fmgr_fsp_vlan¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiManager device.
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.x and v7.x.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
FortiManager Version Compatibility¶
6.0.0 |
||||||||||||
| True | ||||||||||||
6.2.0 |
6.2.1 |
6.2.2 |
6.2.3 |
6.2.5 |
6.2.6 |
6.2.7 |
6.2.8 |
6.2.9 |
6.2.10 |
6.2.11 |
||
| True | True | True | True | True | True | True | True | True | True | True | ||
6.4.0 |
6.4.1 |
6.4.2 |
6.4.3 |
6.4.4 |
6.4.5 |
6.4.6 |
6.4.7 |
6.4.8 |
6.4.9 |
6.4.10 |
6.4.11 |
6.4.12 |
| True | True | True | True | True | True | True | True | True | True | True | True | True |
7.0.0 |
7.0.1 |
7.0.2 |
7.0.3 |
7.0.4 |
7.0.5 |
7.0.6 |
7.0.7 |
7.0.8 |
||||
| True | True | True | True | True | True | True | True | True | ||||
7.2.0 |
7.2.1 |
7.2.2 |
7.2.3 |
|||||||||
| True | True | True | True | |||||||||
7.4.0 |
||||||||||||
| True |
Parameters¶
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- fsp_vlan - no description type: dict
- _dhcp-status - _Dhcp-Status. type: str choices: [disable, enable] more...
- auth - No description for the parameter type: str choices: [radius, usergroup] more...
- color - Color. type: int more...
- comments - No description for the parameter type: str more...
- dynamic_mapping - Dynamic_Mapping. type: array
more...
- _dhcp-status - _Dhcp-Status. type: str choices: [disable, enable] more...
- _scope - _Scope. type: array more...
- dhcp-server type: dict
- auto-configuration - Enable/disable auto configuration. type: str choices: [disable, enable] more...
- auto-managed-status - Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. type: str choices: [disable, enable] more...
- conflicted-ip-timeout - Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. type: int more...
- ddns-auth - DDNS authentication mode. type: str choices: [disable, tsig] more...
- ddns-key - DDNS update key (base 64 encoding). type: str more...
- ddns-keyname - DDNS update key name. type: str more...
- ddns-server-ip - DDNS server IP. type: str more...
- ddns-ttl - TTL. type: int more...
- ddns-update - Enable/disable DDNS update for DHCP. type: str choices: [disable, enable] more...
- ddns-update-override - Enable/disable DDNS update override for DHCP. type: str choices: [disable, enable] more...
- ddns-zone - Zone of your domain name (ex. type: str more...
- default-gateway - Default gateway IP address assigned by the DHCP server. type: str more...
- dhcp-settings-from-fortiipam - Enable/disable populating of DHCP server settings from FortiIPAM. type: str choices: [disable, enable] more...
- dns-server1 - DNS server 1. type: str more...
- dns-server2 - DNS server 2. type: str more...
- dns-server3 - DNS server 3. type: str more...
- dns-server4 - DNS server 4. type: str more...
- dns-service - Options for assigning DNS servers to DHCP clients. type: str choices: [default, specify, local] more...
- domain - Domain name suffix for the IP addresses that the DHCP server assigns to clients. type: str more...
- enable - Enable. type: str choices: [disable, enable] more...
- exclude-range - Exclude-Range. type: array
more...
- end-ip - End of IP range. type: str more...
- id - ID. type: int more...
- start-ip - Start of IP range. type: str more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - No description for the parameter type: str more...
- lease-time - Lease time in seconds, 0 means default lease time. type: int more...
- uci-match - Enable/disable user class identifier (UCI) matching. type: str choices: [disable, enable] more...
- uci-string - No description for the parameter type: str more...
- filename - Name of the boot file on the TFTP server. type: str more...
- forticlient-on-net-status - Enable/disable FortiClient-On-Net service for this DHCP server. type: str choices: [disable, enable] more...
- id - ID. type: int more...
- ip-mode - Method used to assign client IP. type: str choices: [range, usrgrp] more...
- ip-range - Ip-Range. type: array
more...
- end-ip - End of IP range. type: str more...
- id - ID. type: int more...
- start-ip - Start of IP range. type: str more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - No description for the parameter type: str more...
- lease-time - Lease time in seconds, 0 means default lease time. type: int more...
- uci-match - Enable/disable user class identifier (UCI) matching. type: str choices: [disable, enable] more...
- uci-string - No description for the parameter type: str more...
- ipsec-lease-hold - DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). type: int more...
- lease-time - Lease time in seconds, 0 means unlimited. type: int more...
- mac-acl-default-action - MAC access control default action (allow or block assigning IP settings). type: str choices: [assign, block] more...
- netmask - Netmask assigned by the DHCP server. type: str more...
- next-server - IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. type: str more...
- ntp-server1 - NTP server 1. type: str more...
- ntp-server2 - NTP server 2. type: str more...
- ntp-server3 - NTP server 3. type: str more...
- ntp-service - Options for assigning Network Time Protocol (NTP) servers to DHCP clients. type: str choices: [default, specify, local] more...
- option1 - Option1. type: str more...
- option2 - Option2. type: str more...
- option3 - Option3. type: str more...
- option4 - Option4. type: str more...
- option5 - Option5. type: str more...
- option6 - Option6. type: str more...
- options - Options. type: array
more...
- code - DHCP option code. type: int more...
- id - ID. type: int more...
- ip - DHCP option IPs. type: str more...
- type - DHCP option type. type: str choices: [hex, string, ip, fqdn] more...
- value - DHCP option value. type: str more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - No description for the parameter type: str more...
- uci-match - Enable/disable user class identifier (UCI) matching. type: str choices: [disable, enable] more...
- uci-string - No description for the parameter type: str more...
- reserved-address - Reserved-Address. type: array
more...
- action - Options for the DHCP server to configure the client with the reserved MAC address. type: str choices: [assign, block, reserved] more...
- circuit-id - Option 82 circuit-ID of the client that will get the reserved IP address. type: str more...
- circuit-id-type - DHCP option type. type: str choices: [hex, string] more...
- description - Description. type: str more...
- id - ID. type: int more...
- ip - IP address to be reserved for the MAC address. type: str more...
- mac - MAC address of the client that will get the reserved IP address. type: str more...
- remote-id - Option 82 remote-ID of the client that will get the reserved IP address. type: str more...
- remote-id-type - DHCP option type. type: str choices: [hex, string] more...
- type - DHCP reserved-address type. type: str choices: [mac, option82] more...
- server-type - DHCP server can be a normal DHCP server or an IPsec DHCP server. type: str choices: [regular, ipsec] more...
- status - Enable/disable this DHCP configuration. type: str choices: [disable, enable] more...
- tftp-server - One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. type: str more...
- timezone - Select the time zone to be assigned to DHCP clients. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87] more...
- timezone-option - Options for the DHCP server to set the clients time zone. type: str choices: [disable, default, specify] more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - One or more VCI strings in quotes separated by spaces. type: str more...
- wifi-ac-service - Options for assigning WiFi Access Controllers to DHCP clients type: str choices: [specify, local] more...
- wifi-ac1 - WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). type: str more...
- wifi-ac2 - WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). type: str more...
- wifi-ac3 - WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). type: str more...
- wins-server1 - WINS server 1. type: str more...
- wins-server2 - WINS server 2. type: str more...
- relay-agent - Relay agent IP. type: str more...
- shared-subnet - Enable/disable shared subnet. type: str choices: [disable, enable] more...
- interface type: dict
- dhcp-relay-agent-option - Dhcp-Relay-Agent-Option. type: str choices: [disable, enable] more...
- dhcp-relay-ip - Dhcp-Relay-Ip. type: str more...
- dhcp-relay-service - Dhcp-Relay-Service. type: str choices: [disable, enable] more...
- dhcp-relay-type - Dhcp-Relay-Type. type: str choices: [regular, ipsec] more...
- ip - Ip. type: str more...
- ipv6 type: dict
- autoconf - Enable/disable address auto config. type: str choices: [disable, enable] more...
- dhcp6-client-options - Dhcp6-Client-Options. type: array choices: [rapid, iapd, iana, dns, dnsname] more...
- dhcp6-information-request - Enable/disable DHCPv6 information request. type: str choices: [disable, enable] more...
- dhcp6-prefix-delegation - Enable/disable DHCPv6 prefix delegation. type: str choices: [disable, enable] more...
- dhcp6-prefix-hint - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. type: str more...
- dhcp6-prefix-hint-plt - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. type: int more...
- dhcp6-prefix-hint-vlt - DHCPv6 prefix hint valid life time (sec). type: int more...
- dhcp6-relay-ip - DHCPv6 relay IP address. type: str more...
- dhcp6-relay-service - Enable/disable DHCPv6 relay. type: str choices: [disable, enable] more...
- dhcp6-relay-type - DHCPv6 relay type. type: str choices: [regular] more...
- icmp6-send-redirect - Enable/disable sending of ICMPv6 redirects. type: str choices: [disable, enable] more...
- interface-identifier - IPv6 interface identifier. type: str more...
- ip6-address - Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx type: str more...
- ip6-allowaccess - Allow management access to the interface. type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, capwap, fabric] more...
- ip6-default-life - Default life (sec). type: int more...
- ip6-delegated-prefix-list - Ip6-Delegated-Prefix-List. type: array
more...
- autonomous-flag - Enable/disable the autonomous flag. type: str choices: [disable, enable] more...
- onlink-flag - Enable/disable the onlink flag. type: str choices: [disable, enable] more...
- prefix-id - Prefix ID. type: int more...
- rdnss - Recursive DNS server option. type: str more...
- rdnss-service - Recursive DNS service option. type: str choices: [delegated, default, specify] more...
- subnet - Add subnet ID to routing prefix. type: str more...
- upstream-interface - Name of the interface that provides delegated information. type: str more...
- delegated-prefix-iaid - IAID of obtained delegated-prefix from the upstream interface. type: int more...
- ip6-dns-server-override - Enable/disable using the DNS server acquired by DHCP. type: str choices: [disable, enable] more...
- ip6-extra-addr - Ip6-Extra-Addr. type: array
more...
- prefix - IPv6 address prefix. type: str more...
- ip6-hop-limit - Hop limit (0 means unspecified). type: int more...
- ip6-link-mtu - IPv6 link MTU. type: int more...
- ip6-manage-flag - Enable/disable the managed flag. type: str choices: [disable, enable] more...
- ip6-max-interval - IPv6 maximum interval (4 to 1800 sec). type: int more...
- ip6-min-interval - IPv6 minimum interval (3 to 1350 sec). type: int more...
- ip6-mode - Addressing mode (static, DHCP, delegated). type: str choices: [static, dhcp, pppoe, delegated] more...
- ip6-other-flag - Enable/disable the other IPv6 flag. type: str choices: [disable, enable] more...
- ip6-prefix-list - Ip6-Prefix-List. type: array
more...
- autonomous-flag - Enable/disable the autonomous flag. type: str choices: [disable, enable] more...
- dnssl - DNS search list option. type: str more...
- onlink-flag - Enable/disable the onlink flag. type: str choices: [disable, enable] more...
- preferred-life-time - Preferred life time (sec). type: int more...
- prefix - IPv6 prefix. type: str more...
- rdnss - Recursive DNS server option. type: str more...
- valid-life-time - Valid life time (sec). type: int more...
- ip6-reachable-time - IPv6 reachable time (milliseconds; 0 means unspecified). type: int more...
- ip6-retrans-time - IPv6 retransmit time (milliseconds; 0 means unspecified). type: int more...
- ip6-send-adv - Enable/disable sending advertisements about the interface. type: str choices: [disable, enable] more...
- ip6-subnet - Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx type: str more...
- ip6-upstream-interface - Interface name providing delegated information. type: str more...
- nd-cert - Neighbor discovery certificate. type: str more...
- nd-cga-modifier - Neighbor discovery CGA modifier. type: str more...
- nd-mode - Neighbor discovery mode. type: str choices: [basic, SEND-compatible] more...
- nd-security-level - Neighbor discovery security level (0 - 7; 0 = least secure, default = 0). type: int more...
- nd-timestamp-delta - Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300). type: int more...
- nd-timestamp-fuzz - Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1). type: int more...
- unique-autoconf-addr - Enable/disable unique auto config address. type: str choices: [disable, enable] more...
- vrip6_link_local - Link-local IPv6 address of virtual router. type: str more...
- vrrp-virtual-mac6 - Enable/disable virtual MAC for VRRP. type: str choices: [disable, enable] more...
- vrrp6 - Vrrp6. type: array
more...
- accept-mode - Enable/disable accept mode. type: str choices: [disable, enable] more...
- adv-interval - Advertisement interval (1 - 255 seconds). type: int more...
- preempt - Enable/disable preempt mode. type: str choices: [disable, enable] more...
- priority - Priority of the virtual router (1 - 255). type: int more...
- start-time - Startup time (1 - 255 seconds). type: int more...
- status - Enable/disable VRRP. type: str choices: [disable, enable] more...
- vrdst6 - Monitor the route to this destination. type: str more...
- vrgrp - VRRP group ID (1 - 65535). type: int more...
- vrid - Virtual router identifier (1 - 255). type: int more...
- vrip6 - IPv6 address of the virtual router. type: str more...
- cli-conn6-status - Cli-Conn6-Status. type: int more...
- ip6-prefix-mode - Assigning a prefix from DHCP or RA. type: str choices: [dhcp6, ra] more...
- ra-send-mtu - Enable/disable sending link MTU in RA packet. type: str choices: [disable, enable] more...
- ip6-delegated-prefix-iaid - IAID of obtained delegated-prefix from the upstream interface. type: int more...
- dhcp6-relay-source-interface - Enable/disable use of address on this interface as the source address of the relay message. type: str choices: [disable, enable] more...
- secondary-IP - Secondary-Ip. type: str choices: [disable, enable] more...
- secondaryip - Secondaryip. type: array
more...
- allowaccess - Management access settings for the secondary IP address. type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- detectprotocol - Protocols used to detect the server. type: array choices: [ping, tcp-echo, udp-echo] more...
- detectserver - Gateways ping server for this IP. type: str more...
- gwdetect - Enable/disable detect gateway alive for first. type: str choices: [disable, enable] more...
- ha-priority - HA election priority for the PING server. type: int more...
- id - ID. type: int more...
- ip - Secondary IP address of the interface. type: str more...
- ping-serv-status - Ping-Serv-Status. type: int more...
- seq - Seq. type: int more...
- secip-relay-ip - DHCP relay IP address. type: str more...
- vlanid - Vlanid. type: int more...
- dhcp-relay-interface-select-method - No description for the parameter type: str choices: [auto, sdwan, specify] more...
- vrrp - No description for the parameter type: array
more...
- accept-mode - Enable/disable accept mode. type: str choices: [disable, enable] more...
- adv-interval - Advertisement interval (1 - 255 seconds). type: int more...
- ignore-default-route - Enable/disable ignoring of default route when checking destination. type: str choices: [disable, enable] more...
- preempt - Enable/disable preempt mode. type: str choices: [disable, enable] more...
- priority - Priority of the virtual router (1 - 255). type: int more...
- proxy-arp - No description for the parameter type: array more...
- start-time - Startup time (1 - 255 seconds). type: int more...
- status - Enable/disable this VRRP configuration. type: str choices: [disable, enable] more...
- version - VRRP version. type: str choices: [2, 3] more...
- vrdst - No description for the parameter type: str more...
- vrdst-priority - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). type: int more...
- vrgrp - VRRP group ID (1 - 65535). type: int more...
- vrid - Virtual router identifier (1 - 255). type: int more...
- vrip - IP address of the virtual router. type: str more...
- name - Name. type: str more...
- portal-message-override-group - No description for the parameter type: str more...
- radius-server - No description for the parameter type: str more...
- security - No description for the parameter type: str choices: [open, captive-portal, 8021x] more...
- selected-usergroups - No description for the parameter type: str more...
- usergroup - No description for the parameter type: str more...
- vdom - Vdom. type: str more...
- vlanid - Vlanid. type: int more...
- dhcp-server type: dict
- auto-configuration - Enable/disable auto configuration. type: str choices: [disable, enable] more...
- auto-managed-status - Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. type: str choices: [disable, enable] more...
- conflicted-ip-timeout - Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. type: int more...
- ddns-auth - DDNS authentication mode. type: str choices: [disable, tsig] more...
- ddns-key - DDNS update key (base 64 encoding). type: str more...
- ddns-keyname - DDNS update key name. type: str more...
- ddns-server-ip - DDNS server IP. type: str more...
- ddns-ttl - TTL. type: int more...
- ddns-update - Enable/disable DDNS update for DHCP. type: str choices: [disable, enable] more...
- ddns-update-override - Enable/disable DDNS update override for DHCP. type: str choices: [disable, enable] more...
- ddns-zone - Zone of your domain name (ex. type: str more...
- default-gateway - Default gateway IP address assigned by the DHCP server. type: str more...
- dhcp-settings-from-fortiipam - Enable/disable populating of DHCP server settings from FortiIPAM. type: str choices: [disable, enable] more...
- dns-server1 - DNS server 1. type: str more...
- dns-server2 - DNS server 2. type: str more...
- dns-server3 - DNS server 3. type: str more...
- dns-server4 - DNS server 4. type: str more...
- dns-service - Options for assigning DNS servers to DHCP clients. type: str choices: [default, specify, local] more...
- domain - Domain name suffix for the IP addresses that the DHCP server assigns to clients. type: str more...
- enable - Enable. type: str choices: [disable, enable] more...
- exclude-range - Exclude-Range. type: array
more...
- end-ip - End of IP range. type: str more...
- id - ID. type: int more...
- start-ip - Start of IP range. type: str more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - No description for the parameter type: str more...
- lease-time - Lease time in seconds, 0 means default lease time. type: int more...
- uci-match - Enable/disable user class identifier (UCI) matching. type: str choices: [disable, enable] more...
- uci-string - No description for the parameter type: str more...
- filename - Name of the boot file on the TFTP server. type: str more...
- forticlient-on-net-status - Enable/disable FortiClient-On-Net service for this DHCP server. type: str choices: [disable, enable] more...
- id - ID. type: int more...
- ip-mode - Method used to assign client IP. type: str choices: [range, usrgrp] more...
- ip-range - Ip-Range. type: array
more...
- end-ip - End of IP range. type: str more...
- id - ID. type: int more...
- start-ip - Start of IP range. type: str more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - No description for the parameter type: str more...
- lease-time - Lease time in seconds, 0 means default lease time. type: int more...
- uci-match - Enable/disable user class identifier (UCI) matching. type: str choices: [disable, enable] more...
- uci-string - No description for the parameter type: str more...
- ipsec-lease-hold - DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). type: int more...
- lease-time - Lease time in seconds, 0 means unlimited. type: int more...
- mac-acl-default-action - MAC access control default action (allow or block assigning IP settings). type: str choices: [assign, block] more...
- netmask - Netmask assigned by the DHCP server. type: str more...
- next-server - IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. type: str more...
- ntp-server1 - NTP server 1. type: str more...
- ntp-server2 - NTP server 2. type: str more...
- ntp-server3 - NTP server 3. type: str more...
- ntp-service - Options for assigning Network Time Protocol (NTP) servers to DHCP clients. type: str choices: [default, specify, local] more...
- option1 - Option1. type: str more...
- option2 - Option2. type: str more...
- option3 - Option3. type: str more...
- option4 - Option4. type: str more...
- option5 - Option5. type: str more...
- option6 - Option6. type: str more...
- options - Options. type: array
more...
- code - DHCP option code. type: int more...
- id - ID. type: int more...
- ip - DHCP option IPs. type: str more...
- type - DHCP option type. type: str choices: [hex, string, ip, fqdn] more...
- value - DHCP option value. type: str more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - No description for the parameter type: str more...
- uci-match - Enable/disable user class identifier (UCI) matching. type: str choices: [disable, enable] more...
- uci-string - No description for the parameter type: str more...
- reserved-address - Reserved-Address. type: array
more...
- action - Options for the DHCP server to configure the client with the reserved MAC address. type: str choices: [assign, block, reserved] more...
- circuit-id - Option 82 circuit-ID of the client that will get the reserved IP address. type: str more...
- circuit-id-type - DHCP option type. type: str choices: [hex, string] more...
- description - Description. type: str more...
- id - ID. type: int more...
- ip - IP address to be reserved for the MAC address. type: str more...
- mac - MAC address of the client that will get the reserved IP address. type: str more...
- remote-id - Option 82 remote-ID of the client that will get the reserved IP address. type: str more...
- remote-id-type - DHCP option type. type: str choices: [hex, string] more...
- type - DHCP reserved-address type. type: str choices: [mac, option82] more...
- server-type - DHCP server can be a normal DHCP server or an IPsec DHCP server. type: str choices: [regular, ipsec] more...
- status - Enable/disable this DHCP configuration. type: str choices: [disable, enable] more...
- tftp-server - One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. type: str more...
- timezone - Select the time zone to be assigned to DHCP clients. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87] more...
- timezone-option - Options for the DHCP server to set the clients time zone. type: str choices: [disable, default, specify] more...
- vci-match - Enable/disable vendor class identifier (VCI) matching. type: str choices: [disable, enable] more...
- vci-string - One or more VCI strings in quotes separated by spaces. type: str more...
- wifi-ac-service - Options for assigning WiFi Access Controllers to DHCP clients type: str choices: [specify, local] more...
- wifi-ac1 - WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). type: str more...
- wifi-ac2 - WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). type: str more...
- wifi-ac3 - WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). type: str more...
- wins-server1 - WINS server 1. type: str more...
- wins-server2 - WINS server 2. type: str more...
- relay-agent - Relay agent IP. type: str more...
- shared-subnet - Enable/disable shared subnet. type: str choices: [disable, enable] more...
- interface type: dict
- ac-name - PPPoE server name. type: str more...
- aggregate - Aggregate. type: str more...
- algorithm - Frame distribution algorithm. type: str choices: [L2, L3, L4, LB, Source-MAC] more...
- alias - Alias will be displayed with the interface name to make it easier to distinguish. type: str more...
- allowaccess - Permitted types of management access to this interface. type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- ap-discover - Enable/disable automatic registration of unknown FortiAP devices. type: str choices: [disable, enable] more...
- arpforward - Enable/disable ARP forwarding. type: str choices: [disable, enable] more...
- atm-protocol - ATM protocol. type: str choices: [none, ipoa] more...
- auth-type - PPP authentication type to use. type: str choices: [auto, pap, chap, mschapv1, mschapv2] more...
- auto-auth-extension-device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. type: str choices: [disable, enable] more...
- bandwidth-measure-time - Bandwidth measure time type: int more...
- bfd - Bidirectional Forwarding Detection (BFD) settings. type: str choices: [global, enable, disable] more...
- bfd-desired-min-tx - BFD desired minimal transmit interval. type: int more...
- bfd-detect-mult - BFD detection multiplier. type: int more...
- bfd-required-min-rx - BFD required minimal receive interval. type: int more...
- broadcast-forticlient-discovery - Enable/disable broadcasting FortiClient discovery messages. type: str choices: [disable, enable] more...
- broadcast-forward - Enable/disable broadcast forwarding. type: str choices: [disable, enable] more...
- captive-portal - Enable/disable captive portal. type: int more...
- cli-conn-status - Cli-Conn-Status. type: int more...
- color - Color of icon on the GUI. type: int more...
- ddns - Ddns. type: str choices: [disable, enable] more...
- ddns-auth - Ddns-Auth. type: str choices: [disable, tsig] more...
- ddns-domain - Ddns-Domain. type: str more...
- ddns-key - Ddns-Key. type: str more...
- ddns-keyname - Ddns-Keyname. type: str more...
- ddns-password - Ddns-Password. type: str more...
- ddns-server - Ddns-Server. type: str choices: [dhs.org, dyndns.org, dyns.net, tzo.com, ods.org, vavic.com, now.net.cn, dipdns.net, easydns.com, genericDDNS] more...
- ddns-server-ip - Ddns-Server-Ip. type: str more...
- ddns-sn - Ddns-Sn. type: str more...
- ddns-ttl - Ddns-Ttl. type: int more...
- ddns-username - Ddns-Username. type: str more...
- ddns-zone - Ddns-Zone. type: str more...
- dedicated-to - Configure interface for single purpose. type: str choices: [none, management] more...
- defaultgw - Enable to get the gateway IP from the DHCP or PPPoE server. type: str choices: [disable, enable] more...
- description - Description. type: str more...
- detected-peer-mtu - Detected-Peer-Mtu. type: int more...
- detectprotocol - Protocols used to detect the server. type: array choices: [ping, tcp-echo, udp-echo] more...
- detectserver - Gateways ping server for this IP. type: str more...
- device-access-list - Device access list. type: str more...
- device-identification - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. type: str choices: [disable, enable] more...
- device-identification-active-scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. type: str choices: [disable, enable] more...
- device-netscan - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. type: str choices: [disable, enable] more...
- device-user-identification - Enable/disable passive gathering of user identity information about users on this interface. type: str choices: [disable, enable] more...
- devindex - Devindex. type: int more...
- dhcp-client-identifier - DHCP client identifier. type: str more...
- dhcp-relay-agent-option - Enable/disable DHCP relay agent option. type: str choices: [disable, enable] more...
- dhcp-relay-interface - Specify outgoing interface to reach server. type: str more...
- dhcp-relay-interface-select-method - Specify how to select outgoing interface to reach server. type: str choices: [auto, sdwan, specify] more...
- dhcp-relay-ip - DHCP relay IP address. type: str more...
- dhcp-relay-service - Enable/disable allowing this interface to act as a DHCP relay. type: str choices: [disable, enable] more...
- dhcp-relay-type - DHCP relay type (regular or IPsec). type: str choices: [regular, ipsec] more...
- dhcp-renew-time - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. type: int more...
- disc-retry-timeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. type: int more...
- disconnect-threshold - Time in milliseconds to wait before sending a notification that this interface is down or disconnected. type: int more...
- distance - Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. type: int more...
- dns-query - Dns-Query. type: str choices: [disable, recursive, non-recursive] more...
- dns-server-override - Enable/disable use DNS acquired by DHCP or PPPoE. type: str choices: [disable, enable] more...
- drop-fragment - Enable/disable drop fragment packets. type: str choices: [disable, enable] more...
- drop-overlapped-fragment - Enable/disable drop overlapped fragment packets. type: str choices: [disable, enable] more...
- egress-cos - Override outgoing CoS in user VLAN tag. type: str choices: [disable, cos0, cos1, cos2, cos3, cos4, cos5, cos6, cos7] more...
- egress-shaping-profile - Outgoing traffic shaping profile. type: str more...
- eip - Eip. type: str more...
- endpoint-compliance - Enable/disable endpoint compliance enforcement. type: str choices: [disable, enable] more...
- estimated-downstream-bandwidth - Estimated maximum downstream bandwidth (kbps). type: int more...
- estimated-upstream-bandwidth - Estimated maximum upstream bandwidth (kbps). type: int more...
- explicit-ftp-proxy - Enable/disable the explicit FTP proxy on this interface. type: str choices: [disable, enable] more...
- explicit-web-proxy - Enable/disable the explicit web proxy on this interface. type: str choices: [disable, enable] more...
- external - Enable/disable identifying the interface as an external interface (which usually means its connected to the Internet). type: str choices: [disable, enable] more...
- fail-action-on-extender - Action on extender when interface fail . type: str choices: [soft-restart, hard-restart, reboot] more...
- fail-alert-interfaces - Names of the FortiGate interfaces to which the link failure alert is sent. type: str more...
- fail-alert-method - Select link-failed-signal or link-down method to alert about a failed link. type: str choices: [link-failed-signal, link-down] more...
- fail-detect - Enable/disable fail detection features for this interface. type: str choices: [disable, enable] more...
- fail-detect-option - Options for detecting that this interface has failed. type: array choices: [detectserver, link-down] more...
- fdp - Fdp. type: str choices: [disable, enable] more...
- fortiheartbeat - Enable/disable FortiHeartBeat (FortiTelemetry on GUI). type: str choices: [disable, enable] more...
- fortilink - Enable FortiLink to dedicate this interface to manage other Fortinet devices. type: str choices: [disable, enable] more...
- fortilink-backup-link - Fortilink-Backup-Link. type: int more...
- fortilink-neighbor-detect - Protocol for FortiGate neighbor discovery. type: str choices: [lldp, fortilink] more...
- fortilink-split-interface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. type: str choices: [disable, enable] more...
- fortilink-stacking - Enable/disable FortiLink switch-stacking on this interface. type: str choices: [disable, enable] more...
- forward-domain - Transparent mode forward domain. type: int more...
- forward-error-correction - Enable/disable forward error correction (FEC Clause 91). type: str choices: [disable, enable, rs-fec, base-r-fec, fec-cl91, fec-cl74, rs-544, none, cl91-rs-fec, cl74-fc-fec] more...
- fp-anomaly - Fp-Anomaly. type: array choices: [drop_tcp_fin_noack, pass_winnuke, pass_tcpland, pass_udpland, pass_icmpland, pass_ipland, pass_iprr, pass_ipssrr, pass_iplsrr, pass_ipstream, pass_ipsecurity, pass_iptimestamp, pass_ipunknown_option, pass_ipunknown_prot, pass_icmp_frag, pass_tcp_no_flag, pass_tcp_fin_noack, drop_winnuke, drop_tcpland, drop_udpland, drop_icmpland, drop_ipland, drop_iprr, drop_ipssrr, drop_iplsrr, drop_ipstream, drop_ipsecurity, drop_iptimestamp, drop_ipunknown_option, drop_ipunknown_prot, drop_icmp_frag, drop_tcp_no_flag] more...
- fp-disable - Fp-Disable. type: array choices: [all, ipsec, none] more...
- gateway-address - Gateway address type: str more...
- gi-gk - Enable/disable Gi Gatekeeper. type: str choices: [disable, enable] more...
- gwaddr - Gateway address type: str more...
- gwdetect - Enable/disable detect gateway alive for first. type: str choices: [disable, enable] more...
- ha-priority - HA election priority for the PING server. type: int more...
- icmp-accept-redirect - Enable/disable ICMP accept redirect. type: str choices: [disable, enable] more...
- icmp-redirect - Enable/disable ICMP redirect. type: str choices: [disable, enable] more...
- icmp-send-redirect - Enable/disable sending of ICMP redirects. type: str choices: [disable, enable] more...
- ident-accept - Enable/disable authentication for this interface. type: str choices: [disable, enable] more...
- idle-timeout - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. type: int more...
- if-mdix - Interface MDIX mode type: str choices: [auto, normal, crossover] more...
- if-media - Select interface media type type: str choices: [auto, copper, fiber] more...
- in-force-vlan-cos - In-Force-Vlan-Cos. type: int more...
- inbandwidth - Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. type: int more...
- ingress-cos - Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. type: str choices: [disable, cos0, cos1, cos2, cos3, cos4, cos5, cos6, cos7] more...
- ingress-shaping-profile - Incoming traffic shaping profile. type: str more...
- ingress-spillover-threshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. type: int more...
- internal - Implicitly created. type: int more...
- ip - Interface IPv4 address and subnet mask, syntax: X. type: str more...
- ip-managed-by-fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM. type: str choices: [disable, enable, inherit-global] more...
- ipmac - Enable/disable IP/MAC binding. type: str choices: [disable, enable] more...
- ips-sniffer-mode - Enable/disable the use of this interface as a one-armed sniffer. type: str choices: [disable, enable] more...
- ipunnumbered - Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. type: str more...
- ipv6 type: dict
- autoconf - Enable/disable address auto config. type: str choices: [disable, enable] more...
- dhcp6-client-options - Dhcp6-Client-Options. type: array choices: [rapid, iapd, iana, dns, dnsname] more...
- dhcp6-information-request - Enable/disable DHCPv6 information request. type: str choices: [disable, enable] more...
- dhcp6-prefix-delegation - Enable/disable DHCPv6 prefix delegation. type: str choices: [disable, enable] more...
- dhcp6-prefix-hint - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. type: str more...
- dhcp6-prefix-hint-plt - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. type: int more...
- dhcp6-prefix-hint-vlt - DHCPv6 prefix hint valid life time (sec). type: int more...
- dhcp6-relay-ip - DHCPv6 relay IP address. type: str more...
- dhcp6-relay-service - Enable/disable DHCPv6 relay. type: str choices: [disable, enable] more...
- dhcp6-relay-type - DHCPv6 relay type. type: str choices: [regular] more...
- icmp6-send-redirect - Enable/disable sending of ICMPv6 redirects. type: str choices: [disable, enable] more...
- interface-identifier - IPv6 interface identifier. type: str more...
- ip6-address - Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx type: str more...
- ip6-allowaccess - Allow management access to the interface. type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, capwap, fabric] more...
- ip6-default-life - Default life (sec). type: int more...
- ip6-delegated-prefix-list - Ip6-Delegated-Prefix-List. type: array
more...
- autonomous-flag - Enable/disable the autonomous flag. type: str choices: [disable, enable] more...
- onlink-flag - Enable/disable the onlink flag. type: str choices: [disable, enable] more...
- prefix-id - Prefix ID. type: int more...
- rdnss - Recursive DNS server option. type: str more...
- rdnss-service - Recursive DNS service option. type: str choices: [delegated, default, specify] more...
- subnet - Add subnet ID to routing prefix. type: str more...
- upstream-interface - Name of the interface that provides delegated information. type: str more...
- delegated-prefix-iaid - IAID of obtained delegated-prefix from the upstream interface. type: int more...
- ip6-dns-server-override - Enable/disable using the DNS server acquired by DHCP. type: str choices: [disable, enable] more...
- ip6-extra-addr - Ip6-Extra-Addr. type: array
more...
- prefix - IPv6 address prefix. type: str more...
- ip6-hop-limit - Hop limit (0 means unspecified). type: int more...
- ip6-link-mtu - IPv6 link MTU. type: int more...
- ip6-manage-flag - Enable/disable the managed flag. type: str choices: [disable, enable] more...
- ip6-max-interval - IPv6 maximum interval (4 to 1800 sec). type: int more...
- ip6-min-interval - IPv6 minimum interval (3 to 1350 sec). type: int more...
- ip6-mode - Addressing mode (static, DHCP, delegated). type: str choices: [static, dhcp, pppoe, delegated] more...
- ip6-other-flag - Enable/disable the other IPv6 flag. type: str choices: [disable, enable] more...
- ip6-prefix-list - Ip6-Prefix-List. type: array
more...
- autonomous-flag - Enable/disable the autonomous flag. type: str choices: [disable, enable] more...
- dnssl - DNS search list option. type: str more...
- onlink-flag - Enable/disable the onlink flag. type: str choices: [disable, enable] more...
- preferred-life-time - Preferred life time (sec). type: int more...
- prefix - IPv6 prefix. type: str more...
- rdnss - Recursive DNS server option. type: str more...
- valid-life-time - Valid life time (sec). type: int more...
- ip6-reachable-time - IPv6 reachable time (milliseconds; 0 means unspecified). type: int more...
- ip6-retrans-time - IPv6 retransmit time (milliseconds; 0 means unspecified). type: int more...
- ip6-send-adv - Enable/disable sending advertisements about the interface. type: str choices: [disable, enable] more...
- ip6-subnet - Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx type: str more...
- ip6-upstream-interface - Interface name providing delegated information. type: str more...
- nd-cert - Neighbor discovery certificate. type: str more...
- nd-cga-modifier - Neighbor discovery CGA modifier. type: str more...
- nd-mode - Neighbor discovery mode. type: str choices: [basic, SEND-compatible] more...
- nd-security-level - Neighbor discovery security level (0 - 7; 0 = least secure, default = 0). type: int more...
- nd-timestamp-delta - Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300). type: int more...
- nd-timestamp-fuzz - Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1). type: int more...
- unique-autoconf-addr - Enable/disable unique auto config address. type: str choices: [disable, enable] more...
- vrip6_link_local - Link-local IPv6 address of virtual router. type: str more...
- vrrp-virtual-mac6 - Enable/disable virtual MAC for VRRP. type: str choices: [disable, enable] more...
- vrrp6 - Vrrp6. type: array
more...
- accept-mode - Enable/disable accept mode. type: str choices: [disable, enable] more...
- adv-interval - Advertisement interval (1 - 255 seconds). type: int more...
- preempt - Enable/disable preempt mode. type: str choices: [disable, enable] more...
- priority - Priority of the virtual router (1 - 255). type: int more...
- start-time - Startup time (1 - 255 seconds). type: int more...
- status - Enable/disable VRRP. type: str choices: [disable, enable] more...
- vrdst6 - Monitor the route to this destination. type: str more...
- vrgrp - VRRP group ID (1 - 65535). type: int more...
- vrid - Virtual router identifier (1 - 255). type: int more...
- vrip6 - IPv6 address of the virtual router. type: str more...
- cli-conn6-status - Cli-Conn6-Status. type: int more...
- ip6-prefix-mode - Assigning a prefix from DHCP or RA. type: str choices: [dhcp6, ra] more...
- ra-send-mtu - Enable/disable sending link MTU in RA packet. type: str choices: [disable, enable] more...
- ip6-delegated-prefix-iaid - IAID of obtained delegated-prefix from the upstream interface. type: int more...
- dhcp6-relay-source-interface - Enable/disable use of address on this interface as the source address of the relay message. type: str choices: [disable, enable] more...
- l2forward - Enable/disable l2 forwarding. type: str choices: [disable, enable] more...
- l2tp-client - Enable/disable this interface as a Layer 2 Tunnelling Protocol (L2TP) client. type: str choices: [disable, enable] more...
- lacp-ha-slave - LACP HA slave. type: str choices: [disable, enable] more...
- lacp-mode - LACP mode. type: str choices: [static, passive, active] more...
- lacp-speed - How often the interface sends LACP messages. type: str choices: [slow, fast] more...
- lcp-echo-interval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. type: int more...
- lcp-max-echo-fails - Maximum missed LCP echo messages before disconnect. type: int more...
- link-up-delay - Number of milliseconds to wait before considering a link is up. type: int more...
- listen-forticlient-connection - Listen-Forticlient-Connection. type: str choices: [disable, enable] more...
- lldp-network-policy - LLDP-MED network policy profile. type: str more...
- lldp-reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str choices: [disable, enable, vdom] more...
- lldp-transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: [enable, disable, vdom] more...
- log - Log. type: str choices: [disable, enable] more...
- macaddr - Change the interfaces MAC address. type: str more...
- managed-subnetwork-size - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate units DHCP server settings. type: str choices: [256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536, 32, 64, 128] more...
- management-ip - High Availability in-band management IP address of this interface. type: str more...
- max-egress-burst-rate - Max egress burst rate (kbits per sec). type: int more...
- max-egress-rate - Max egress rate (kbits per sec). type: int more...
- measured-downstream-bandwidth - Measured downstream bandwidth (kbps). type: int more...
- measured-upstream-bandwidth - Measured upstream bandwidth (kbps). type: int more...
- mediatype - Select SFP media interface type type: str choices: [serdes-sfp, sgmii-sfp, cfp2-sr10, cfp2-lr4, serdes-copper-sfp, sr, cr, lr, qsfp28-sr4, qsfp28-lr4, qsfp28-cr4, sr4, cr4, lr4, none, gmii, sgmii, sr2, lr2, cr2, sr8, lr8, cr8] more...
- member - Physical interfaces that belong to the aggregate or redundant interface. type: str more...
- min-links - Minimum number of aggregated ports that must be up. type: int more...
- min-links-down - Action to take when less than the configured minimum number of links are active. type: str choices: [operational, administrative] more...
- mode - Addressing mode (static, DHCP, PPPoE). type: str choices: [static, dhcp, pppoe, pppoa, ipoa, eoa] more...
- monitor-bandwidth - Enable monitoring bandwidth on this interface. type: str choices: [disable, enable] more...
- mtu - MTU value for this interface. type: int more...
- mtu-override - Enable to set a custom MTU for this interface. type: str choices: [disable, enable] more...
- mux-type - Multiplexer type type: str choices: [llc-encaps, vc-encaps] more...
- name - Name. type: str more...
- ndiscforward - Enable/disable NDISC forwarding. type: str choices: [disable, enable] more...
- netbios-forward - Enable/disable NETBIOS forwarding. type: str choices: [disable, enable] more...
- netflow-sampler - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). type: str choices: [disable, tx, rx, both] more...
- np-qos-profile - NP QoS profile ID. type: int more...
- npu-fastpath - Npu-Fastpath. type: str choices: [disable, enable] more...
- nst - Nst. type: str choices: [disable, enable] more...
- out-force-vlan-cos - Out-Force-Vlan-Cos. type: int more...
- outbandwidth - Bandwidth limit for outgoing traffic (0 - 16776000 kbps), 0 means unlimited. type: int more...
- padt-retry-timeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. type: int more...
- password - PPPoE accounts password. type: str more...
- peer-interface - Peer-Interface. type: str more...
- phy-mode - DSL physical mode. type: str choices: [auto, adsl, vdsl, adsl-auto, vdsl2, adsl2+, adsl2, g.dmt, t1.413, g.lite] more...
- ping-serv-status - Ping-Serv-Status. type: int more...
- poe - Enable/disable PoE status. type: str choices: [disable, enable] more...
- polling-interval - sFlow polling interval (1 - 255 sec). type: int more...
- pppoe-unnumbered-negotiate - Enable/disable PPPoE unnumbered negotiation. type: str choices: [disable, enable] more...
- pptp-auth-type - PPTP authentication type. type: str choices: [auto, pap, chap, mschapv1, mschapv2] more...
- pptp-client - Enable/disable PPTP client. type: str choices: [disable, enable] more...
- pptp-password - PPTP password. type: str more...
- pptp-server-ip - PPTP server IP address. type: str more...
- pptp-timeout - Idle timer in minutes (0 for disabled). type: int more...
- pptp-user - PPTP user name. type: str more...
- preserve-session-route - Enable/disable preservation of session route when dirty. type: str choices: [disable, enable] more...
- priority - Priority of learned routes. type: int more...
- priority-override - Enable/disable fail back to higher priority port once recovered. type: str choices: [disable, enable] more...
- proxy-captive-portal - Enable/disable proxy captive portal on this interface. type: str choices: [disable, enable] more...
- redundant-interface - Redundant-Interface. type: str more...
- remote-ip - Remote IP address of tunnel. type: str more...
- replacemsg-override-group - Replacement message override group. type: str more...
- retransmission - Enable/disable DSL retransmission. type: str choices: [disable, enable] more...
- ring-rx - RX ring size. type: int more...
- ring-tx - TX ring size. type: int more...
- role - Interface role. type: str choices: [lan, wan, dmz, undefined] more...
- sample-direction - Data that NetFlow collects (rx, tx, or both). type: str choices: [rx, tx, both] more...
- sample-rate - sFlow sample rate (10 - 99999). type: int more...
- scan-botnet-connections - Enable monitoring or blocking connections to Botnet servers through this interface. type: str choices: [disable, block, monitor] more...
- secondary-IP - Enable/disable adding a secondary IP to this interface. type: str choices: [disable, enable] more...
- secondaryip - Secondaryip. type: array
more...
- allowaccess - Management access settings for the secondary IP address. type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- detectprotocol - Protocols used to detect the server. type: array choices: [ping, tcp-echo, udp-echo] more...
- detectserver - Gateways ping server for this IP. type: str more...
- gwdetect - Enable/disable detect gateway alive for first. type: str choices: [disable, enable] more...
- ha-priority - HA election priority for the PING server. type: int more...
- id - ID. type: int more...
- ip - Secondary IP address of the interface. type: str more...
- ping-serv-status - Ping-Serv-Status. type: int more...
- seq - Seq. type: int more...
- secip-relay-ip - DHCP relay IP address. type: str more...
- security-8021x-dynamic-vlan-id - VLAN ID for virtual switch. type: int more...
- security-8021x-master - 802. type: str more...
- security-8021x-mode - 802. type: str choices: [default, dynamic-vlan, fallback, slave] more...
- security-exempt-list - Name of security-exempt-list. type: str more...
- security-external-logout - URL of external authentication logout server. type: str more...
- security-external-web - URL of external authentication web server. type: str more...
- security-groups - User groups that can authenticate with the captive portal. type: str more...
- security-mac-auth-bypass - Enable/disable MAC authentication bypass. type: str choices: [disable, enable, mac-auth-only] more...
- security-mode - Turn on captive portal authentication for this interface. type: str choices: [none, captive-portal, 802.1X] more...
- security-redirect-url - URL redirection after disclaimer/authentication. type: str more...
- service-name - PPPoE service name. type: str more...
- sflow-sampler - Enable/disable sFlow on this interface. type: str choices: [disable, enable] more...
- speed - Interface speed. type: str choices: [auto, 10full, 10half, 100full, 100half, 1000full, 1000half, 10000full, 1000auto, 10000auto, 40000full, 100Gfull, 25000full, 40000auto, 25000auto, 100Gauto, 400Gfull, 400Gauto, 50000full, 2500auto, 5000auto, 50000auto, 200Gfull, 200Gauto, 100auto] more...
- spillover-threshold - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. type: int more...
- src-check - Enable/disable source IP check. type: str choices: [disable, enable] more...
- status - Bring the interface up or shut the interface down. type: str choices: [down, up] more...
- stp - Enable/disable STP. type: str choices: [disable, enable] more...
- stp-ha-slave - Control STP behaviour on HA slave. type: str choices: [disable, enable, priority-adjust] more...
- stpforward - Enable/disable STP forwarding. type: str choices: [disable, enable] more...
- stpforward-mode - Configure STP forwarding mode. type: str choices: [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing] more...
- strip-priority-vlan-tag - Strip-Priority-Vlan-Tag. type: str choices: [disable, enable] more...
- subst - Enable to always send packets from this interface to a destination MAC address. type: str choices: [disable, enable] more...
- substitute-dst-mac - Destination MAC address that all packets are sent to from this interface. type: str more...
- swc-first-create - Initial create for switch-controller VLANs. type: int more...
- swc-vlan - Swc-Vlan. type: int more...
- switch - Switch. type: str more...
- switch-controller-access-vlan - Block FortiSwitch port-to-port traffic. type: str choices: [disable, enable] more...
- switch-controller-arp-inspection - Enable/disable FortiSwitch ARP inspection. type: str choices: [disable, enable] more...
- switch-controller-auth - Switch controller authentication. type: str choices: [radius, usergroup] more...
- switch-controller-dhcp-snooping - Switch controller DHCP snooping. type: str choices: [disable, enable] more...
- switch-controller-dhcp-snooping-option82 - Switch controller DHCP snooping option82. type: str choices: [disable, enable] more...
- switch-controller-dhcp-snooping-verify-mac - Switch controller DHCP snooping verify MAC. type: str choices: [disable, enable] more...
- switch-controller-feature - Interfaces purpose when assigning traffic (read only). type: str choices: [none, default-vlan, quarantine, sniffer, voice, camera, rspan, video, nac, nac-segment] more...
- switch-controller-igmp-snooping - Switch controller IGMP snooping. type: str choices: [disable, enable] more...
- switch-controller-igmp-snooping-fast-leave - Switch controller IGMP snooping fast-leave. type: str choices: [disable, enable] more...
- switch-controller-igmp-snooping-proxy - Switch controller IGMP snooping proxy. type: str choices: [disable, enable] more...
- switch-controller-iot-scanning - Enable/disable managed FortiSwitch IoT scanning. type: str choices: [disable, enable] more...
- switch-controller-learning-limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). type: int more...
- switch-controller-mgmt-vlan - VLAN to use for FortiLink management purposes. type: int more...
- switch-controller-nac - Integrated NAC settings for managed FortiSwitch. type: str more...
- switch-controller-radius-server - RADIUS server name for this FortiSwitch VLAN. type: str more...
- switch-controller-rspan-mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. type: str choices: [disable, enable] more...
- switch-controller-source-ip - Source IP address used in FortiLink over L3 connections. type: str choices: [outbound, fixed] more...
- switch-controller-traffic-policy - Switch controller traffic policy for the VLAN. type: str more...
- tc-mode - DSL transfer mode. type: str choices: [ptm, atm] more...
- tcp-mss - TCP maximum segment size. type: int more...
- trunk - Enable/disable VLAN trunk. type: str choices: [disable, enable] more...
- trust-ip-1 - Trusted host for dedicated management traffic (0. type: str more...
- trust-ip-2 - Trusted host for dedicated management traffic (0. type: str more...
- trust-ip-3 - Trusted host for dedicated management traffic (0. type: str more...
- trust-ip6-1 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str more...
- trust-ip6-2 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str more...
- trust-ip6-3 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str more...
- type - Interface type. type: str choices: [physical, vlan, aggregate, redundant, tunnel, wireless, vdom-link, loopback, switch, hard-switch, hdlc, vap-switch, wl-mesh, fortilink, switch-vlan, fctrl-trunk, tdm, fext-wan, vxlan, emac-vlan, geneve, ssl, lan-extension] more...
- username - Username of the PPPoE account, provided by your ISP. type: str more...
- vci - Virtual Channel ID type: int more...
- vectoring - Enable/disable DSL vectoring. type: str choices: [disable, enable] more...
- vindex - Vindex. type: int more...
- vlan-protocol - Ethernet protocol of VLAN. type: str choices: [8021q, 8021ad] more...
- vlanforward - Enable/disable traffic forwarding between VLANs on this interface. type: str choices: [disable, enable] more...
- vlanid - VLAN ID (1 - 4094). type: int more...
- vpi - Virtual Path ID type: int more...
- vrf - Virtual Routing Forwarding ID. type: int more...
- vrrp - Vrrp. type: array
more...
- accept-mode - Enable/disable accept mode. type: str choices: [disable, enable] more...
- adv-interval - Advertisement interval (1 - 255 seconds). type: int more...
- ignore-default-route - Enable/disable ignoring of default route when checking destination. type: str choices: [disable, enable] more...
- preempt - Enable/disable preempt mode. type: str choices: [disable, enable] more...
- priority - Priority of the virtual router (1 - 255). type: int more...
- start-time - Startup time (1 - 255 seconds). type: int more...
- status - Enable/disable this VRRP configuration. type: str choices: [disable, enable] more...
- version - VRRP version. type: str choices: [2, 3] more...
- vrdst - Monitor the route to this destination. type: str more...
- vrdst-priority - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). type: int more...
- vrgrp - VRRP group ID (1 - 65535). type: int more...
- vrid - Virtual router identifier (1 - 255). type: int more...
- vrip - IP address of the virtual router. type: str more...
- proxy-arp - No description for the parameter type: array more...
- vrrp-virtual-mac - Enable/disable use of virtual MAC for VRRP. type: str choices: [disable, enable] more...
- wccp - Enable/disable WCCP on this interface. type: str choices: [disable, enable] more...
- weight - Default weight for static routes (if route has no weight configured). type: int more...
- wifi-5g-threshold - Minimal signal strength to be considered as a good 5G AP. type: str more...
- wifi-acl - Access control for MAC addresses in the MAC list. type: str choices: [deny, allow] more...
- wifi-ap-band - How to select the AP to connect. type: str choices: [any, 5g-preferred, 5g-only] more...
- wifi-auth - WiFi authentication. type: str choices: [PSK, RADIUS, radius, usergroup] more...
- wifi-auto-connect - Enable/disable WiFi network auto connect. type: str choices: [disable, enable] more...
- wifi-auto-save - Enable/disable WiFi network automatic save. type: str choices: [disable, enable] more...
- wifi-broadcast-ssid - Enable/disable SSID broadcast in the beacon. type: str choices: [disable, enable] more...
- wifi-encrypt - Data encryption. type: str choices: [TKIP, AES] more...
- wifi-fragment-threshold - WiFi fragment threshold (800 - 2346). type: int more...
- wifi-key - WiFi WEP Key. type: str more...
- wifi-keyindex - WEP key index (1 - 4). type: int more...
- wifi-mac-filter - Enable/disable MAC filter status. type: str choices: [disable, enable] more...
- wifi-passphrase - WiFi pre-shared key for WPA. type: str more...
- wifi-radius-server - WiFi RADIUS server for WPA. type: str more...
- wifi-rts-threshold - WiFi RTS threshold (256 - 2346). type: int more...
- wifi-security - Wireless access security of SSID. type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise] more...
- wifi-ssid - IEEE 802. type: str more...
- wifi-usergroup - WiFi user group for WPA. type: str more...
- wins-ip - WINS server IP. type: str more...
- dhcp-relay-request-all-server - Enable/disable sending of DHCP requests to all servers. type: str choices: [disable, enable] more...
- stp-ha-secondary - Control STP behaviour on HA secondary. type: str choices: [disable, enable, priority-adjust] more...
- switch-controller-dynamic - Integrated FortiLink settings for managed FortiSwitch. type: str more...
- auth-cert - HTTPS server certificate. type: str more...
- auth-portal-addr - Address of captive portal. type: str more...
- dhcp-classless-route-addition - Enable/disable addition of classless static routes retrieved from DHCP server. type: str choices: [disable, enable] more...
- dhcp-relay-link-selection - DHCP relay link selection. type: str more...
- dns-server-protocol - No description for the parameter type: array choices: [cleartext, dot, doh] more...
- eap-ca-cert - EAP CA certificate name. type: str more...
- eap-identity - EAP identity. type: str more...
- eap-method - EAP method. type: str choices: [tls, peap] more...
- eap-password - No description for the parameter type: str more...
- eap-supplicant - Enable/disable EAP-Supplicant. type: str choices: [disable, enable] more...
- eap-user-cert - EAP user certificate name. type: str more...
- ike-saml-server - Configure IKE authentication SAML server. type: str more...
- lacp-ha-secondary - No description for the parameter type: str choices: [disable, enable] more...
- pvc-atm-qos - SFP-DSL ADSL Fallback PVC ATM QoS. type: str choices: [cbr, rt-vbr, nrt-vbr] more...
- pvc-chan - SFP-DSL ADSL Fallback PVC Channel. type: int more...
- pvc-crc - SFP-DSL ADSL Fallback PVC CRC Option: bit0: sar LLC preserve, bit1: ream LLC preserve, bit2: ream VC-MUX has crc. type: int more...
- pvc-pcr - SFP-DSL ADSL Fallback PVC Packet Cell Rate in cells (0 - 5500). type: int more...
- pvc-scr - SFP-DSL ADSL Fallback PVC Sustainable Cell Rate in cells (0 - 5500). type: int more...
- pvc-vlan-id - SFP-DSL ADSL Fallback PVC VLAN ID. type: int more...
- pvc-vlan-rx-id - SFP-DSL ADSL Fallback PVC VLANID RX. type: int more...
- pvc-vlan-rx-op - SFP-DSL ADSL Fallback PVC VLAN RX op. type: str choices: [pass-through, replace, remove] more...
- pvc-vlan-tx-id - SFP-DSL ADSL Fallback PVC VLAN ID TX. type: int more...
- pvc-vlan-tx-op - SFP-DSL ADSL Fallback PVC VLAN TX op. type: str choices: [pass-through, replace, remove] more...
- reachable-time - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000). type: int more...
- select-profile-30a-35b - Select VDSL Profile 30a or 35b. type: str choices: [30A, 35B] more...
- sfp-dsl - Enable/disable SFP DSL. type: str choices: [disable, enable] more...
- sfp-dsl-adsl-fallback - Enable/disable SFP DSL ADSL fallback. type: str choices: [disable, enable] more...
- sfp-dsl-autodetect - Enable/disable SFP DSL MAC address autodetect. type: str choices: [disable, enable] more...
- sfp-dsl-mac - SFP DSL MAC address. type: str more...
- sw-algorithm - Frame distribution algorithm for switch. type: str choices: [l2, l3, eh] more...
- system-id - Define a system ID for the aggregate interface. type: str more...
- system-id-type - Method in which system ID is generated. type: str choices: [auto, user] more...
- vlan-id - Vlan ID type: int more...
- vlan-op-mode - Configure DSL 802. type: str choices: [tag, untag, passthrough] more...
- generic-receive-offload - No description for the parameter type: str choices: [disable, enable] more...
- interconnect-profile - Set interconnect profile. type: str choices: [default, profile1, profile2] more...
- large-receive-offload - No description for the parameter type: str choices: [disable, enable] more...
- aggregate-type - Type of aggregation. type: str choices: [physical, vxlan] more...
- switch-controller-netflow-collect - NetFlow collection and processing. type: str choices: [disable, enable] more...
- wifi-dns-server1 - DNS server 1. type: str more...
- wifi-dns-server2 - DNS server 2. type: str more...
- wifi-gateway - IPv4 default gateway IP address. type: str more...
- default-purdue-level - default purdue level of device detected on this interface. type: str choices: [1, 2, 3, 4, 5, 1.5, 2.5, 3.5, 5.5] more...
- dhcp-broadcast-flag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). type: str choices: [disable, enable] more...
- dhcp-smart-relay - Enable/disable DHCP smart relay. type: str choices: [disable, enable] more...
- switch-controller-offloading - No description for the parameter type: str choices: [disable, enable] more...
- switch-controller-offloading-gw - No description for the parameter type: str choices: [disable, enable] more...
- switch-controller-offloading-ip - No description for the parameter type: str more...
Notes¶
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state: present directive.
- To delete an object, use state: absent directive
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: no description
fmgr_fsp_vlan:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
fsp_vlan:
_dhcp-status: <value in [disable, enable]>
auth: <value in [radius, usergroup]>
color: <value of integer>
comments: <value of string>
dynamic_mapping:
-
_dhcp-status: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
relay-agent: <value of string>
shared-subnet: <value in [disable, enable]>
interface:
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
ip: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
delegated-prefix-iaid: <value of integer>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
ip6-delegated-prefix-iaid: <value of integer>
dhcp6-relay-source-interface: <value in [disable, enable]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
secip-relay-ip: <value of string>
vlanid: <value of integer>
dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
vrrp:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
ignore-default-route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <value of integer>
proxy-arp:
-
id: <value of integer>
ip: <value of string>
start-time: <value of integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <value of string>
vrdst-priority: <value of integer>
vrgrp: <value of integer>
vrid: <value of integer>
vrip: <value of string>
name: <value of string>
portal-message-override-group: <value of string>
radius-server: <value of string>
security: <value in [open, captive-portal, 8021x]>
selected-usergroups: <value of string>
usergroup: <value of string>
vdom: <value of string>
vlanid: <value of integer>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
relay-agent: <value of string>
shared-subnet: <value in [disable, enable]>
interface:
ac-name: <value of string>
aggregate: <value of string>
algorithm: <value in [L2, L3, L4, ...]>
alias: <value of string>
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
ap-discover: <value in [disable, enable]>
arpforward: <value in [disable, enable]>
atm-protocol: <value in [none, ipoa]>
auth-type: <value in [auto, pap, chap, ...]>
auto-auth-extension-device: <value in [disable, enable]>
bandwidth-measure-time: <value of integer>
bfd: <value in [global, enable, disable]>
bfd-desired-min-tx: <value of integer>
bfd-detect-mult: <value of integer>
bfd-required-min-rx: <value of integer>
broadcast-forticlient-discovery: <value in [disable, enable]>
broadcast-forward: <value in [disable, enable]>
captive-portal: <value of integer>
cli-conn-status: <value of integer>
color: <value of integer>
ddns: <value in [disable, enable]>
ddns-auth: <value in [disable, tsig]>
ddns-domain: <value of string>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-password: <value of string>
ddns-server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
ddns-server-ip: <value of string>
ddns-sn: <value of string>
ddns-ttl: <value of integer>
ddns-username: <value of string>
ddns-zone: <value of string>
dedicated-to: <value in [none, management]>
defaultgw: <value in [disable, enable]>
description: <value of string>
detected-peer-mtu: <value of integer>
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
device-access-list: <value of string>
device-identification: <value in [disable, enable]>
device-identification-active-scan: <value in [disable, enable]>
device-netscan: <value in [disable, enable]>
device-user-identification: <value in [disable, enable]>
devindex: <value of integer>
dhcp-client-identifier: <value of string>
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-interface: <value of string>
dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
dhcp-renew-time: <value of integer>
disc-retry-timeout: <value of integer>
disconnect-threshold: <value of integer>
distance: <value of integer>
dns-query: <value in [disable, recursive, non-recursive]>
dns-server-override: <value in [disable, enable]>
drop-fragment: <value in [disable, enable]>
drop-overlapped-fragment: <value in [disable, enable]>
egress-cos: <value in [disable, cos0, cos1, ...]>
egress-shaping-profile: <value of string>
eip: <value of string>
endpoint-compliance: <value in [disable, enable]>
estimated-downstream-bandwidth: <value of integer>
estimated-upstream-bandwidth: <value of integer>
explicit-ftp-proxy: <value in [disable, enable]>
explicit-web-proxy: <value in [disable, enable]>
external: <value in [disable, enable]>
fail-action-on-extender: <value in [soft-restart, hard-restart, reboot]>
fail-alert-interfaces: <value of string>
fail-alert-method: <value in [link-failed-signal, link-down]>
fail-detect: <value in [disable, enable]>
fail-detect-option:
- detectserver
- link-down
fdp: <value in [disable, enable]>
fortiheartbeat: <value in [disable, enable]>
fortilink: <value in [disable, enable]>
fortilink-backup-link: <value of integer>
fortilink-neighbor-detect: <value in [lldp, fortilink]>
fortilink-split-interface: <value in [disable, enable]>
fortilink-stacking: <value in [disable, enable]>
forward-domain: <value of integer>
forward-error-correction: <value in [disable, enable, rs-fec, ...]>
fp-anomaly:
- drop_tcp_fin_noack
- pass_winnuke
- pass_tcpland
- pass_udpland
- pass_icmpland
- pass_ipland
- pass_iprr
- pass_ipssrr
- pass_iplsrr
- pass_ipstream
- pass_ipsecurity
- pass_iptimestamp
- pass_ipunknown_option
- pass_ipunknown_prot
- pass_icmp_frag
- pass_tcp_no_flag
- pass_tcp_fin_noack
- drop_winnuke
- drop_tcpland
- drop_udpland
- drop_icmpland
- drop_ipland
- drop_iprr
- drop_ipssrr
- drop_iplsrr
- drop_ipstream
- drop_ipsecurity
- drop_iptimestamp
- drop_ipunknown_option
- drop_ipunknown_prot
- drop_icmp_frag
- drop_tcp_no_flag
fp-disable:
- all
- ipsec
- none
gateway-address: <value of string>
gi-gk: <value in [disable, enable]>
gwaddr: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
icmp-accept-redirect: <value in [disable, enable]>
icmp-redirect: <value in [disable, enable]>
icmp-send-redirect: <value in [disable, enable]>
ident-accept: <value in [disable, enable]>
idle-timeout: <value of integer>
if-mdix: <value in [auto, normal, crossover]>
if-media: <value in [auto, copper, fiber]>
in-force-vlan-cos: <value of integer>
inbandwidth: <value of integer>
ingress-cos: <value in [disable, cos0, cos1, ...]>
ingress-shaping-profile: <value of string>
ingress-spillover-threshold: <value of integer>
internal: <value of integer>
ip: <value of string>
ip-managed-by-fortiipam: <value in [disable, enable, inherit-global]>
ipmac: <value in [disable, enable]>
ips-sniffer-mode: <value in [disable, enable]>
ipunnumbered: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
delegated-prefix-iaid: <value of integer>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
ip6-delegated-prefix-iaid: <value of integer>
dhcp6-relay-source-interface: <value in [disable, enable]>
l2forward: <value in [disable, enable]>
l2tp-client: <value in [disable, enable]>
lacp-ha-slave: <value in [disable, enable]>
lacp-mode: <value in [static, passive, active]>
lacp-speed: <value in [slow, fast]>
lcp-echo-interval: <value of integer>
lcp-max-echo-fails: <value of integer>
link-up-delay: <value of integer>
listen-forticlient-connection: <value in [disable, enable]>
lldp-network-policy: <value of string>
lldp-reception: <value in [disable, enable, vdom]>
lldp-transmission: <value in [enable, disable, vdom]>
log: <value in [disable, enable]>
macaddr: <value of string>
managed-subnetwork-size: <value in [256, 512, 1024, ...]>
management-ip: <value of string>
max-egress-burst-rate: <value of integer>
max-egress-rate: <value of integer>
measured-downstream-bandwidth: <value of integer>
measured-upstream-bandwidth: <value of integer>
mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
member: <value of string>
min-links: <value of integer>
min-links-down: <value in [operational, administrative]>
mode: <value in [static, dhcp, pppoe, ...]>
monitor-bandwidth: <value in [disable, enable]>
mtu: <value of integer>
mtu-override: <value in [disable, enable]>
mux-type: <value in [llc-encaps, vc-encaps]>
name: <value of string>
ndiscforward: <value in [disable, enable]>
netbios-forward: <value in [disable, enable]>
netflow-sampler: <value in [disable, tx, rx, ...]>
np-qos-profile: <value of integer>
npu-fastpath: <value in [disable, enable]>
nst: <value in [disable, enable]>
out-force-vlan-cos: <value of integer>
outbandwidth: <value of integer>
padt-retry-timeout: <value of integer>
password: <value of string>
peer-interface: <value of string>
phy-mode: <value in [auto, adsl, vdsl, ...]>
ping-serv-status: <value of integer>
poe: <value in [disable, enable]>
polling-interval: <value of integer>
pppoe-unnumbered-negotiate: <value in [disable, enable]>
pptp-auth-type: <value in [auto, pap, chap, ...]>
pptp-client: <value in [disable, enable]>
pptp-password: <value of string>
pptp-server-ip: <value of string>
pptp-timeout: <value of integer>
pptp-user: <value of string>
preserve-session-route: <value in [disable, enable]>
priority: <value of integer>
priority-override: <value in [disable, enable]>
proxy-captive-portal: <value in [disable, enable]>
redundant-interface: <value of string>
remote-ip: <value of string>
replacemsg-override-group: <value of string>
retransmission: <value in [disable, enable]>
ring-rx: <value of integer>
ring-tx: <value of integer>
role: <value in [lan, wan, dmz, ...]>
sample-direction: <value in [rx, tx, both]>
sample-rate: <value of integer>
scan-botnet-connections: <value in [disable, block, monitor]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
secip-relay-ip: <value of string>
security-8021x-dynamic-vlan-id: <value of integer>
security-8021x-master: <value of string>
security-8021x-mode: <value in [default, dynamic-vlan, fallback, ...]>
security-exempt-list: <value of string>
security-external-logout: <value of string>
security-external-web: <value of string>
security-groups: <value of string>
security-mac-auth-bypass: <value in [disable, enable, mac-auth-only]>
security-mode: <value in [none, captive-portal, 802.1X]>
security-redirect-url: <value of string>
service-name: <value of string>
sflow-sampler: <value in [disable, enable]>
speed: <value in [auto, 10full, 10half, ...]>
spillover-threshold: <value of integer>
src-check: <value in [disable, enable]>
status: <value in [down, up]>
stp: <value in [disable, enable]>
stp-ha-slave: <value in [disable, enable, priority-adjust]>
stpforward: <value in [disable, enable]>
stpforward-mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
strip-priority-vlan-tag: <value in [disable, enable]>
subst: <value in [disable, enable]>
substitute-dst-mac: <value of string>
swc-first-create: <value of integer>
swc-vlan: <value of integer>
switch: <value of string>
switch-controller-access-vlan: <value in [disable, enable]>
switch-controller-arp-inspection: <value in [disable, enable]>
switch-controller-auth: <value in [radius, usergroup]>
switch-controller-dhcp-snooping: <value in [disable, enable]>
switch-controller-dhcp-snooping-option82: <value in [disable, enable]>
switch-controller-dhcp-snooping-verify-mac: <value in [disable, enable]>
switch-controller-feature: <value in [none, default-vlan, quarantine, ...]>
switch-controller-igmp-snooping: <value in [disable, enable]>
switch-controller-igmp-snooping-fast-leave: <value in [disable, enable]>
switch-controller-igmp-snooping-proxy: <value in [disable, enable]>
switch-controller-iot-scanning: <value in [disable, enable]>
switch-controller-learning-limit: <value of integer>
switch-controller-mgmt-vlan: <value of integer>
switch-controller-nac: <value of string>
switch-controller-radius-server: <value of string>
switch-controller-rspan-mode: <value in [disable, enable]>
switch-controller-source-ip: <value in [outbound, fixed]>
switch-controller-traffic-policy: <value of string>
tc-mode: <value in [ptm, atm]>
tcp-mss: <value of integer>
trunk: <value in [disable, enable]>
trust-ip-1: <value of string>
trust-ip-2: <value of string>
trust-ip-3: <value of string>
trust-ip6-1: <value of string>
trust-ip6-2: <value of string>
trust-ip6-3: <value of string>
type: <value in [physical, vlan, aggregate, ...]>
username: <value of string>
vci: <value of integer>
vectoring: <value in [disable, enable]>
vindex: <value of integer>
vlan-protocol: <value in [8021q, 8021ad]>
vlanforward: <value in [disable, enable]>
vlanid: <value of integer>
vpi: <value of integer>
vrf: <value of integer>
vrrp:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
ignore-default-route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <value of string>
vrdst-priority: <value of integer>
vrgrp: <value of integer>
vrid: <value of integer>
vrip: <value of string>
proxy-arp:
-
id: <value of integer>
ip: <value of string>
vrrp-virtual-mac: <value in [disable, enable]>
wccp: <value in [disable, enable]>
weight: <value of integer>
wifi-5g-threshold: <value of string>
wifi-acl: <value in [deny, allow]>
wifi-ap-band: <value in [any, 5g-preferred, 5g-only]>
wifi-auth: <value in [PSK, RADIUS, radius, ...]>
wifi-auto-connect: <value in [disable, enable]>
wifi-auto-save: <value in [disable, enable]>
wifi-broadcast-ssid: <value in [disable, enable]>
wifi-encrypt: <value in [TKIP, AES]>
wifi-fragment-threshold: <value of integer>
wifi-key: <value of string>
wifi-keyindex: <value of integer>
wifi-mac-filter: <value in [disable, enable]>
wifi-passphrase: <value of string>
wifi-radius-server: <value of string>
wifi-rts-threshold: <value of integer>
wifi-security: <value in [None, WEP64, wep64, ...]>
wifi-ssid: <value of string>
wifi-usergroup: <value of string>
wins-ip: <value of string>
dhcp-relay-request-all-server: <value in [disable, enable]>
stp-ha-secondary: <value in [disable, enable, priority-adjust]>
switch-controller-dynamic: <value of string>
auth-cert: <value of string>
auth-portal-addr: <value of string>
dhcp-classless-route-addition: <value in [disable, enable]>
dhcp-relay-link-selection: <value of string>
dns-server-protocol:
- cleartext
- dot
- doh
eap-ca-cert: <value of string>
eap-identity: <value of string>
eap-method: <value in [tls, peap]>
eap-password: <value of string>
eap-supplicant: <value in [disable, enable]>
eap-user-cert: <value of string>
ike-saml-server: <value of string>
lacp-ha-secondary: <value in [disable, enable]>
pvc-atm-qos: <value in [cbr, rt-vbr, nrt-vbr]>
pvc-chan: <value of integer>
pvc-crc: <value of integer>
pvc-pcr: <value of integer>
pvc-scr: <value of integer>
pvc-vlan-id: <value of integer>
pvc-vlan-rx-id: <value of integer>
pvc-vlan-rx-op: <value in [pass-through, replace, remove]>
pvc-vlan-tx-id: <value of integer>
pvc-vlan-tx-op: <value in [pass-through, replace, remove]>
reachable-time: <value of integer>
select-profile-30a-35b: <value in [30A, 35B]>
sfp-dsl: <value in [disable, enable]>
sfp-dsl-adsl-fallback: <value in [disable, enable]>
sfp-dsl-autodetect: <value in [disable, enable]>
sfp-dsl-mac: <value of string>
sw-algorithm: <value in [l2, l3, eh]>
system-id: <value of string>
system-id-type: <value in [auto, user]>
vlan-id: <value of integer>
vlan-op-mode: <value in [tag, untag, passthrough]>
generic-receive-offload: <value in [disable, enable]>
interconnect-profile: <value in [default, profile1, profile2]>
large-receive-offload: <value in [disable, enable]>
aggregate-type: <value in [physical, vxlan]>
switch-controller-netflow-collect: <value in [disable, enable]>
wifi-dns-server1: <value of string>
wifi-dns-server2: <value of string>
wifi-gateway: <value of string>
default-purdue-level: <value in [1, 2, 3, ...]>
dhcp-broadcast-flag: <value in [disable, enable]>
dhcp-smart-relay: <value in [disable, enable]>
switch-controller-offloading: <value in [disable, enable]>
switch-controller-offloading-gw: <value in [disable, enable]>
switch-controller-offloading-ip: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least on parameter mpt supported by the current FortiManager version type: list 0