fmgr_vap_dynamicmapping – Configure Virtual Access Points (VAPs).¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiManager device.
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.x and v7.x.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
FortiManager Version Compatibility¶
6.0.0 |
||||||||||||
| True | ||||||||||||
6.2.0 |
6.2.1 |
6.2.2 |
6.2.3 |
6.2.5 |
6.2.6 |
6.2.7 |
6.2.8 |
6.2.9 |
6.2.10 |
6.2.11 |
||
| True | True | True | True | True | True | True | True | True | True | True | ||
6.4.0 |
6.4.1 |
6.4.2 |
6.4.3 |
6.4.4 |
6.4.5 |
6.4.6 |
6.4.7 |
6.4.8 |
6.4.9 |
6.4.10 |
6.4.11 |
6.4.12 |
| True | True | True | True | True | True | True | True | True | True | True | True | True |
7.0.0 |
7.0.1 |
7.0.2 |
7.0.3 |
7.0.4 |
7.0.5 |
7.0.6 |
7.0.7 |
7.0.8 |
||||
| True | True | True | True | True | True | True | True | True | ||||
7.2.0 |
7.2.1 |
7.2.2 |
7.2.3 |
|||||||||
| True | True | True | True | |||||||||
7.4.0 |
||||||||||||
| True |
Parameters¶
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- vap - The parameter in requested url type: str required: true
- vap_dynamicmapping - Configure Virtual Access Points type: dict
- _centmgmt - No description for the parameter type: str choices: [disable, enable] default: disable more...
- _dhcp_svr_id - No description for the parameter type: str more...
- _intf_allowaccess - No description for the parameter type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- _intf_device-identification - No description for the parameter type: str choices: [disable, enable] default: disable more...
- _intf_device-netscan - No description for the parameter type: str choices: [disable, enable] default: disable more...
- _intf_dhcp-relay-ip - No description for the parameter type: str more...
- _intf_dhcp-relay-service - No description for the parameter type: str choices: [disable, enable] default: disable more...
- _intf_dhcp-relay-type - No description for the parameter type: str choices: [regular, ipsec] default: regular more...
- _intf_dhcp6-relay-ip - No description for the parameter type: str more...
- _intf_dhcp6-relay-service - No description for the parameter type: str choices: [disable, enable] default: disable more...
- _intf_dhcp6-relay-type - No description for the parameter type: str choices: [regular] default: regular more...
- _intf_ip - No description for the parameter type: str more...
- _intf_ip6-address - No description for the parameter type: str more...
- _intf_ip6-allowaccess - No description for the parameter type: array choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
- _intf_listen-forticlient-connection - No description for the parameter type: str choices: [disable, enable] default: disable more...
- _scope - No description for the parameter type: array more...
- acct-interim-interval - No description for the parameter type: int more...
- address-group - No description for the parameter type: str more...
- alias - No description for the parameter type: str more...
- atf-weight - No description for the parameter type: int more...
- auth - No description for the parameter type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
- broadcast-ssid - No description for the parameter type: str choices: [disable, enable] more...
- broadcast-suppression - No description for the parameter type: array choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
- captive-portal-ac-name - No description for the parameter type: str more...
- captive-portal-macauth-radius-secret - No description for the parameter type: str more...
- captive-portal-macauth-radius-server - No description for the parameter type: str more...
- captive-portal-radius-secret - No description for the parameter type: str more...
- captive-portal-radius-server - No description for the parameter type: str more...
- captive-portal-session-timeout-interval - No description for the parameter type: int more...
- client-count - No description for the parameter type: int more...
- dhcp-lease-time - No description for the parameter type: int more...
- dhcp-option82-circuit-id-insertion - No description for the parameter type: str choices: [disable, style-1, style-2, style-3] more...
- dhcp-option82-insertion - No description for the parameter type: str choices: [disable, enable] more...
- dhcp-option82-remote-id-insertion - No description for the parameter type: str choices: [disable, style-1] more...
- dynamic-vlan - No description for the parameter type: str choices: [disable, enable] more...
- eap-reauth - No description for the parameter type: str choices: [disable, enable] more...
- eap-reauth-intv - No description for the parameter type: int more...
- eapol-key-retries - No description for the parameter type: str choices: [disable, enable] more...
- encrypt - No description for the parameter type: str choices: [TKIP, AES, TKIP-AES] more...
- external-fast-roaming - No description for the parameter type: str choices: [disable, enable] more...
- external-logout - No description for the parameter type: str more...
- external-web - No description for the parameter type: str more...
- fast-bss-transition - No description for the parameter type: str choices: [disable, enable] more...
- fast-roaming - No description for the parameter type: str choices: [disable, enable] more...
- ft-mobility-domain - No description for the parameter type: int more...
- ft-over-ds - No description for the parameter type: str choices: [disable, enable] more...
- ft-r0-key-lifetime - No description for the parameter type: int more...
- gtk-rekey - No description for the parameter type: str choices: [disable, enable] more...
- gtk-rekey-intv - No description for the parameter type: int more...
- hotspot20-profile - No description for the parameter type: str more...
- intra-vap-privacy - No description for the parameter type: str choices: [disable, enable] more...
- ip - No description for the parameter type: str more...
- key - No description for the parameter type: str more...
- keyindex - No description for the parameter type: int more...
- ldpc - No description for the parameter type: str choices: [disable, tx, rx, rxtx] more...
- local-authentication - No description for the parameter type: str choices: [disable, enable] more...
- local-bridging - No description for the parameter type: str choices: [disable, enable] more...
- local-lan - No description for the parameter type: str choices: [deny, allow] more...
- local-standalone - No description for the parameter type: str choices: [disable, enable] more...
- local-standalone-nat - No description for the parameter type: str choices: [disable, enable] more...
- local-switching - No description for the parameter type: str choices: [disable, enable] more...
- mac-auth-bypass - No description for the parameter type: str choices: [disable, enable] more...
- mac-filter - No description for the parameter type: str choices: [disable, enable] more...
- mac-filter-policy-other - No description for the parameter type: str choices: [deny, allow] more...
- max-clients - No description for the parameter type: int more...
- max-clients-ap - No description for the parameter type: int more...
- me-disable-thresh - No description for the parameter type: int more...
- mesh-backhaul - No description for the parameter type: str choices: [disable, enable] more...
- mpsk - No description for the parameter type: str choices: [disable, enable] more...
- mpsk-concurrent-clients - No description for the parameter type: int more...
- multicast-enhance - No description for the parameter type: str choices: [disable, enable] more...
- multicast-rate - No description for the parameter type: str choices: [0, 6000, 12000, 24000] more...
- okc - No description for the parameter type: str choices: [disable, enable] more...
- owe-groups - No description for the parameter type: array choices: [19, 20, 21] more...
- owe-transition - No description for the parameter type: str choices: [disable, enable] more...
- owe-transition-ssid - No description for the parameter type: str more...
- passphrase - No description for the parameter type: str more...
- pmf - No description for the parameter type: str choices: [disable, enable, optional] more...
- pmf-assoc-comeback-timeout - No description for the parameter type: int more...
- pmf-sa-query-retry-timeout - No description for the parameter type: int more...
- portal-message-override-group - No description for the parameter type: str more...
- portal-type - No description for the parameter type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
- probe-resp-suppression - No description for the parameter type: str choices: [disable, enable] more...
- probe-resp-threshold - No description for the parameter type: str more...
- ptk-rekey - No description for the parameter type: str choices: [disable, enable] more...
- ptk-rekey-intv - No description for the parameter type: int more...
- qos-profile - No description for the parameter type: str more...
- quarantine - No description for the parameter type: str choices: [disable, enable] more...
- radio-2g-threshold - No description for the parameter type: str more...
- radio-5g-threshold - No description for the parameter type: str more...
- radio-sensitivity - No description for the parameter type: str choices: [disable, enable] more...
- radius-mac-auth - No description for the parameter type: str choices: [disable, enable] more...
- radius-mac-auth-server - No description for the parameter type: str more...
- radius-mac-auth-usergroups - No description for the parameter type: str more...
- radius-server - No description for the parameter type: str more...
- rates-11a - No description for the parameter type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates-11ac-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
- rates-11ac-ss34 - No description for the parameter type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
- rates-11bg - No description for the parameter type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates-11n-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
- rates-11n-ss34 - No description for the parameter type: array choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
- sae-groups - No description for the parameter type: array choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
- sae-password - No description for the parameter type: str more...
- schedule - No description for the parameter type: str more...
- security - No description for the parameter type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
- security-exempt-list - No description for the parameter type: str more...
- security-obsolete-option - No description for the parameter type: str choices: [disable, enable] more...
- security-redirect-url - No description for the parameter type: str more...
- selected-usergroups - No description for the parameter type: str more...
- split-tunneling - No description for the parameter type: str choices: [disable, enable] more...
- ssid - No description for the parameter type: str more...
- tkip-counter-measure - No description for the parameter type: str choices: [disable, enable] more...
- usergroup - No description for the parameter type: str more...
- utm-profile - No description for the parameter type: str more...
- vdom - No description for the parameter type: str more...
- vlan-auto - No description for the parameter type: str choices: [disable, enable] more...
- vlan-pooling - No description for the parameter type: str choices: [wtp-group, round-robin, hash, disable] more...
- vlanid - No description for the parameter type: int more...
- voice-enterprise - No description for the parameter type: str choices: [disable, enable] more...
- mu-mimo - No description for the parameter type: str choices: [disable, enable] more...
- _intf_device-access-list - No description for the parameter type: str more...
- external-web-format - No description for the parameter type: str choices: [auto-detect, no-query-string, partial-query-string] more...
- high-efficiency - No description for the parameter type: str choices: [disable, enable] more...
- primary-wag-profile - No description for the parameter type: str more...
- secondary-wag-profile - No description for the parameter type: str more...
- target-wake-time - No description for the parameter type: str choices: [disable, enable] more...
- tunnel-echo-interval - No description for the parameter type: int more...
- tunnel-fallback-interval - No description for the parameter type: int more...
- access-control-list - No description for the parameter type: str more...
- captive-portal-auth-timeout - No description for the parameter type: int more...
- ipv6-rules - No description for the parameter type: array choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
- sticky-client-remove - No description for the parameter type: str choices: [disable, enable] more...
- sticky-client-threshold-2g - No description for the parameter type: str more...
- sticky-client-threshold-5g - No description for the parameter type: str more...
- bss-color-partial - No description for the parameter type: str choices: [disable, enable] more...
- dhcp-option43-insertion - No description for the parameter type: str choices: [disable, enable] more...
- mpsk-profile - No description for the parameter type: str more...
- igmp-snooping - Enable/disable IGMP snooping. type: str choices: [disable, enable] more...
- port-macauth - Enable/disable LAN port MAC authentication (default = disable). type: str choices: [disable, radius, address-group] more...
- port-macauth-reauth-timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec). type: int more...
- port-macauth-timeout - LAN port MAC authentication idle timeout value (default = 600 sec). type: int more...
- additional-akms - No description for the parameter type: array choices: [akm6] more...
- bstm-disassociation-imminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). type: str choices: [disable, enable] more...
- bstm-load-balancing-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10). type: int more...
- bstm-rssi-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200). type: int more...
- dhcp-address-enforcement - Enable/disable DHCP address enforcement (default = disable). type: str choices: [disable, enable] more...
- gas-comeback-delay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
- gas-fragmentation-limit - GAS fragmentation limit (512 - 4096, default = 1024). type: int more...
- mac-called-station-delimiter - MAC called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac-calling-station-delimiter - MAC calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac-case - MAC case (default = uppercase). type: str choices: [uppercase, lowercase] more...
- mac-password-delimiter - MAC authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac-username-delimiter - MAC authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mbo - Enable/disable Multiband Operation (default = disable). type: str choices: [disable, enable] more...
- mbo-cell-data-conn-pref - MBO cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
- nac - Enable/disable network access control. type: str choices: [disable, enable] more...
- nac-profile - NAC profile name. type: str more...
- neighbor-report-dual-band - Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
- address-group-policy - Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
- antivirus-profile - AntiVirus profile name. type: str more...
- application-detection-engine - Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
- application-list - Application control list name. type: str more...
- application-report-intv - Application report interval (30 - 864000 sec, default = 120). type: int more...
- auth-cert - HTTPS server certificate. type: str more...
- auth-portal-addr - Address of captive portal. type: str more...
- beacon-advertising - No description for the parameter type: array choices: [name, model, serial-number] more...
- ips-sensor - IPS sensor name. type: str more...
- l3-roaming - Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
- local-standalone-dns - Enable/disable AP local standalone DNS. type: str choices: [disable, enable] more...
- local-standalone-dns-ip - No description for the parameter type: str more...
- osen - Enable/disable OSEN as part of key management (default = disable). type: str choices: [disable, enable] more...
- radius-mac-mpsk-auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). type: str choices: [disable, enable] more...
- radius-mac-mpsk-timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400). type: int more...
- rates-11ax-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
- rates-11ax-ss34 - No description for the parameter type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: [disable, block, monitor] more...
- utm-log - Enable/disable UTM logging. type: str choices: [disable, enable] more...
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str choices: [disable, enable] more...
- webfilter-profile - WebFilter profile name. type: str more...
- sae-h2e-only - Use hash-to-element-only mechanism for PWE derivation (default = disable). type: str choices: [disable, enable] more...
- sae-pk - Enable/disable WPA3 SAE-PK (default = disable). type: str choices: [disable, enable] more...
- sae-private-key - Private key used for WPA3 SAE-PK authentication. type: str more...
- sticky-client-threshold-6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76). type: str more...
- application-dscp-marking - Enable/disable application attribute based DSCP marking (default = disable). type: str choices: [disable, enable] more...
- l3-roaming-mode - Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
- rates-11ac-mcs-map - Comma separated list of max supported VHT MCS for spatial streams 1 through 8. type: str more...
- rates-11ax-mcs-map - Comma separated list of max supported HE MCS for spatial streams 1 through 8. type: str more...
- captive-portal-fw-accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
- radius-mac-auth-block-interval - Dont send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
- _is_factory_setting - No description for the parameter type: str choices: [disable, enable, ext] default: disable more...
Notes¶
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state: present directive.
- To delete an object, use state: absent directive
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fmgr_vap_dynamicmapping:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
vap: <your own value>
state: <value in [present, absent]>
vap_dynamicmapping:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
acct-interim-interval: <value of integer>
address-group: <value of string>
alias: <value of string>
atf-weight: <value of integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
client-count: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
mu-mimo: <value in [disable, enable]>
_intf_device-access-list: <value of string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <value of string>
secondary-wag-profile: <value of string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <value of integer>
tunnel-fallback-interval: <value of integer>
access-control-list: <value of string>
captive-portal-auth-timeout: <value of integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <value of string>
sticky-client-threshold-5g: <value of string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <value of string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <value of integer>
port-macauth-timeout: <value of integer>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <value of integer>
bstm-rssi-disassoc-timer: <value of integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <value of integer>
gas-fragmentation-limit: <value of integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <value of string>
neighbor-report-dual-band: <value in [disable, enable]>
address-group-policy: <value in [disable, allow, deny]>
antivirus-profile: <value of string>
application-detection-engine: <value in [disable, enable]>
application-list: <value of string>
application-report-intv: <value of integer>
auth-cert: <value of string>
auth-portal-addr: <value of string>
beacon-advertising:
- name
- model
- serial-number
ips-sensor: <value of string>
l3-roaming: <value in [disable, enable]>
local-standalone-dns: <value in [disable, enable]>
local-standalone-dns-ip: <value of string>
osen: <value in [disable, enable]>
radius-mac-mpsk-auth: <value in [disable, enable]>
radius-mac-mpsk-timeout: <value of integer>
rates-11ax-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates-11ax-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan-botnet-connections: <value in [disable, block, monitor]>
utm-log: <value in [disable, enable]>
utm-status: <value in [disable, enable]>
webfilter-profile: <value of string>
sae-h2e-only: <value in [disable, enable]>
sae-pk: <value in [disable, enable]>
sae-private-key: <value of string>
sticky-client-threshold-6g: <value of string>
application-dscp-marking: <value in [disable, enable]>
l3-roaming-mode: <value in [direct, indirect]>
rates-11ac-mcs-map: <value of string>
rates-11ax-mcs-map: <value of string>
captive-portal-fw-accounting: <value in [disable, enable]>
radius-mac-auth-block-interval: <value of integer>
_is_factory_setting: <value in [disable, enable, ext]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least on parameter mpt supported by the current FortiManager version type: list 0