fortinet.fortios.fortios_wireless_controller_vap – Configure Virtual Access Points (VAPs) in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_wireless_controller_vap.

New in version 2.10: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter Choices/Defaults Comments
access_token
string
Token-based authentication. Generated from GUI of Fortigate.
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task.
state
string / required
    Choices:
  • present
  • absent
Indicates whether to create or remove the object.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
wireless_controller_vap
dictionary
Configure Virtual Access Points (VAPs).
access_control_list
string
access-control-list profile name. Source wireless-controller.access-control-list.name.
acct_interim_interval
integer
WiFi RADIUS accounting interim interval (60 - 86400 sec).
additional_akms
list / elements=string
    Choices:
  • akm6
Additional AKMs.
address_group
string
Address group ID. Source wireless-controller.addrgrp.id.
alias
string
Alias.
atf_weight
integer
Airtime weight in percentage .
auth
string
    Choices:
  • psk
  • radius
  • usergroup
Authentication protocol.
broadcast_ssid
string
    Choices:
  • enable
  • disable
Enable/disable broadcasting the SSID .
broadcast_suppression
list / elements=string
    Choices:
  • dhcp-up
  • dhcp-down
  • dhcp-starvation
  • arp-known
  • arp-unknown
  • arp-reply
  • arp-poison
  • arp-proxy
  • netbios-ns
  • netbios-ds
  • ipv6
  • all-other-mc
  • all-other-bc
  • dhcp-ucast
Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
bss_color_partial
string
    Choices:
  • enable
  • disable
Enable/disable 802.11ax partial BSS color .
bstm_disassociation_imminent
string
    Choices:
  • enable
  • disable
Enable/disable forcing of disassociation after the BSTM request timer has been reached .
bstm_load_balancing_disassoc_timer
integer
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30).
bstm_rssi_disassoc_timer
integer
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000).
captive_portal_ac_name
string
Local-bridging captive portal ac-name.
captive_portal_auth_timeout
integer
Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec).
captive_portal_macauth_radius_secret
string
Secret key to access the macauth RADIUS server.
captive_portal_macauth_radius_server
string
Captive portal external RADIUS server domain name or IP address.
captive_portal_radius_secret
string
Secret key to access the RADIUS server.
captive_portal_radius_server
string
Captive portal RADIUS server domain name or IP address.
captive_portal_session_timeout_interval
integer
Session timeout interval (0 - 864000 sec).
dhcp_address_enforcement
string
    Choices:
  • enable
  • disable
Enable/disable DHCP address enforcement .
dhcp_lease_time
integer
DHCP lease time in seconds for NAT IP address.
dhcp_option43_insertion
string
    Choices:
  • enable
  • disable
Enable/disable insertion of DHCP option 43 .
dhcp_option82_circuit_id_insertion
string
    Choices:
  • style-1
  • style-2
  • disable
  • style-3
Enable/disable DHCP option 82 circuit-id insert .
dhcp_option82_insertion
string
    Choices:
  • enable
  • disable
Enable/disable DHCP option 82 insert .
dhcp_option82_remote_id_insertion
string
    Choices:
  • style-1
  • disable
Enable/disable DHCP option 82 remote-id insert .
dynamic_vlan
string
    Choices:
  • enable
  • disable
Enable/disable dynamic VLAN assignment.
eap_reauth
string
    Choices:
  • enable
  • disable
Enable/disable EAP re-authentication for WPA-Enterprise security.
eap_reauth_intv
integer
EAP re-authentication interval (1800 - 864000 sec).
eapol_key_retries
string
    Choices:
  • disable
  • enable
Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) .
encrypt
string
    Choices:
  • TKIP
  • AES
  • TKIP-AES
Encryption protocol to use (only available when security is set to a WPA type).
external_fast_roaming
string
    Choices:
  • enable
  • disable
Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate .
external_logout
string
URL of external authentication logout server.
external_web
string
URL of external authentication web server.
external_web_format
string
    Choices:
  • auto-detect
  • no-query-string
  • partial-query-string
URL query parameter detection .
fast_bss_transition
string
    Choices:
  • disable
  • enable
Enable/disable 802.11r Fast BSS Transition (FT) .
fast_roaming
string
    Choices:
  • enable
  • disable
Enable/disable fast-roaming, or pre-authentication, where supported by clients .
ft_mobility_domain
integer
Mobility domain identifier in FT (1 - 65535).
ft_over_ds
string
    Choices:
  • disable
  • enable
Enable/disable FT over the Distribution System (DS).
ft_r0_key_lifetime
integer
Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
gas_comeback_delay
integer
GAS comeback delay (0 or 100 - 10000 milliseconds).
gas_fragmentation_limit
integer
GAS fragmentation limit (512 - 4096).
gtk_rekey
string
    Choices:
  • enable
  • disable
Enable/disable GTK rekey for WPA security.
gtk_rekey_intv
integer
GTK rekey interval (1800 - 864000 sec).
high_efficiency
string
    Choices:
  • enable
  • disable
Enable/disable 802.11ax high efficiency .
hotspot20_profile
string
Hotspot 2.0 profile name. Source wireless-controller.hotspot20.hs-profile.name.
igmp_snooping
string
    Choices:
  • enable
  • disable
Enable/disable IGMP snooping.
intra_vap_privacy
string
    Choices:
  • enable
  • disable
Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) .
ip
string
IP address and subnet mask for the local standalone NAT subnet.
ipv6_rules
list / elements=string
    Choices:
  • drop-icmp6ra
  • drop-icmp6rs
  • drop-llmnr6
  • drop-icmp6mld2
  • drop-dhcp6s
  • drop-dhcp6c
  • ndp-proxy
  • drop-ns-dad
  • drop-ns-nondad
Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network.
key
string
WEP Key.
keyindex
integer
WEP key index (1 - 4).
ldpc
string
    Choices:
  • disable
  • rx
  • tx
  • rxtx
VAP low-density parity-check (LDPC) coding configuration.
local_authentication
string
    Choices:
  • enable
  • disable
Enable/disable AP local authentication.
local_bridging
string
    Choices:
  • enable
  • disable
Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP .
local_lan
string
    Choices:
  • allow
  • deny
Allow/deny traffic destined for a Class A, B, or C private IP address .
local_standalone
string
    Choices:
  • enable
  • disable
Enable/disable AP local standalone .
local_standalone_nat
string
    Choices:
  • enable
  • disable
Enable/disable AP local standalone NAT mode.
mac_auth_bypass
string
    Choices:
  • enable
  • disable
Enable/disable MAC authentication bypass.
mac_called_station_delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC called station delimiter .
mac_calling_station_delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC calling station delimiter .
mac_case
string
    Choices:
  • uppercase
  • lowercase
MAC case .
mac_filter
string
    Choices:
  • enable
  • disable
Enable/disable MAC filtering to block wireless clients by mac address.
mac_filter_list
list / elements=string
Create a list of MAC addresses for MAC address filtering.
id
integer / required
ID.
mac
string
MAC address.
mac_filter_policy
string
    Choices:
  • allow
  • deny
Deny or allow the client with this MAC address.
mac_filter_policy_other
string
    Choices:
  • allow
  • deny
Allow or block clients with MAC addresses that are not in the filter list.
mac_password_delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC authentication password delimiter .
mac_username_delimiter
string
    Choices:
  • hyphen
  • single-hyphen
  • colon
  • none
MAC authentication username delimiter .
max_clients
integer
Maximum number of clients that can connect simultaneously to the VAP .
max_clients_ap
integer
Maximum number of clients that can connect simultaneously to each radio .
mbo
string
    Choices:
  • disable
  • enable
Enable/disable Multiband Operation .
mbo_cell_data_conn_pref
string
    Choices:
  • excluded
  • prefer-not
  • prefer-use
MBO cell data connection preference (0, 1, or 255).
me_disable_thresh
integer
Disable multicast enhancement when this many clients are receiving multicast traffic.
mesh_backhaul
string
    Choices:
  • enable
  • disable
Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open.
mpsk
string
    Choices:
  • enable
  • disable
Enable/disable multiple pre-shared keys (PSKs.)
mpsk_concurrent_clients
integer
Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
mpsk_key
list / elements=string
Pre-shared keys that can be used to connect to this virtual access point.
comment
string
Comment.
concurrent_clients
string
Number of clients that can connect using this pre-shared key.
key_name
string
Pre-shared key name.
mpsk_schedules
list / elements=string
Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
name
string / required
Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name.
passphrase
string
WPA Pre-shared key.
mpsk_profile
string
MPSK profile name. Source wireless-controller.mpsk-profile.name.
mu_mimo
string
    Choices:
  • enable
  • disable
Enable/disable Multi-user MIMO .
multicast_enhance
string
    Choices:
  • enable
  • disable
Enable/disable converting multicast to unicast to improve performance .
multicast_rate
string
    Choices:
  • 0
  • 6000
  • 12000
  • 24000
Multicast rate (0, 6000, 12000, or 24000 kbps).
nac
string
    Choices:
  • enable
  • disable
Enable/disable network access control.
nac_profile
string
NAC profile name. Source wireless-controller.nac-profile.name.
name
string / required
Virtual AP name.
neighbor_report_dual_band
string
    Choices:
  • disable
  • enable
Enable/disable dual-band neighbor report .
okc
string
    Choices:
  • disable
  • enable
Enable/disable Opportunistic Key Caching (OKC) .
owe_groups
list / elements=string
    Choices:
  • 19
  • 20
  • 21
OWE-Groups.
owe_transition
string
    Choices:
  • disable
  • enable
Enable/disable OWE transition mode support.
owe_transition_ssid
string
OWE transition mode peer SSID.
passphrase
string
WPA pre-shard key (PSK) to be used to authenticate WiFi users.
pmf
string
    Choices:
  • disable
  • enable
  • optional
Protected Management Frames (PMF) support .
pmf_assoc_comeback_timeout
integer
Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
pmf_sa_query_retry_timeout
integer
Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
port_macauth
string
    Choices:
  • disable
  • radius
  • address-group
Enable/disable LAN port MAC authentication .
port_macauth_reauth_timeout
integer
LAN port MAC authentication re-authentication timeout value .
port_macauth_timeout
integer
LAN port MAC authentication idle timeout value .
portal_message_override_group
string
Replacement message group for this VAP (only available when security is set to a captive portal type). Source system.replacemsg-group .name.
portal_message_overrides
dictionary
Individual message overrides.
auth_disclaimer_page
string
Override auth-disclaimer-page message with message from portal-message-overrides group.
auth_login_failed_page
string
Override auth-login-failed-page message with message from portal-message-overrides group.
auth_login_page
string
Override auth-login-page message with message from portal-message-overrides group.
auth_reject_page
string
Override auth-reject-page message with message from portal-message-overrides group.
portal_type
string
    Choices:
  • auth
  • auth+disclaimer
  • disclaimer
  • email-collect
  • cmcc
  • cmcc-macauth
  • auth-mac
  • external-auth
  • external-macauth
Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
primary_wag_profile
string
Primary wireless access gateway profile name. Source wireless-controller.wag-profile.name.
probe_resp_suppression
string
    Choices:
  • enable
  • disable
Enable/disable probe response suppression (to ignore weak signals) .
probe_resp_threshold
string
Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20).
ptk_rekey
string
    Choices:
  • enable
  • disable
Enable/disable PTK rekey for WPA-Enterprise security.
ptk_rekey_intv
integer
PTK rekey interval (1800 - 864000 sec).
qos_profile
string
Quality of service profile name. Source wireless-controller.qos-profile.name.
quarantine
string
    Choices:
  • enable
  • disable
Enable/disable station quarantine .
radio_2g_threshold
string
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20).
radio_5g_threshold
string
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20).
radio_sensitivity
string
    Choices:
  • enable
  • disable
Enable/disable software radio sensitivity (to ignore weak signals) .
radius_mac_auth
string
    Choices:
  • enable
  • disable
Enable/disable RADIUS-based MAC authentication of clients .
radius_mac_auth_server
string
RADIUS-based MAC authentication server. Source user.radius.name.
radius_mac_auth_usergroups
list / elements=string
Selective user groups that are permitted for RADIUS mac authentication.
name
string / required
User group name.
radius_server
string
RADIUS server to be used to authenticate WiFi users. Source user.radius.name.
rates_11a
list / elements=string
    Choices:
  • 1
  • 1-basic
  • 2
  • 2-basic
  • 5.5
  • 5.5-basic
  • 11
  • 11-basic
  • 6
  • 6-basic
  • 9
  • 9-basic
  • 12
  • 12-basic
  • 18
  • 18-basic
  • 24
  • 24-basic
  • 36
  • 36-basic
  • 48
  • 48-basic
  • 54
  • 54-basic
Allowed data rates for 802.11a.
rates_11ac_ss12
list / elements=string
    Choices:
  • mcs0/1
  • mcs1/1
  • mcs2/1
  • mcs3/1
  • mcs4/1
  • mcs5/1
  • mcs6/1
  • mcs7/1
  • mcs8/1
  • mcs9/1
  • mcs10/1
  • mcs11/1
  • mcs0/2
  • mcs1/2
  • mcs2/2
  • mcs3/2
  • mcs4/2
  • mcs5/2
  • mcs6/2
  • mcs7/2
  • mcs8/2
  • mcs9/2
  • mcs10/2
  • mcs11/2
Allowed data rates for 802.11ac with 1 or 2 spatial streams.
rates_11ac_ss34
list / elements=string
    Choices:
  • mcs0/3
  • mcs1/3
  • mcs2/3
  • mcs3/3
  • mcs4/3
  • mcs5/3
  • mcs6/3
  • mcs7/3
  • mcs8/3
  • mcs9/3
  • mcs10/3
  • mcs11/3
  • mcs0/4
  • mcs1/4
  • mcs2/4
  • mcs3/4
  • mcs4/4
  • mcs5/4
  • mcs6/4
  • mcs7/4
  • mcs8/4
  • mcs9/4
  • mcs10/4
  • mcs11/4
Allowed data rates for 802.11ac with 3 or 4 spatial streams.
rates_11bg
list / elements=string
    Choices:
  • 1
  • 1-basic
  • 2
  • 2-basic
  • 5.5
  • 5.5-basic
  • 11
  • 11-basic
  • 6
  • 6-basic
  • 9
  • 9-basic
  • 12
  • 12-basic
  • 18
  • 18-basic
  • 24
  • 24-basic
  • 36
  • 36-basic
  • 48
  • 48-basic
  • 54
  • 54-basic
Allowed data rates for 802.11b/g.
rates_11n_ss12
list / elements=string
    Choices:
  • mcs0/1
  • mcs1/1
  • mcs2/1
  • mcs3/1
  • mcs4/1
  • mcs5/1
  • mcs6/1
  • mcs7/1
  • mcs8/2
  • mcs9/2
  • mcs10/2
  • mcs11/2
  • mcs12/2
  • mcs13/2
  • mcs14/2
  • mcs15/2
Allowed data rates for 802.11n with 1 or 2 spatial streams.
rates_11n_ss34
list / elements=string
    Choices:
  • mcs16/3
  • mcs17/3
  • mcs18/3
  • mcs19/3
  • mcs20/3
  • mcs21/3
  • mcs22/3
  • mcs23/3
  • mcs24/4
  • mcs25/4
  • mcs26/4
  • mcs27/4
  • mcs28/4
  • mcs29/4
  • mcs30/4
  • mcs31/4
Allowed data rates for 802.11n with 3 or 4 spatial streams.
sae_groups
list / elements=string
    Choices:
  • 19
  • 20
  • 21
  • 1
  • 2
  • 5
  • 14
  • 15
  • 16
  • 17
  • 18
  • 27
  • 28
  • 29
  • 30
  • 31
SAE-Groups.
sae_password
string
WPA3 SAE password to be used to authenticate WiFi users.
schedule
string
VAP schedule name.
secondary_wag_profile
string
Secondary wireless access gateway profile name. Source wireless-controller.wag-profile.name.
security
string
    Choices:
  • open
  • captive-portal
  • wep64
  • wep128
  • wpa-personal
  • wpa-personal+captive-portal
  • wpa-enterprise
  • wpa-only-personal
  • wpa-only-personal+captive-portal
  • wpa-only-enterprise
  • wpa2-only-personal
  • wpa2-only-personal+captive-portal
  • wpa2-only-enterprise
  • osen
  • wpa3-enterprise
  • wpa3-sae
  • wpa3-sae-transition
  • owe
  • wpa3-only-enterprise
  • wpa3-enterprise-transition
Security mode for the wireless interface .
security_exempt_list
string
Optional security exempt list for captive portal authentication. Source user.security-exempt-list.name.
security_obsolete_option
string
    Choices:
  • enable
  • disable
Enable/disable obsolete security options.
security_redirect_url
string
Optional URL for redirecting users after they pass captive portal authentication.
selected_usergroups
list / elements=string
Selective user groups that are permitted to authenticate.
name
string / required
User group name. Source user.group.name.
split_tunneling
string
    Choices:
  • enable
  • disable
Enable/disable split tunneling .
ssid
string
IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
sticky_client_remove
string
    Choices:
  • enable
  • disable
Enable/disable sticky client remove to maintain good signal level clients in SSID. .
sticky_client_threshold_2g
string
Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20).
sticky_client_threshold_5g
string
Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20).
target_wake_time
string
    Choices:
  • enable
  • disable
Enable/disable 802.11ax target wake time .
tkip_counter_measure
string
    Choices:
  • enable
  • disable
Enable/disable TKIP counter measure.
tunnel_echo_interval
integer
The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec).
tunnel_fallback_interval
integer
The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec).
usergroup
list / elements=string
Firewall user group to be used to authenticate WiFi users.
name
string / required
User group name. Source user.group.name.
utm_profile
string
UTM profile name. Source wireless-controller.utm-profile.name.
vdom
string
Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name.
vlan_auto
string
    Choices:
  • enable
  • disable
Enable/disable automatic management of SSID VLAN interface.
vlan_pool
list / elements=string
VLAN pool.
id
integer / required
ID.
wtp_group
string
WTP group name. Source wireless-controller.wtp-group.name.
vlan_pooling
string
    Choices:
  • wtp-group
  • round-robin
  • hash
  • disable
Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group.
vlanid
integer
Optional VLAN ID.
voice_enterprise
string
    Choices:
  • disable
  • enable
Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming .

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure Virtual Access Points (VAPs).
    fortios_wireless_controller_vap:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      wireless_controller_vap:
        access_control_list: "<your_own_value> (source wireless-controller.access-control-list.name)"
        acct_interim_interval: "4"
        additional_akms: "akm6"
        address_group: "<your_own_value> (source wireless-controller.addrgrp.id)"
        alias: "<your_own_value>"
        atf_weight: "8"
        auth: "psk"
        broadcast_ssid: "enable"
        broadcast_suppression: "dhcp-up"
        bss_color_partial: "enable"
        bstm_disassociation_imminent: "enable"
        bstm_load_balancing_disassoc_timer: "14"
        bstm_rssi_disassoc_timer: "15"
        captive_portal_ac_name: "<your_own_value>"
        captive_portal_auth_timeout: "17"
        captive_portal_macauth_radius_secret: "<your_own_value>"
        captive_portal_macauth_radius_server: "<your_own_value>"
        captive_portal_radius_secret: "<your_own_value>"
        captive_portal_radius_server: "<your_own_value>"
        captive_portal_session_timeout_interval: "22"
        dhcp_address_enforcement: "enable"
        dhcp_lease_time: "24"
        dhcp_option43_insertion: "enable"
        dhcp_option82_circuit_id_insertion: "style-1"
        dhcp_option82_insertion: "enable"
        dhcp_option82_remote_id_insertion: "style-1"
        dynamic_vlan: "enable"
        eap_reauth: "enable"
        eap_reauth_intv: "31"
        eapol_key_retries: "disable"
        encrypt: "TKIP"
        external_fast_roaming: "enable"
        external_logout: "<your_own_value>"
        external_web: "<your_own_value>"
        external_web_format: "auto-detect"
        fast_bss_transition: "disable"
        fast_roaming: "enable"
        ft_mobility_domain: "40"
        ft_over_ds: "disable"
        ft_r0_key_lifetime: "42"
        gas_comeback_delay: "43"
        gas_fragmentation_limit: "44"
        gtk_rekey: "enable"
        gtk_rekey_intv: "46"
        high_efficiency: "enable"
        hotspot20_profile: "<your_own_value> (source wireless-controller.hotspot20.hs-profile.name)"
        igmp_snooping: "enable"
        intra_vap_privacy: "enable"
        ip: "<your_own_value>"
        ipv6_rules: "drop-icmp6ra"
        key: "<your_own_value>"
        keyindex: "54"
        ldpc: "disable"
        local_authentication: "enable"
        local_bridging: "enable"
        local_lan: "allow"
        local_standalone: "enable"
        local_standalone_nat: "enable"
        mac_auth_bypass: "enable"
        mac_called_station_delimiter: "hyphen"
        mac_calling_station_delimiter: "hyphen"
        mac_case: "uppercase"
        mac_filter: "enable"
        mac_filter_list:
         -
            id:  "67"
            mac: "<your_own_value>"
            mac_filter_policy: "allow"
        mac_filter_policy_other: "allow"
        mac_password_delimiter: "hyphen"
        mac_username_delimiter: "hyphen"
        max_clients: "73"
        max_clients_ap: "74"
        mbo: "disable"
        mbo_cell_data_conn_pref: "excluded"
        me_disable_thresh: "77"
        mesh_backhaul: "enable"
        mpsk: "enable"
        mpsk_concurrent_clients: "80"
        mpsk_key:
         -
            comment: "Comment."
            concurrent_clients: "<your_own_value>"
            key_name: "<your_own_value>"
            mpsk_schedules:
             -
                name: "default_name_86 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
            passphrase: "<your_own_value>"
        mpsk_profile: "<your_own_value> (source wireless-controller.mpsk-profile.name)"
        mu_mimo: "enable"
        multicast_enhance: "enable"
        multicast_rate: "0"
        nac: "enable"
        nac_profile: "<your_own_value> (source wireless-controller.nac-profile.name)"
        name: "default_name_94"
        neighbor_report_dual_band: "disable"
        okc: "disable"
        owe_groups: "19"
        owe_transition: "disable"
        owe_transition_ssid: "<your_own_value>"
        passphrase: "<your_own_value>"
        pmf: "disable"
        pmf_assoc_comeback_timeout: "102"
        pmf_sa_query_retry_timeout: "103"
        port_macauth: "disable"
        port_macauth_reauth_timeout: "105"
        port_macauth_timeout: "106"
        portal_message_override_group: "<your_own_value> (source system.replacemsg-group.name)"
        portal_message_overrides:
            auth_disclaimer_page: "<your_own_value>"
            auth_login_failed_page: "<your_own_value>"
            auth_login_page: "<your_own_value>"
            auth_reject_page: "<your_own_value>"
        portal_type: "auth"
        primary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
        probe_resp_suppression: "enable"
        probe_resp_threshold: "<your_own_value>"
        ptk_rekey: "enable"
        ptk_rekey_intv: "118"
        qos_profile: "<your_own_value> (source wireless-controller.qos-profile.name)"
        quarantine: "enable"
        radio_2g_threshold: "<your_own_value>"
        radio_5g_threshold: "<your_own_value>"
        radio_sensitivity: "enable"
        radius_mac_auth: "enable"
        radius_mac_auth_server: "<your_own_value> (source user.radius.name)"
        radius_mac_auth_usergroups:
         -
            name: "default_name_127"
        radius_server: "<your_own_value> (source user.radius.name)"
        rates_11a: "1"
        rates_11ac_ss12: "mcs0/1"
        rates_11ac_ss34: "mcs0/3"
        rates_11bg: "1"
        rates_11n_ss12: "mcs0/1"
        rates_11n_ss34: "mcs16/3"
        sae_groups: "19"
        sae_password: "<your_own_value>"
        schedule: "<your_own_value>"
        secondary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
        security: "open"
        security_exempt_list: "<your_own_value> (source user.security-exempt-list.name)"
        security_obsolete_option: "enable"
        security_redirect_url: "<your_own_value>"
        selected_usergroups:
         -
            name: "default_name_144 (source user.group.name)"
        split_tunneling: "enable"
        ssid: "<your_own_value>"
        sticky_client_remove: "enable"
        sticky_client_threshold_2g: "<your_own_value>"
        sticky_client_threshold_5g: "<your_own_value>"
        target_wake_time: "enable"
        tkip_counter_measure: "enable"
        tunnel_echo_interval: "152"
        tunnel_fallback_interval: "153"
        usergroup:
         -
            name: "default_name_155 (source user.group.name)"
        utm_profile: "<your_own_value> (source wireless-controller.utm-profile.name)"
        vdom: "<your_own_value> (source system.vdom.name)"
        vlan_auto: "enable"
        vlan_pool:
         -
            id:  "160"
            wtp_group: "<your_own_value> (source wireless-controller.wtp-group.name)"
        vlan_pooling: "wtp-group"
        vlanid: "163"
        voice_enterprise: "disable"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)