onlink_flag
string
    Choices:
  • enable
  • disable
Enable/disable the onlink flag.
preferred_life_time
integer
Preferred life time (sec).
prefix
string / required
IPv6 prefix.
rdnss
string
Recursive DNS server option.
valid_life_time
integer
Valid life time (sec).
ip6_reachable_time
integer
IPv6 reachable time (milliseconds; 0 means unspecified).
ip6_retrans_time
integer
IPv6 retransmit time (milliseconds; 0 means unspecified).
ip6_send_adv
string
    Choices:
  • enable
  • disable
Enable/disable sending advertisements about the interface.
ip6_subnet
string
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6_upstream_interface
string
Interface name providing delegated information. Source system.interface.name.
nd_cert
string
Neighbor discovery certificate. Source certificate.local.name.
nd_cga_modifier
string
Neighbor discovery CGA modifier.
nd_mode
string
    Choices:
  • basic
  • SEND-compatible
Neighbor discovery mode.
nd_security_level
integer
Neighbor discovery security level (0 - 7; 0 = least secure).
nd_timestamp_delta
integer
Neighbor discovery timestamp delta value (1 - 3600 sec; ).
nd_timestamp_fuzz
integer
Neighbor discovery timestamp fuzz factor (1 - 60 sec; ).
vrip6_link_local
string
Link-local IPv6 address of virtual router.
vrrp6
list / elements=string
IPv6 VRRP configuration.
accept_mode
string
    Choices:
  • enable
  • disable
Enable/disable accept mode.
adv_interval
integer
Advertisement interval (1 - 255 seconds).
preempt
string
    Choices:
  • enable
  • disable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start_time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • enable
  • disable
Enable/disable VRRP.
vrdst6
string
Monitor the route to this destination.
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer / required
Virtual router identifier (1 - 255).
vrip6
string
IPv6 address of the virtual router.
vrrp_virtual_mac6
string
    Choices:
  • enable
  • disable
Enable/disable virtual MAC for VRRP.
l2forward
string
    Choices:
  • enable
  • disable
Enable/disable l2 forwarding.
lacp_ha_slave
string
    Choices:
  • enable
  • disable
LACP HA slave.
lacp_mode
string
    Choices:
  • static
  • passive
  • active
LACP mode.
lacp_speed
string
    Choices:
  • slow
  • fast
How often the interface sends LACP messages.
lcp_echo_interval
integer
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
lcp_max_echo_fails
integer
Maximum missed LCP echo messages before disconnect.
link_up_delay
integer
Number of milliseconds to wait before considering a link is up.
lldp_transmission
string
    Choices:
  • enable
  • disable
  • vdom
Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
macaddr
string
Change the interface"s MAC address.
managed_device
list / elements=string
Available when FortiLink is enabled, used for managed devices through FortiLink interface.
name
string / required
Managed dev identifier.
management_ip
string
High Availability in-band management IP address of this interface.
member
list / elements=string
Physical interfaces that belong to the aggregate or redundant interface.
interface_name
string
Physical interface name. Source system.interface.name.
min_links
integer
Minimum number of aggregated ports that must be up.
min_links_down
string
    Choices:
  • operational
  • administrative
Action to take when less than the configured minimum number of links are active.
mode
string
    Choices:
  • static
  • dhcp
  • pppoe
Addressing mode (static, DHCP, PPPoE).
mtu
integer
MTU value for this interface.
mtu_override
string
    Choices:
  • enable
  • disable
Enable to set a custom MTU for this interface.
name
string / required
Name.
ndiscforward
string
    Choices:
  • enable
  • disable
Enable/disable NDISC forwarding.
netbios_forward
string
    Choices:
  • disable
  • enable
Enable/disable NETBIOS forwarding.
netflow_sampler
string
    Choices:
  • disable
  • tx
  • rx
  • both
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both).
outbandwidth
integer
Bandwidth limit for outgoing traffic (0 - 16776000 kbps).
padt_retry_timeout
integer
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
password
string
PPPoE account"s password.
ping_serv_status
integer
PING server status.
polling_interval
integer
sFlow polling interval (1 - 255 sec).
pppoe_unnumbered_negotiate
string
    Choices:
  • enable
  • disable
Enable/disable PPPoE unnumbered negotiation.
pptp_auth_type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
PPTP authentication type.
pptp_client
string
    Choices:
  • enable
  • disable
Enable/disable PPTP client.
pptp_password
string
PPTP password.
pptp_server_ip
string
PPTP server IP address.
pptp_timeout
integer
Idle timer in minutes (0 for disabled).
pptp_user
string
PPTP user name.
preserve_session_route
string
    Choices:
  • enable
  • disable
Enable/disable preservation of session route when dirty.
priority
integer
Priority of learned routes.
priority_override
string
    Choices:
  • enable
  • disable
Enable/disable fail back to higher priority port once recovered.
proxy_captive_portal
string
    Choices:
  • enable
  • disable
Enable/disable proxy captive portal on this interface.
redundant_interface
string
Redundant interface.
remote_ip
string
Remote IP address of tunnel.
replacemsg_override_group
string
Replacement message override group.
role
string
    Choices:
  • lan
  • wan
  • dmz
  • undefined
Interface role.
sample_direction
string
    Choices:
  • tx
  • rx
  • both
Data that NetFlow collects (rx, tx, or both).
sample_rate
integer
sFlow sample rate (10 - 99999).
scan_botnet_connections
string
    Choices:
  • disable
  • block
  • monitor
Enable monitoring or blocking connections to Botnet servers through this interface.
secondary_IP
string
    Choices:
  • enable
  • disable
Enable/disable adding a secondary IP to this interface.
secondaryip
list / elements=string
Second IP address of interface.
allowaccess
string
    Choices:
  • ping
  • https
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • radius-acct
  • probe-response
  • capwap
  • ftm
Management access settings for the secondary IP address.
detectprotocol
string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
Protocols used to detect the server.
detectserver
string
Gateway"s ping server for this IP.
gwdetect
string
    Choices:
  • enable
  • disable
Enable/disable detect gateway alive for first.
ha_priority
integer
HA election priority for the PING server.
id
integer / required
ID.
ip
string
Secondary IP address of the interface.
ping_serv_status
integer
PING server status.
security_exempt_list
string
Name of security-exempt-list.
security_external_logout
string
URL of external authentication logout server.
security_external_web
string
URL of external authentication web server.
security_groups
list / elements=string
User groups that can authenticate with the captive portal.
name
string / required
Names of user groups that can authenticate with the captive portal.
security_mac_auth_bypass
string
    Choices:
  • enable
  • disable
Enable/disable MAC authentication bypass.
security_mode
string
    Choices:
  • none
  • captive-portal
  • 802.1X
Turn on captive portal authentication for this interface.
security_redirect_url
string
URL redirection after disclaimer/authentication.
service_name
string
PPPoE service name.
sflow_sampler
string
    Choices:
  • enable
  • disable
Enable/disable sFlow on this interface.
snmp_index
integer
Permanent SNMP Index of the interface.
speed
string
    Choices:
  • auto
  • 10full
  • 10half
  • 100full
  • 100half
  • 1000full
  • 1000half
  • 1000auto
Interface speed. The default setting and the options available depend on the interface hardware.
spillover_threshold
integer
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
src_check
string
    Choices:
  • enable
  • disable
Enable/disable source IP check.
state
string
    Choices:
  • present
  • absent
Deprecated
Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.

Indicates whether to create or remove the object.
status
string
    Choices:
  • up
  • down
Bring the interface up or shut the interface down.
stpforward
string
    Choices:
  • enable
  • disable
Enable/disable STP forwarding.
stpforward_mode
string
    Choices:
  • rpl-all-ext-id
  • rpl-bridge-ext-id
  • rpl-nothing
Configure STP forwarding mode.
subst
string
    Choices:
  • enable
  • disable
Enable to always send packets from this interface to a destination MAC address.
substitute_dst_mac
string
Destination MAC address that all packets are sent to from this interface.
switch
string
Contained in switch.
switch_controller_access_vlan
string
    Choices:
  • enable
  • disable
Block FortiSwitch port-to-port traffic.
switch_controller_arp_inspection
string
    Choices:
  • enable
  • disable
Enable/disable FortiSwitch ARP inspection.
switch_controller_dhcp_snooping
string
    Choices:
  • enable
  • disable
Switch controller DHCP snooping.
switch_controller_dhcp_snooping_option82
string
    Choices:
  • enable
  • disable
Switch controller DHCP snooping option82.
switch_controller_dhcp_snooping_verify_mac
string
    Choices:
  • enable
  • disable
Switch controller DHCP snooping verify MAC.
switch_controller_igmp_snooping
string
    Choices:
  • enable
  • disable
Switch controller IGMP snooping.
switch_controller_learning_limit
integer
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
tagging
list / elements=string
Config object tagging.
category
string
Tag category. Source system.object-tagging.category.
name
string / required
Tagging entry name.
tags
list / elements=string
Tags.
name
string / required
Tag name. Source system.object-tagging.tags.name.
tcp_mss
integer
TCP maximum segment size. 0 means do not change segment size.
trust_ip6_1
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust_ip6_2
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust_ip6_3
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust_ip_1
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust_ip_2
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust_ip_3
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
type
string
    Choices:
  • physical
  • vlan
  • aggregate
  • redundant
  • tunnel
  • vdom-link
  • loopback
  • switch
  • hard-switch
  • vap-switch
  • wl-mesh
  • fext-wan
  • vxlan
  • hdlc
  • switch-vlan
Interface type.
username
string
Username of the PPPoE account, provided by your ISP.
vdom
string
Interface is in this virtual domain (VDOM). Source system.vdom.name.
vindex
integer
Switch control interface VLAN ID.
vlanforward
string
    Choices:
  • enable
  • disable
Enable/disable traffic forwarding between VLANs on this interface.
vlanid
integer
VLAN ID (1 - 4094).
vrf
integer
Virtual Routing Forwarding ID.
vrrp
list / elements=string
VRRP configuration.
accept_mode
string
    Choices:
  • enable
  • disable
Enable/disable accept mode.
adv_interval
integer
Advertisement interval (1 - 255 seconds).
preempt
string
    Choices:
  • enable
  • disable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
proxy_arp
list / elements=string
VRRP Proxy ARP configuration.
id
integer / required
ID.
ip
string
Set IP addresses of proxy ARP.
start_time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • enable
  • disable
Enable/disable this VRRP configuration.
version
string
    Choices:
  • 2
  • 3
VRRP version.
vrdst
string
Monitor the route to this destination.
vrdst_priority
integer
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer / required
Virtual router identifier (1 - 255).
vrip
string
IP address of the virtual router.
vrrp_virtual_mac
string
    Choices:
  • enable
  • disable
Enable/disable use of virtual MAC for VRRP.
wccp
string
    Choices:
  • enable
  • disable
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.
weight
integer
Default weight for static routes (if route has no weight configured).
wins_ip
string
WINS server IP.
username
string
FortiOS or FortiGate username.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure interfaces.
    fortios_system_interface:
      vdom:  "{{ vdom }}"
      state: "present"
      system_interface:
        ac_name: "<your_own_value>"
        aggregate: "<your_own_value>"
        algorithm: "L2"
        alias: "<your_own_value>"
        allowaccess: "ping"
        ap_discover: "enable"
        arpforward: "enable"
        auth_type: "auto"
        auto_auth_extension_device: "enable"
        bfd: "global"
        bfd_desired_min_tx: "13"
        bfd_detect_mult: "14"
        bfd_required_min_rx: "15"
        broadcast_forticlient_discovery: "enable"
        broadcast_forward: "enable"
        captive_portal: "18"
        cli_conn_status: "19"
        color: "20"
        dedicated_to: "none"
        defaultgw: "enable"
        description: "<your_own_value>"
        detected_peer_mtu: "24"
        detectprotocol: "ping"
        detectserver: "<your_own_value>"
        device_access_list: "<your_own_value>"
        device_identification: "enable"
        device_identification_active_scan: "enable"
        device_netscan: "disable"
        device_user_identification: "enable"
        devindex: "32"
        dhcp_client_identifier:  "myId_33"
        dhcp_relay_agent_option: "enable"
        dhcp_relay_ip: "<your_own_value>"
        dhcp_relay_service: "disable"
        dhcp_relay_type: "regular"
        dhcp_renew_time: "38"
        disc_retry_timeout: "39"
        disconnect_threshold: "40"
        distance: "41"
        dns_server_override: "enable"
        drop_fragment: "enable"
        drop_overlapped_fragment: "enable"
        egress_shaping_profile: "<your_own_value>"
        endpoint_compliance: "enable"
        estimated_downstream_bandwidth: "47"
        estimated_upstream_bandwidth: "48"
        explicit_ftp_proxy: "enable"
        explicit_web_proxy: "enable"
        external: "enable"
        fail_action_on_extender: "soft-restart"
        fail_alert_interfaces:
         -
            name: "default_name_54 (source system.interface.name)"
        fail_alert_method: "link-failed-signal"
        fail_detect: "enable"
        fail_detect_option: "detectserver"
        fortiheartbeat: "enable"
        fortilink: "enable"
        fortilink_backup_link: "60"
        fortilink_split_interface: "enable"
        fortilink_stacking: "enable"
        forward_domain: "63"
        gwdetect: "enable"
        ha_priority: "65"
        icmp_redirect: "enable"
        ident_accept: "enable"
        idle_timeout: "68"
        inbandwidth: "69"
        ingress_spillover_threshold: "70"
        interface: "<your_own_value> (source system.interface.name)"
        internal: "72"
        ip: "<your_own_value>"
        ipmac: "enable"
        ips_sniffer_mode: "enable"
        ipunnumbered: "<your_own_value>"
        ipv6:
            autoconf: "enable"
            dhcp6_client_options: "rapid"
            dhcp6_information_request: "enable"
            dhcp6_prefix_delegation: "enable"
            dhcp6_prefix_hint: "<your_own_value>"
            dhcp6_prefix_hint_plt: "83"
            dhcp6_prefix_hint_vlt: "84"
            dhcp6_relay_ip: "<your_own_value>"
            dhcp6_relay_service: "disable"
            dhcp6_relay_type: "regular"
            ip6_address: "<your_own_value>"
            ip6_allowaccess: "ping"
            ip6_default_life: "90"
            ip6_delegated_prefix_list:
             -
                autonomous_flag: "enable"
                onlink_flag: "enable"
                prefix_id: "94"
                rdnss: "<your_own_value>"
                rdnss_service: "delegated"
                subnet: "<your_own_value>"
                upstream_interface: "<your_own_value> (source system.interface.name)"
            ip6_dns_server_override: "enable"
            ip6_extra_addr:
             -
                prefix: "<your_own_value>"
            ip6_hop_limit: "102"
            ip6_link_mtu: "103"
            ip6_manage_flag: "enable"
            ip6_max_interval: "105"
            ip6_min_interval: "106"
            ip6_mode: "static"
            ip6_other_flag: "enable"
            ip6_prefix_list:
             -
                autonomous_flag: "enable"
                dnssl:
                 -
                    domain: "<your_own_value>"
                onlink_flag: "enable"
                preferred_life_time: "114"
                prefix: "<your_own_value>"
                rdnss: "<your_own_value>"
                valid_life_time: "117"
            ip6_reachable_time: "118"
            ip6_retrans_time: "119"
            ip6_send_adv: "enable"
            ip6_subnet: "<your_own_value>"
            ip6_upstream_interface: "<your_own_value> (source system.interface.name)"
            nd_cert: "<your_own_value> (source certificate.local.name)"
            nd_cga_modifier: "<your_own_value>"
            nd_mode: "basic"
            nd_security_level: "126"
            nd_timestamp_delta: "127"
            nd_timestamp_fuzz: "128"
            vrip6_link_local: "<your_own_value>"
            vrrp_virtual_mac6: "enable"
            vrrp6:
             -
                accept_mode: "enable"
                adv_interval: "133"
                preempt: "enable"
                priority: "135"
                start_time: "136"
                status: "enable"
                vrdst6: "<your_own_value>"
                vrgrp: "139"
                vrid: "140"
                vrip6: "<your_own_value>"
        l2forward: "enable"
        lacp_ha_slave: "enable"
        lacp_mode: "static"
        lacp_speed: "slow"
        lcp_echo_interval: "146"
        lcp_max_echo_fails: "147"
        link_up_delay: "148"
        lldp_transmission: "enable"
        macaddr: "<your_own_value>"
        managed_device:
         -
            name: "default_name_152"
        management_ip: "<your_own_value>"
        member:
         -
            interface_name: "<your_own_value> (source system.interface.name)"
        min_links: "156"
        min_links_down: "operational"
        mode: "static"
        mtu: "159"
        mtu_override: "enable"
        name: "default_name_161"
        ndiscforward: "enable"
        netbios_forward: "disable"
        netflow_sampler: "disable"
        outbandwidth: "165"
        padt_retry_timeout: "166"
        password: "<your_own_value>"
        ping_serv_status: "168"
        polling_interval: "169"
        pppoe_unnumbered_negotiate: "enable"
        pptp_auth_type: "auto"
        pptp_client: "enable"
        pptp_password: "<your_own_value>"
        pptp_server_ip: "<your_own_value>"
        pptp_timeout: "175"
        pptp_user: "<your_own_value>"
        preserve_session_route: "enable"
        priority: "178"
        priority_override: "enable"
        proxy_captive_portal: "enable"
        redundant_interface: "<your_own_value>"
        remote_ip: "<your_own_value>"
        replacemsg_override_group: "<your_own_value>"
        role: "lan"
        sample_direction: "tx"
        sample_rate: "186"
        scan_botnet_connections: "disable"
        secondary_IP: "enable"
        secondaryip:
         -
            allowaccess: "ping"
            detectprotocol: "ping"
            detectserver: "<your_own_value>"
            gwdetect: "enable"
            ha_priority: "194"
            id:  "195"
            ip: "<your_own_value>"
            ping_serv_status: "197"
        security_exempt_list: "<your_own_value>"
        security_external_logout: "<your_own_value>"
        security_external_web: "<your_own_value>"
        security_groups:
         -
            name: "default_name_202"
        security_mac_auth_bypass: "enable"
        security_mode: "none"
        security_redirect_url: "<your_own_value>"
        service_name: "<your_own_value>"
        sflow_sampler: "enable"
        snmp_index: "208"
        speed: "auto"
        spillover_threshold: "210"
        src_check: "enable"
        status: "up"
        stpforward: "enable"
        stpforward_mode: "rpl-all-ext-id"
        subst: "enable"
        substitute_dst_mac: "<your_own_value>"
        switch: "<your_own_value>"
        switch_controller_access_vlan: "enable"
        switch_controller_arp_inspection: "enable"
        switch_controller_dhcp_snooping: "enable"
        switch_controller_dhcp_snooping_option82: "enable"
        switch_controller_dhcp_snooping_verify_mac: "enable"
        switch_controller_igmp_snooping: "enable"
        switch_controller_learning_limit: "224"
        tagging:
         -
            category: "<your_own_value> (source system.object-tagging.category)"
            name: "default_name_227"
            tags:
             -
                name: "default_name_229 (source system.object-tagging.tags.name)"
        tcp_mss: "230"
        trust_ip_1: "<your_own_value>"
        trust_ip_2: "<your_own_value>"
        trust_ip_3: "<your_own_value>"
        trust_ip6_1: "<your_own_value>"
        trust_ip6_2: "<your_own_value>"
        trust_ip6_3: "<your_own_value>"
        type: "physical"
        username: "<your_own_value>"
        vdom: "<your_own_value> (source system.vdom.name)"
        vindex: "240"
        vlanforward: "enable"
        vlanid: "242"
        vrf: "243"
        vrrp:
         -
            accept_mode: "enable"
            adv_interval: "246"
            preempt: "enable"
            priority: "248"
            proxy_arp:
             -
                id:  "250"
                ip: "<your_own_value>"
            start_time: "252"
            status: "enable"
            version: "2"
            vrdst: "<your_own_value>"
            vrdst_priority: "256"
            vrgrp: "257"
            vrid: "258"
            vrip: "<your_own_value>"
        vrrp_virtual_mac: "enable"
        wccp: "enable"
        weight: "262"
        wins_ip: "<your_own_value>"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Authors

  • Link Zheng (@chillancezen)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Jie Xue (@JieX19)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)