fmgr_devprof_system_global – Configure global attributes.
Added in version 1.0.0.
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
Argument name before 3.0.0:
var-name
,var name
,var.name
New argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiManager Version Compatibility
Supported Version Ranges: v6.0.0 -> v6.2.5
, v6.2.7 -> v6.4.1
, v6.4.3 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- devprof - The parameter in requested url type: str required: true
- devprof_system_global - Configure global attributes. type: dict
- admin_https_redirect (Alias name: admin-https-redirect) Enable/disable redirection of http administration access to https. type: str choices: [disable, enable] more...
- admin_port (Alias name: admin-port) Administrative access port for http. type: int more...
- admin_scp (Alias name: admin-scp) Enable/disable using scp to download the system configuration. type: str choices: [disable, enable] more...
- admin_sport (Alias name: admin-sport) Administrative access port for https. type: int more...
- admin_ssh_port (Alias name: admin-ssh-port) Administrative access port for ssh. type: int more...
- admin_ssh_v1 (Alias name: admin-ssh-v1) Enable/disable ssh v1 compatibility. type: str choices: [disable, enable] more...
- admin_telnet_port (Alias name: admin-telnet-port) Administrative access port for telnet. type: int more...
- admintimeout Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). type: int more...
- gui_ipv6 (Alias name: gui-ipv6) Enable/disable ipv6 settings on the gui. type: str choices: [disable, enable] more...
- gui_lines_per_page (Alias name: gui-lines-per-page) Number of lines to display per page for web administration. type: int more...
- gui_theme (Alias name: gui-theme) Color scheme for the administration gui. type: str choices: [blue, green, melongene, red, mariner, neutrino, jade, graphite, dark-matter, onyx, eclipse, retro, fpx, jet-stream, security-fabric] more...
- language Gui display language. type: str choices: [english, simch, japanese, korean, spanish, trach, french, portuguese] more...
- switch_controller (Alias name: switch-controller) Enable/disable switch controller feature. type: str choices: [disable, enable] more...
- gui_device_latitude (Alias name: gui-device-latitude) Support meta variable type: str more...
- gui_device_longitude (Alias name: gui-device-longitude) Support meta variable type: str more...
- hostname Support meta variable type: str more...
- timezone Support meta variable type: list choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87] more...
- check_reset_range (Alias name: check-reset-range) Configure icmp error message verification. type: str choices: [disable, strict] more...
- pmtu_discovery (Alias name: pmtu-discovery) Enable/disable path mtu discovery. type: str choices: [disable, enable] more...
- gui_allow_incompatible_fabric_fgt (Alias name: gui-allow-incompatible-fabric-fgt) Enable/disable allow fgt with incompatible firmware to be treated as compatible in security fabric on the gui. type: str choices: [disable, enable] more...
- admin_restrict_local (Alias name: admin-restrict-local) Enable/disable local admin authentication restriction when remote authenticator is up and running (default = disable). type: str choices: [disable, enable, all, non-console-only] more...
- gui_workflow_management (Alias name: gui-workflow-management) Enable/disable workflow management features on the gui. type: str choices: [disable, enable] more...
- send_pmtu_icmp (Alias name: send-pmtu-icmp) Enable/disable sending of path maximum transmission unit (pmtu) - icmp destination unreachable packet and to support pmtud protocol on your network to reduce fragmentation of packets. type: str choices: [disable, enable] more...
- tcp_halfclose_timer (Alias name: tcp-halfclose-timer) Number of seconds the fortigate unit should wait to close a session after one peer has sent a fin packet but the other has not responded (1 - 86400 sec (1 day), default = 120). type: int more...
- admin_server_cert (Alias name: admin-server-cert) Server certificate that the fortigate uses for https administrative connections. type: list more...
- dnsproxy_worker_count (Alias name: dnsproxy-worker-count) Dns proxy worker count. type: int more...
- show_backplane_intf (Alias name: show-backplane-intf) Show/hide backplane interfaces type: str choices: [disable, enable] more...
- gui_custom_language (Alias name: gui-custom-language) Enable/disable custom languages in gui. type: str choices: [disable, enable] more...
- ldapconntimeout Global timeout for connections with remote ldap servers in milliseconds (1 - 300000, default 500). type: int more...
- auth_https_port (Alias name: auth-https-port) User authentication https port. type: int more...
- revision_backup_on_logout (Alias name: revision-backup-on-logout) Enable/disable back-up of the latest configuration revision when an administrator logs out of the cli or gui. type: str choices: [disable, enable] more...
- arp_max_entry (Alias name: arp-max-entry) Maximum number of dynamically learned mac addresses that can be added to the arp table (131072 - 2147483647, default = 131072). type: int more...
- long_vdom_name (Alias name: long-vdom-name) Enable/disable long vdom name support. type: str choices: [disable, enable] more...
- pre_login_banner (Alias name: pre-login-banner) Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. type: str choices: [disable, enable] more...
- qsfpdd_split8_port (Alias name: qsfpdd-split8-port) Split qsfpddd port(s) as 8 ports type: list more...
- max_route_cache_size (Alias name: max-route-cache-size) Maximum number of ip route cache entries (0 - 2147483647). type: int more...
- fortitoken_cloud_push_status (Alias name: fortitoken-cloud-push-status) Enable/disable ftm push service of fortitoken cloud. type: str choices: [disable, enable] more...
- ssh_hostkey_override (Alias name: ssh-hostkey-override) Enable/disable ssh host key override in ssh daemon. type: str choices: [disable, enable] more...
- proxy_hardware_acceleration (Alias name: proxy-hardware-acceleration) Enable/disable email proxy hardware acceleration. type: str choices: [disable, enable] more...
- switch_controller_reserved_network (Alias name: switch-controller-reserved-network) Configure reserved network subnet for managed switches. type: list more...
- ssd_trim_date (Alias name: ssd-trim-date) Date within a month to run ssd trim. type: int more...
- wad_worker_count (Alias name: wad-worker-count) Number of explicit proxy wan optimization daemon (wad) processes. type: int more...
- ssh_hostkey (Alias name: ssh-hostkey) Config ssh host key. type: str more...
- wireless_controller_port (Alias name: wireless-controller-port) Port used for the control channel in wireless controller mode (wireless-mode is ac). type: int more...
- fgd_alert_subscription (Alias name: fgd-alert-subscription) Type of alert to retrieve from fortiguard. type: list choices: [advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db] more...
- forticontroller_proxy_port (Alias name: forticontroller-proxy-port) Forticontroller proxy port (1024 - 49150). type: int more...
- dh_params (Alias name: dh-params) Number of bits to use in the diffie-hellman exchange for https/ssh protocols. type: str choices: [1024, 1536, 2048, 3072, 4096, 6144, 8192] more...
- memory_use_threshold_green (Alias name: memory-use-threshold-green) Threshold at which memory usage forces the fortigate to exit conserve mode (% of total ram, default = 82). type: int more...
- proxy_cert_use_mgmt_vdom (Alias name: proxy-cert-use-mgmt-vdom) Enable/disable using management vdom to send requests. type: str choices: [disable, enable] more...
- proxy_auth_lifetime_timeout (Alias name: proxy-auth-lifetime-timeout) Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)). type: int more...
- gui_auto_upgrade_setup_warning (Alias name: gui-auto-upgrade-setup-warning) Enable/disable the automatic patch upgrade setup prompt on the gui. type: str choices: [disable, enable] more...
- gui_cdn_usage (Alias name: gui-cdn-usage) Enable/disable load gui static files from a cdn. type: str choices: [disable, enable] more...
- two_factor_email_expiry (Alias name: two-factor-email-expiry) Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60). type: int more...
- udp_idle_timer (Alias name: udp-idle-timer) Udp connection session timeout. type: int more...
- interface_subnet_usage (Alias name: interface-subnet-usage) Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). type: str choices: [disable, enable] more...
- forticontroller_proxy (Alias name: forticontroller-proxy) Enable/disable forticontroller proxy. type: str choices: [disable, enable] more...
- ssh_enc_algo (Alias name: ssh-enc-algo) Select one or more ssh ciphers. type: list choices: [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com] more...
- block_session_timer (Alias name: block-session-timer) Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30). type: int more...
- quic_pmtud (Alias name: quic-pmtud) Enable/disable path mtu discovery (default = enable). type: str choices: [disable, enable] more...
- admin_https_ssl_ciphersuites (Alias name: admin-https-ssl-ciphersuites) Select one or more tls 1. type: list choices: [TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256] more...
- security_rating_result_submission (Alias name: security-rating-result-submission) Enable/disable the submission of security rating results to fortiguard. type: str choices: [disable, enable] more...
- user_device_store_max_unified_mem (Alias name: user-device-store-max-unified-mem) Maximum unified memory allowed in user device store. type: int more...
- management_port (Alias name: management-port) Overriding port for management connection (overrides admin port). type: int more...
- fortigslb_integration (Alias name: fortigslb-integration) Enable/disable integration with the fortigslb cloud service. type: str choices: [disable, enable] more...
- admin_https_ssl_versions (Alias name: admin-https-ssl-versions) Allowed tls versions for web administration. type: list choices: [tlsv1-0, tlsv1-1, tlsv1-2, sslv3, tlsv1-3] more...
- cert_chain_max (Alias name: cert-chain-max) Maximum number of certificates that can be traversed in a certificate chain. type: int more...
- qsfp28_40g_port (Alias name: qsfp28-40g-port) Set port(s) to 40gbps type: list more...
- strong_crypto (Alias name: strong-crypto) Enable to use strong encryption and only allow strong ciphers and digest for https/ssh/tls/ssl functions. type: str choices: [disable, enable] more...
- multi_factor_authentication (Alias name: multi-factor-authentication) Enforce all login methods to require an additional authentication factor (default = optional). type: str choices: [optional, mandatory] more...
- fds_statistics (Alias name: fds-statistics) Enable/disable sending ips, application control, and antivirus data to fortiguard. type: str choices: [disable, enable] more...
- gui_display_hostname (Alias name: gui-display-hostname) Enable/disable displaying the fortigates hostname on the gui login page. type: str choices: [disable, enable] more...
- two_factor_ftk_expiry (Alias name: two-factor-ftk-expiry) Fortitoken authentication session timeout (60 - 600 sec (10 minutes), default = 60). type: int more...
- wad_source_affinity (Alias name: wad-source-affinity) Enable/disable dispatching traffic to wad workers based on source affinity. type: str choices: [disable, enable] more...
- ssl_static_key_ciphers (Alias name: ssl-static-key-ciphers) Enable/disable static key ciphers in ssl/tls connections (e. type: str choices: [disable, enable] more...
- daily_restart (Alias name: daily-restart) Enable/disable daily restart of fortigate unit. type: str choices: [disable, enable] more...
- snat_route_change (Alias name: snat-route-change) Enable/disable the ability to change the source nat route. type: str choices: [disable, enable] more...
- tcp_rst_timer (Alias name: tcp-rst-timer) Length of the tcp close state in seconds (5 - 300 sec, default = 5). type: int more...
- anti_replay (Alias name: anti-replay) Level of checking for packet replay and tcp sequence checking. type: str choices: [disable, loose, strict] more...
- ssl_min_proto_version (Alias name: ssl-min-proto-version) Minimum supported protocol version for ssl/tls connections (default = tlsv1. type: str choices: [TLSv1, TLSv1-1, TLSv1-2, SSLv3, TLSv1-3] more...
- speedtestd_server_port (Alias name: speedtestd-server-port) Speedtest server port number. type: int more...
- cpu_use_threshold (Alias name: cpu-use-threshold) Threshold at which cpu usage is reported (% of total cpu, default = 90). type: int more...
- admin_host (Alias name: admin-host) Administrative host for http and https. type: str more...
- csr_ca_attribute (Alias name: csr-ca-attribute) Enable/disable the ca attribute in certificates. type: str choices: [disable, enable] more...
- fortiservice_port (Alias name: fortiservice-port) Fortiservice port (1 - 65535, default = 8013). type: int more...
- ssd_trim_hour (Alias name: ssd-trim-hour) Hour of the day on which to run ssd trim (0 - 23, default = 1). type: int more...
- purdue_level (Alias name: purdue-level) Purdue level of this fortigate. type: str choices: [1, 2, 3, 4, 5, 1.5, 2.5, 3.5, 5.5] more...
- management_vdom (Alias name: management-vdom) Management virtual domain name. type: list more...
- quic_ack_thresold (Alias name: quic-ack-thresold) Maximum number of unacknowledged packets before sending ack (2 - 5, default = 3). type: int more...
- qsfpdd_100g_port (Alias name: qsfpdd-100g-port) Split qsfpddd port(s) as 100g ports type: list more...
- ips_affinity (Alias name: ips-affinity) Affinity setting for ips (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed cpus must be less than total number of ips engine daemons). type: str more...
- vip_arp_range (Alias name: vip-arp-range) Controls the number of arps that the fortigate sends for a virtual ip (vip) address range. type: str choices: [restricted, unlimited] more...
- internet_service_database (Alias name: internet-service-database) Configure which internet service database size to download from fortiguard and use. type: str choices: [mini, standard, full, on-demand] more...
- revision_image_auto_backup (Alias name: revision-image-auto-backup) Enable/disable back-up of the latest image revision after the firmware is upgraded. type: str choices: [disable, enable] more...
- sflowd_max_children_num (Alias name: sflowd-max-children-num) Maximum number of sflowd child processes allowed to run. type: int more...
- admin_https_pki_required (Alias name: admin-https-pki-required) Enable/disable admin login method. type: str choices: [disable, enable] more...
- special_file_23_support (Alias name: special-file-23-support) Enable/disable detection of those special format files when using data loss prevention. type: str choices: [disable, enable] more...
- npu_neighbor_update (Alias name: npu-neighbor-update) Enable/disable sending of arp/icmp6 probing packets to update neighbors for offloaded sessions. type: str choices: [disable, enable] more...
- log_single_cpu_high (Alias name: log-single-cpu-high) Enable/disable logging the event of a single cpu core reaching cpu usage threshold. type: str choices: [disable, enable] more...
- management_ip (Alias name: management-ip) Management ip address of this fortigate. type: str more...
- proxy_resource_mode (Alias name: proxy-resource-mode) Enable/disable use of the maximum memory usage on the fortigate units proxy processing of resources, such as block lists, allow lists, and external resources. type: str choices: [disable, enable] more...
- admin_ble_button (Alias name: admin-ble-button) Press the ble button can enable ble function type: str choices: [disable, enable] more...
- gui_firmware_upgrade_warning (Alias name: gui-firmware-upgrade-warning) Enable/disable the firmware upgrade warning on the gui. type: str choices: [disable, enable] more...
- dp_tcp_normal_timer (Alias name: dp-tcp-normal-timer) Dp tcp normal timeout (1 - 65535 sec, default = 3605). type: int more...
- ipv6_allow_traffic_redirect (Alias name: ipv6-allow-traffic-redirect) Disable to prevent ipv6 traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: [disable, enable] more...
- cli_audit_log (Alias name: cli-audit-log) Enable/disable cli audit log. type: str choices: [disable, enable] more...
- memory_use_threshold_extreme (Alias name: memory-use-threshold-extreme) Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total ram, default = 95). type: int more...
- ha_affinity (Alias name: ha-affinity) Affinity setting for ha daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- restart_time (Alias name: restart-time) Daily restart time (hh:mm). type: str more...
- speedtestd_ctrl_port (Alias name: speedtestd-ctrl-port) Speedtest server controller port number. type: int more...
- gui_wireless_opensecurity (Alias name: gui-wireless-opensecurity) Enable/disable wireless open security option on the gui. type: str choices: [disable, enable] more...
- memory_use_threshold_red (Alias name: memory-use-threshold-red) Threshold at which memory usage forces the fortigate to enter conserve mode (% of total ram, default = 88). type: int more...
- dp_fragment_timer (Alias name: dp-fragment-timer) Dp fragment session timeout (1 - 65535 sec, default = 120). type: int more...
- wad_restart_start_time (Alias name: wad-restart-start-time) Wad workers daily restart time (hh:mm). type: str more...
- proxy_re_authentication_time (Alias name: proxy-re-authentication-time) The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s. type: int more...
- gui_app_detection_sdwan (Alias name: gui-app-detection-sdwan) Enable/disable allow app-detection based sd-wan. type: str choices: [disable, enable] more...
- scanunit_count (Alias name: scanunit-count) Number of scanunits. type: int more...
- tftp Enable/disable tftp. type: str choices: [disable, enable] more...
- xstools_update_frequency (Alias name: xstools-update-frequency) Xenserver tools daemon update frequency (30 - 300 sec, default = 60). type: int more...
- clt_cert_req (Alias name: clt-cert-req) Enable/disable requiring administrators to have a client certificate to log into the gui using https. type: str choices: [disable, enable] more...
- fortiextender_vlan_mode (Alias name: fortiextender-vlan-mode) Enable/disable fortiextender vlan mode. type: str choices: [disable, enable] more...
- auth_http_port (Alias name: auth-http-port) User authentication http port. type: int more...
- per_user_bal (Alias name: per-user-bal) Enable/disable per-user block/allow list filter. type: str choices: [disable, enable] more...
- gui_date_format (Alias name: gui-date-format) Default date format used throughout gui. type: str choices: [yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy] more...
- log_uuid_address (Alias name: log-uuid-address) Enable/disable insertion of address uuids to traffic logs. type: str choices: [disable, enable] more...
- cloud_communication (Alias name: cloud-communication) Enable/disable all cloud communication. type: str choices: [disable, enable] more...
- lldp_reception (Alias name: lldp-reception) Enable/disable link layer discovery protocol (lldp) reception. type: str choices: [disable, enable] more...
- two_factor_ftm_expiry (Alias name: two-factor-ftm-expiry) Fortitoken mobile session timeout (1 - 168 hours (7 days), default = 72). type: int more...
- quic_udp_payload_size_shaping_per_cid (Alias name: quic-udp-payload-size-shaping-per-cid) Enable/disable udp payload size shaping per connection id (default = enable). type: str choices: [disable, enable] more...
- autorun_log_fsck (Alias name: autorun-log-fsck) Enable/disable automatic log partition check after ungraceful shutdown. type: str choices: [disable, enable] more...
- vpn_ems_sn_check (Alias name: vpn-ems-sn-check) Enable/disable verification of ems serial number in ssl-vpn connection. type: str choices: [disable, enable] more...
- admin_ssh_password (Alias name: admin-ssh-password) Enable/disable password authentication for ssh admin access. type: str choices: [disable, enable] more...
- airplane_mode (Alias name: airplane-mode) Enable/disable airplane mode. type: str choices: [disable, enable] more...
- batch_cmdb (Alias name: batch-cmdb) Enable/disable batch mode, allowing you to enter a series of cli commands that will execute as a group once they are loaded. type: str choices: [disable, enable] more...
- ip_src_port_range (Alias name: ip-src-port-range) Ip source port range used for traffic originating from the fortigate unit. type: list more...
- strict_dirty_session_check (Alias name: strict-dirty-session-check) Enable to check the session against the original policy when revalidating. type: str choices: [disable, enable] more...
- user_device_store_max_devices (Alias name: user-device-store-max-devices) Maximum number of devices allowed in user device store. type: int more...
- dp_udp_idle_timer (Alias name: dp-udp-idle-timer) Dp udp idle timer (0 - 86400 sec, default = 0). type: int more...
- internal_switch_speed (Alias name: internal-switch-speed) Internal port speed. type: list choices: [auto, 10full, 10half, 100full, 100half, 1000full, 1000auto] more...
- forticonverter_config_upload (Alias name: forticonverter-config-upload) Enable/disable config upload to forticonverter. type: str choices: [disable, once] more...
- ipsec_round_robin (Alias name: ipsec-round-robin) Enable/disable round-robin redistribution to multiple cpus for ipsec vpn traffic. type: str choices: [disable, enable] more...
- wad_affinity (Alias name: wad-affinity) Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- wifi_ca_certificate (Alias name: wifi-ca-certificate) Ca certificate that verifies the wifi certificate. type: list more...
- wimax_4g_usb (Alias name: wimax-4g-usb) Enable/disable comparability with wimax 4g usb devices. type: str choices: [disable, enable] more...
- miglog_affinity (Alias name: miglog-affinity) Affinity setting for logging (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- faz_disk_buffer_size (Alias name: faz-disk-buffer-size) Maximum disk buffer size to temporarily store logs destined for fortianalyzer. type: int more...
- ssh_kex_algo (Alias name: ssh-kex-algo) Select one or more ssh kex algorithms. type: list choices: [diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512] more...
- auto_auth_extension_device (Alias name: auto-auth-extension-device) Enable/disable automatic authorization of dedicated fortinet extension devices. type: str choices: [disable, enable] more...
- forticarrier_bypass (Alias name: forticarrier-bypass) Forticarrier bypass. type: str choices: [disable, enable] more...
- reset_sessionless_tcp (Alias name: reset-sessionless-tcp) Action to perform if the fortigate receives a tcp packet but cannot find a corresponding session in its session table. type: str choices: [disable, enable] more...
- early_tcp_npu_session (Alias name: early-tcp-npu-session) Enable/disable early tcp npu session. type: str choices: [disable, enable] more...
- http_unauthenticated_request_limit (Alias name: http-unauthenticated-request-limit) Http request body size limit before authentication. type: int more...
- gui_local_out (Alias name: gui-local-out) Enable/disable local-out traffic on the gui. type: str choices: [disable, enable] more...
- tcp_option (Alias name: tcp-option) Enable sack, timestamp and mss tcp options. type: str choices: [disable, enable] more...
- proxy_auth_timeout (Alias name: proxy-auth-timeout) Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10). type: int more...
- fortiextender_discovery_lockdown (Alias name: fortiextender-discovery-lockdown) Enable/disable fortiextender capwap lockdown. type: str choices: [disable, enable] more...
- lldp_transmission (Alias name: lldp-transmission) Enable/disable link layer discovery protocol (lldp) transmission. type: str choices: [disable, enable] more...
- split_port (Alias name: split-port) Split port(s) to multiple 10gbps ports. type: list more...
- gui_certificates (Alias name: gui-certificates) Enable/disable the system > certificate gui page, allowing you to add and configure certificates from the gui. type: str choices: [disable, enable] more...
- cfg_save (Alias name: cfg-save) Configuration file save mode for cli changes. type: str choices: [automatic, manual, revert] more...
- auth_keepalive (Alias name: auth-keepalive) Enable to prevent user authentication sessions from timing out when idle. type: str choices: [disable, enable] more...
- split_port_mode (Alias name: split-port-mode) Split port mode. type: list more...
- admin_forticloud_sso_login (Alias name: admin-forticloud-sso-login) Enable/disable forticloud admin login via sso. type: str choices: [disable, enable] more...
- post_login_banner (Alias name: post-login-banner) Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. type: str choices: [disable, enable] more...
- br_fdb_max_entry (Alias name: br-fdb-max-entry) Maximum number of bridge forwarding database (fdb) entries. type: int more...
- ip_fragment_mem_thresholds (Alias name: ip-fragment-mem-thresholds) Maximum memory (mb) used to reassemble ipv4/ipv6 fragments. type: int more...
- fortiextender_provision_on_authorization (Alias name: fortiextender-provision-on-authorization) Enable/disable automatic provisioning of latest fortiextender firmware on authorization. type: str choices: [disable, enable] more...
- reboot_upon_config_restore (Alias name: reboot-upon-config-restore) Enable/disable reboot of system upon restoring configuration. type: str choices: [disable, enable] more...
- syslog_affinity (Alias name: syslog-affinity) Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- fortiextender_data_port (Alias name: fortiextender-data-port) Fortiextender data port (1024 - 49150, default = 25246). type: int more...
- quic_tls_handshake_timeout (Alias name: quic-tls-handshake-timeout) Time-to-live (ttl) for tls handshake in seconds (1 - 60, default = 5). type: int more...
- forticonverter_integration (Alias name: forticonverter-integration) Enable/disable forticonverter integration service. type: str choices: [disable, enable] more...
- proxy_keep_alive_mode (Alias name: proxy-keep-alive-mode) Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. type: str choices: [session, traffic, re-authentication] more...
- cmdbsvr_affinity (Alias name: cmdbsvr-affinity) Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- wad_memory_change_granularity (Alias name: wad-memory-change-granularity) Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting tcp window size for any active connection. type: int more...
- dhcp_lease_backup_interval (Alias name: dhcp-lease-backup-interval) Dhcp leases backup interval in seconds (10 - 3600, default = 60). type: int more...
- check_protocol_header (Alias name: check-protocol-header) Level of checking performed on protocol headers. type: str choices: [loose, strict] more...
- av_failopen_session (Alias name: av-failopen-session) When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. type: str choices: [disable, enable] more...
- ipsec_ha_seqjump_rate (Alias name: ipsec-ha-seqjump-rate) Esp jump ahead rate (1g - 10g pps equivalent). type: int more...
- admin_hsts_max_age (Alias name: admin-hsts-max-age) Https strict-transport-security header max-age in seconds. type: int more...
- igmp_state_limit (Alias name: igmp-state-limit) Maximum number of igmp memberships (96 - 64000, default = 3200). type: int more...
- admin_login_max (Alias name: admin-login-max) Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100). type: int more...
- ipv6_allow_multicast_probe (Alias name: ipv6-allow-multicast-probe) Enable/disable ipv6 address probe through multicast. type: str choices: [disable, enable] more...
- virtual_switch_vlan (Alias name: virtual-switch-vlan) Enable/disable virtual switch vlan. type: str choices: [disable, enable] more...
- admin_lockout_threshold (Alias name: admin-lockout-threshold) Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. type: int more...
- dp_pinhole_timer (Alias name: dp-pinhole-timer) Dp pinhole session timeout (30 - 120 sec, default = 120). type: int more...
- wireless_controller (Alias name: wireless-controller) Enable/disable the wireless controller feature to use the fortigate unit to manage fortiaps. type: str choices: [disable, enable] more...
- bfd_affinity (Alias name: bfd-affinity) Affinity setting for bfd daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- ssd_trim_freq (Alias name: ssd-trim-freq) How often to run ssd trim (default = weekly). type: str choices: [daily, weekly, monthly, hourly, never] more...
- two_factor_sms_expiry (Alias name: two-factor-sms-expiry) Sms-based two-factor authentication session timeout (30 - 300 sec, default = 60). type: int more...
- traffic_priority (Alias name: traffic-priority) Choose type of service (tos) or differentiated services code point (dscp) for traffic prioritization in traffic shaping. type: str choices: [tos, dscp] more...
- proxy_and_explicit_proxy (Alias name: proxy-and-explicit-proxy) Proxy and explicit proxy. type: str choices: [disable, enable] more...
- sslvpn_web_mode (Alias name: sslvpn-web-mode) Enable/disable ssl-vpn web mode. type: str choices: [disable, enable] more...
- ssh_hostkey_password (Alias name: ssh-hostkey-password) Password for ssh-hostkey. type: list more...
- wad_csvc_db_count (Alias name: wad-csvc-db-count) Number of concurrent wad-cache-service byte-cache processes. type: int more...
- ipv6_allow_anycast_probe (Alias name: ipv6-allow-anycast-probe) Enable/disable ipv6 address probe through anycast. type: str choices: [disable, enable] more...
- honor_df (Alias name: honor-df) Enable/disable honoring of dont-fragment (df) flag. type: str choices: [disable, enable] more...
- hyper_scale_vdom_num (Alias name: hyper-scale-vdom-num) Number of vdoms for hyper scale license. type: int more...
- wad_csvc_cs_count (Alias name: wad-csvc-cs-count) Number of concurrent wad-cache-service object-cache processes. type: int more...
- internal_switch_mode (Alias name: internal-switch-mode) Internal switch mode. type: str choices: [switch, interface, hub] more...
- cfg_revert_timeout (Alias name: cfg-revert-timeout) Time-out for reverting to the last saved configuration. type: int more...
- admin_concurrent (Alias name: admin-concurrent) Enable/disable concurrent administrator logins. type: str choices: [disable, enable] more...
- ipv6_allow_local_in_silent_drop (Alias name: ipv6-allow-local-in-silent-drop) Enable/disable silent drop of ipv6 local-in traffic. type: str choices: [disable, enable] more...
- tcp_halfopen_timer (Alias name: tcp-halfopen-timer) Number of seconds the fortigate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10). type: int more...
- dp_rsync_timer (Alias name: dp-rsync-timer) Dp rsync session timeout (1 - 65535 sec, default = 300). type: int more...
- management_port_use_admin_sport (Alias name: management-port-use-admin-sport) Enable/disable use of the admin-sport setting for the management port. type: str choices: [disable, enable] more...
- gui_forticare_registration_setup_warning (Alias name: gui-forticare-registration-setup-warning) Enable/disable the forticare registration setup warning on the gui. type: str choices: [disable, enable] more...
- gui_replacement_message_groups (Alias name: gui-replacement-message-groups) Enable/disable replacement message groups on the gui. type: str choices: [disable, enable] more...
- security_rating_run_on_schedule (Alias name: security-rating-run-on-schedule) Enable/disable scheduled runs of security rating. type: str choices: [disable, enable] more...
- admin_lockout_duration (Alias name: admin-lockout-duration) Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. type: int more...
- optimize_flow_mode (Alias name: optimize-flow-mode) Flow mode optimization option. type: str choices: [disable, enable] more...
- private_data_encryption (Alias name: private-data-encryption) Enable/disable private data encryption using an aes 128-bit key or passpharse. type: str choices: [disable, enable] more...
- wireless_mode (Alias name: wireless-mode) Wireless mode setting. type: str choices: [ac, client, wtp, fwfap] more...
- alias Alias for your fortigate unit. type: str more...
- ssh_hostkey_algo (Alias name: ssh-hostkey-algo) Select one or more ssh hostkey algorithms. type: list choices: [ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519, ecdsa-sha2-nistp384, ecdsa-sha2-nistp256] more...
- fortitoken_cloud (Alias name: fortitoken-cloud) Enable/disable fortitoken cloud service. type: str choices: [disable, enable] more...
- av_affinity (Alias name: av-affinity) Affinity setting for av scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- proxy_worker_count (Alias name: proxy-worker-count) Proxy worker count. type: int more...
- ipsec_asic_offload (Alias name: ipsec-asic-offload) Enable/disable asic offloading (hardware acceleration) for ipsec vpn traffic. type: str choices: [disable, enable] more...
- miglogd_children (Alias name: miglogd-children) Number of logging (miglogd) processes to be allowed to run. type: int more...
- sslvpn_max_worker_count (Alias name: sslvpn-max-worker-count) Maximum number of ssl-vpn processes. type: int more...
- ssh_mac_algo (Alias name: ssh-mac-algo) Select one or more ssh mac algorithms. type: list choices: [hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com] more...
- url_filter_count (Alias name: url-filter-count) Url filter daemon count. type: int more...
- wifi_certificate (Alias name: wifi-certificate) Certificate to use for wifi authentication. type: list more...
- radius_port (Alias name: radius-port) Radius service port number. type: int more...
- sys_perf_log_interval (Alias name: sys-perf-log-interval) Time in minutes between updates of performance statistics logging. type: int more...
- gui_fortigate_cloud_sandbox (Alias name: gui-fortigate-cloud-sandbox) Enable/disable displaying fortigate cloud sandbox on the gui. type: str choices: [disable, enable] more...
- auth_cert (Alias name: auth-cert) Server certificate that the fortigate uses for https firewall authentication connections. type: list more...
- fortiextender Enable/disable fortiextender. type: str choices: [disable, enable] more...
- admin_reset_button (Alias name: admin-reset-button) Press the reset button can reset to factory default. type: str choices: [disable, enable] more...
- av_failopen (Alias name: av-failopen) Set the action to take if the fortigate is running low on memory or the proxy connection limit has been reached. type: str choices: [off, pass, one-shot, idledrop] more...
- user_device_store_max_users (Alias name: user-device-store-max-users) Maximum number of users allowed in user device store. type: int more...
- auth_session_limit (Alias name: auth-session-limit) Action to take when the number of allowed user authenticated sessions is reached. type: str choices: [block-new, logout-inactive] more...
- ipv6_allow_local_in_slient_drop (Alias name: ipv6-allow-local-in-slient-drop) Enable/disable silent drop of ipv6 local-in traffic. type: str choices: [disable, enable] more...
- quic_congestion_control_algo (Alias name: quic-congestion-control-algo) Quic congestion control algorithm (default = cubic). type: str choices: [cubic, bbr, bbr2, reno] more...
- auth_ike_saml_port (Alias name: auth-ike-saml-port) User ike saml authentication port (0 - 65535, default = 1001). type: int more...
- wad_restart_end_time (Alias name: wad-restart-end-time) Wad workers daily restart end time (hh:mm). type: str more...
- http_request_limit (Alias name: http-request-limit) Http request body size limit. type: int more...
- irq_time_accounting (Alias name: irq-time-accounting) Configure cpu irq time accounting mode. type: str choices: [auto, force] more...
- remoteauthtimeout Number of seconds that the fortigate waits for responses from remote radius, ldap, or tacacs+ authentication servers. type: int more...
- admin_https_ssl_banned_ciphers (Alias name: admin-https-ssl-banned-ciphers) Select one or more cipher technologies that cannot be used in gui https negotiations. type: list choices: [RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM] more...
- allow_traffic_redirect (Alias name: allow-traffic-redirect) Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: [disable, enable] more...
- legacy_poe_device_support (Alias name: legacy-poe-device-support) Enable/disable legacy poe device support. type: str choices: [disable, enable] more...
- wad_restart_mode (Alias name: wad-restart-mode) Wad worker restart mode (default = none). type: str choices: [none, time, memory] more...
- fds_statistics_period (Alias name: fds-statistics-period) Fortiguard statistics collection period in minutes. type: int more...
- admin_telnet (Alias name: admin-telnet) Enable/disable telnet service. type: str choices: [disable, enable] more...
- ipv6_accept_dad (Alias name: ipv6-accept-dad) Enable/disable acceptance of ipv6 duplicate address detection (dad). type: int more...
- tcp_timewait_timer (Alias name: tcp-timewait-timer) Length of the tcp time-wait state in seconds (1 - 300 sec, default = 1). type: int more...
- admin_console_timeout (Alias name: admin-console-timeout) Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout). type: int more...
- default_service_source_port (Alias name: default-service-source-port) Default service source port range (default = 1 - 65535). type: str more...
- quic_max_datagram_size (Alias name: quic-max-datagram-size) Maximum transmit datagram size (1200 - 1500, default = 1500). type: int more...
- refresh Statistics refresh interval second(s) in gui. type: int more...
- extender_controller_reserved_network (Alias name: extender-controller-reserved-network) Configure reserved network subnet for managed lan extension fortiextender units. type: list more...
- url_filter_affinity (Alias name: url-filter-affinity) Url filter cpu affinity. type: str more...
- policy_auth_concurrent (Alias name: policy-auth-concurrent) Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit). type: int more...
- ipsec_hmac_offload (Alias name: ipsec-hmac-offload) Enable/disable offloading (hardware acceleration) of hmac processing for ipsec vpn. type: str choices: [disable, enable] more...
- traffic_priority_level (Alias name: traffic-priority-level) Default system-wide level of priority for traffic prioritization. type: str choices: [high, medium, low] more...
- ipsec_qat_offload (Alias name: ipsec-qat-offload) Enable/disable qat offloading (intel quickassist) for ipsec vpn traffic. type: str choices: [disable, enable] more...
- ssd_trim_min (Alias name: ssd-trim-min) Minute of the hour on which to run ssd trim (0 - 59, 60 for random). type: int more...
- gui_date_time_source (Alias name: gui-date-time-source) Source from which the fortigate gui uses to display date and time entries. type: str choices: [system, browser] more...
- log_ssl_connection (Alias name: log-ssl-connection) Enable/disable logging of ssl connection events. type: str choices: [disable, enable] more...
- ndp_max_entry (Alias name: ndp-max-entry) Maximum number of ndp table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). type: int more...
- vdom_mode (Alias name: vdom-mode) Enable/disable support for multiple virtual domains (vdoms). type: str choices: [no-vdom, multi-vdom, split-vdom] more...
- internet_service_download_list (Alias name: internet-service-download-list) Configure which on-demand internet service ids are to be downloaded. type: list more...
- fortitoken_cloud_sync_interval (Alias name: fortitoken-cloud-sync-interval) Interval in which to clean up remote users in fortitoken cloud (0 - 336 hours (14 days), default = 24, disable = 0). type: int more...
- ssd_trim_weekday (Alias name: ssd-trim-weekday) Day of week to run ssd trim. type: str choices: [sunday, monday, tuesday, wednesday, thursday, friday, saturday] more...
- two_factor_fac_expiry (Alias name: two-factor-fac-expiry) Fortiauthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60). type: int more...
- gui_rest_api_cache (Alias name: gui-rest-api-cache) Enable/disable rest api result caching on fortigate. type: str choices: [disable, enable] more...
- admin_forticloud_sso_default_profile (Alias name: admin-forticloud-sso-default-profile) Override access profile. type: list more...
- proxy_auth_lifetime (Alias name: proxy-auth-lifetime) Enable/disable authenticated users lifetime control. type: str choices: [disable, enable] more...
- device_idle_timeout (Alias name: device-idle-timeout) Time in seconds that a device must be idle to automatically log the device user out. type: int more...
- login_timestamp (Alias name: login-timestamp) Enable/disable login time recording. type: str choices: [disable, enable] more...
- speedtest_server (Alias name: speedtest-server) Enable/disable speed test server. type: str choices: [disable, enable] more...
- edit_vdom_prompt (Alias name: edit-vdom-prompt) Enable/disable edit new vdom prompt. type: str choices: [disable, enable] more...
- gui_cdn_domain_override (Alias name: gui-cdn-domain-override) Domain of cdn server. type: str more...
- admin_ssh_grace_time (Alias name: admin-ssh-grace-time) Maximum time in seconds permitted between making an ssh connection to the fortigate unit and authenticating (10 - 3600 sec (1 hour), default 120). type: int more...
- sslvpn_ems_sn_check (Alias name: sslvpn-ems-sn-check) Enable/disable verification of ems serial number in ssl-vpn connection. type: str choices: [disable, enable] more...
- user_server_cert (Alias name: user-server-cert) Certificate to use for https user authentication. type: list more...
- gui_allow_default_hostname (Alias name: gui-allow-default-hostname) Enable/disable the factory default hostname warning on the gui setup wizard. type: str choices: [disable, enable] more...
- proxy_re_authentication_mode (Alias name: proxy-re-authentication-mode) Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. type: str choices: [session, traffic, absolute] more...
- ipsec_soft_dec_async (Alias name: ipsec-soft-dec-async) Enable/disable software decryption asynchronization (using multiple cpus to do decryption) for ipsec vpn traffic. type: str choices: [disable, enable] more...
- admin_maintainer (Alias name: admin-maintainer) Enable/disable maintainer administrator login. type: str choices: [disable, enable] more...
- dst Enable/disable daylight saving time. type: str choices: [disable, enable] more...
- fec_port (Alias name: fec-port) Local udp port for forward error correction (49152 - 65535). type: int more...
- ssh_kex_sha1 (Alias name: ssh-kex-sha1) Enable/disable sha1 key exchange for ssh access. type: str choices: [disable, enable] more...
- ssh_mac_weak (Alias name: ssh-mac-weak) Enable/disable hmac-sha1 and umac-64-etm for ssh access. type: str choices: [disable, enable] more...
- sslvpn_cipher_hardware_acceleration (Alias name: sslvpn-cipher-hardware-acceleration) Enable/disable ssl-vpn hardware acceleration. type: str choices: [disable, enable] more...
- sys_file_check_interval (Alias name: sys-file-check-interval) Set scheduled system file checking interval in minutes (10 - 10080 min, default = 60, 0 = disabled). type: int more...
- ssh_hmac_md5 (Alias name: ssh-hmac-md5) Enable/disable hmac-md5 for ssh access. type: str choices: [disable, enable] more...
- ssh_cbc_cipher (Alias name: ssh-cbc-cipher) Enable/disable cbc cipher for ssh access. type: str choices: [disable, enable] more...
- gui_fortiguard_resource_fetch (Alias name: gui-fortiguard-resource-fetch) Enable/disable retrieving static gui resources from fortiguard. type: str choices: [disable, enable] more...
- sslvpn_kxp_hardware_acceleration (Alias name: sslvpn-kxp-hardware-acceleration) Enable/disable ssl-vpn kxp hardware acceleration. type: str choices: [disable, enable] more...
- sslvpn_plugin_version_check (Alias name: sslvpn-plugin-version-check) Enable/disable checking browsers plugin version by ssl-vpn. type: str choices: [disable, enable] more...
- fortiipam_integration (Alias name: fortiipam-integration) Enable/disable integration with the fortiipam cloud service. type: str choices: [disable, enable] more...
- gui_firmware_upgrade_setup_warning (Alias name: gui-firmware-upgrade-setup-warning) Gui firmware upgrade setup warning. type: str choices: [disable, enable] more...
- log_uuid_policy (Alias name: log-uuid-policy) Enable/disable insertion of policy uuids to traffic logs. type: str choices: [disable, enable] more...
- per_user_bwl (Alias name: per-user-bwl) Enable/disable per-user black/white list filter. type: str choices: [disable, enable] more...
- gui_fortisandbox_cloud (Alias name: gui-fortisandbox-cloud) Enable/disable displaying fortisandbox cloud on the gui. type: str choices: [disable, enable] more...
- fortitoken_cloud_service (Alias name: fortitoken-cloud-service) Fortitoken cloud service. type: str choices: [disable, enable] more...
- hw_switch_ether_filter (Alias name: hw-switch-ether-filter) Enable/disable hardware filter for certain ethernet packet types. type: str choices: [disable, enable] more...
- virtual_server_count (Alias name: virtual-server-count) Maximum number of virtual server processes to create. type: int more...
- endpoint_control_fds_access (Alias name: endpoint-control-fds-access) Endpoint control fds access. type: str choices: [disable, enable] more...
- proxy_cipher_hardware_acceleration (Alias name: proxy-cipher-hardware-acceleration) Enable/disable using content processor (cp8 or cp9) hardware acceleration to encrypt and decrypt ipsec and ssl traffic. type: str choices: [disable, enable] more...
- proxy_kxp_hardware_acceleration (Alias name: proxy-kxp-hardware-acceleration) Enable/disable using the content processor to accelerate kxp traffic. type: str choices: [disable, enable] more...
- virtual_server_hardware_acceleration (Alias name: virtual-server-hardware-acceleration) Enable/disable virtual server hardware acceleration. type: str choices: [disable, enable] more...
- user_history_password_threshold (Alias name: user-history-password-threshold) Maximum number of previous passwords saved per admin/user (3 - 15, default = 3). type: int more...
- delay_tcp_npu_session (Alias name: delay-tcp-npu-session) Enable tcp npu session delay to guarantee packet order of 3-way handshake. type: str choices: [disable, enable] more...
- auth_session_auto_backup_interval (Alias name: auth-session-auto-backup-interval) Configure automatic authentication session backup interval in minutes (default = 15). type: str choices: [1min, 5min, 15min, 30min, 1hr] more...
- ip_conflict_detection (Alias name: ip-conflict-detection) Enable/disable logging of ipv4 address conflict detection. type: str choices: [disable, enable] more...
- gtpu_dynamic_source_port (Alias name: gtpu-dynamic-source-port) Enable/disable gtp-u dynamic source port support. type: str choices: [disable, enable] more...
- ip_fragment_timeout (Alias name: ip-fragment-timeout) Timeout value in seconds for any fragment not being reassembled type: int more...
- ipv6_fragment_timeout (Alias name: ipv6-fragment-timeout) Timeout value in seconds for any ipv6 fragment not being reassembled type: int more...
- scim_server_cert (Alias name: scim-server-cert) Server certificate that the fortigate uses for scim connections. type: list more...
- scim_http_port (Alias name: scim-http-port) Scim http port (0 - 65535, default = 44558). type: int more...
- auth_session_auto_backup (Alias name: auth-session-auto-backup) Enable/disable automatic and periodic backup of authentication sessions (default = disable). type: str choices: [disable, enable] more...
- scim_https_port (Alias name: scim-https-port) Scim port (0 - 65535, default = 44559). type: int more...
- httpd_max_worker_count (Alias name: httpd-max-worker-count) Maximum number of simultaneous http requests that will be served. type: int more...
- rest_api_key_url_query (Alias name: rest-api-key-url-query) Enable/disable support for passing rest api keys through url query parameters. type: str choices: [disable, enable] more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure global attributes.
fortinet.fortimanager.fmgr_devprof_system_global:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
devprof: <your own value>
devprof_system_global:
admin_https_redirect: <value in [disable, enable]>
admin_port: <integer>
admin_scp: <value in [disable, enable]>
admin_sport: <integer>
admin_ssh_port: <integer>
admin_ssh_v1: <value in [disable, enable]>
admin_telnet_port: <integer>
admintimeout: <integer>
gui_ipv6: <value in [disable, enable]>
gui_lines_per_page: <integer>
gui_theme: <value in [blue, green, melongene, ...]>
language: <value in [english, simch, japanese, ...]>
switch_controller: <value in [disable, enable]>
gui_device_latitude: <string>
gui_device_longitude: <string>
hostname: <string>
timezone:
- "00"
- "01"
- "02"
- "03"
- "04"
- "05"
- "06"
- "07"
- "08"
- "09"
- "10"
- "11"
- "12"
- "13"
- "14"
- "15"
- "16"
- "17"
- "18"
- "19"
- "20"
- "21"
- "22"
- "23"
- "24"
- "25"
- "26"
- "27"
- "28"
- "29"
- "30"
- "31"
- "32"
- "33"
- "34"
- "35"
- "36"
- "37"
- "38"
- "39"
- "40"
- "41"
- "42"
- "43"
- "44"
- "45"
- "46"
- "47"
- "48"
- "49"
- "50"
- "51"
- "52"
- "53"
- "54"
- "55"
- "56"
- "57"
- "58"
- "59"
- "60"
- "61"
- "62"
- "63"
- "64"
- "65"
- "66"
- "67"
- "68"
- "69"
- "70"
- "71"
- "72"
- "73"
- "74"
- "75"
- "76"
- "77"
- "78"
- "79"
- "80"
- "81"
- "82"
- "83"
- "84"
- "85"
- "86"
- "87"
check_reset_range: <value in [disable, strict]>
pmtu_discovery: <value in [disable, enable]>
gui_allow_incompatible_fabric_fgt: <value in [disable, enable]>
admin_restrict_local: <value in [disable, enable, all, ...]>
gui_workflow_management: <value in [disable, enable]>
send_pmtu_icmp: <value in [disable, enable]>
tcp_halfclose_timer: <integer>
admin_server_cert: <list or string>
dnsproxy_worker_count: <integer>
show_backplane_intf: <value in [disable, enable]>
gui_custom_language: <value in [disable, enable]>
ldapconntimeout: <integer>
auth_https_port: <integer>
revision_backup_on_logout: <value in [disable, enable]>
arp_max_entry: <integer>
long_vdom_name: <value in [disable, enable]>
pre_login_banner: <value in [disable, enable]>
qsfpdd_split8_port: <list or string>
max_route_cache_size: <integer>
fortitoken_cloud_push_status: <value in [disable, enable]>
ssh_hostkey_override: <value in [disable, enable]>
proxy_hardware_acceleration: <value in [disable, enable]>
switch_controller_reserved_network: <list or string>
ssd_trim_date: <integer>
wad_worker_count: <integer>
ssh_hostkey: <string>
wireless_controller_port: <integer>
fgd_alert_subscription:
- "advisory"
- "latest-threat"
- "latest-virus"
- "latest-attack"
- "new-antivirus-db"
- "new-attack-db"
forticontroller_proxy_port: <integer>
dh_params: <value in [1024, 1536, 2048, ...]>
memory_use_threshold_green: <integer>
proxy_cert_use_mgmt_vdom: <value in [disable, enable]>
proxy_auth_lifetime_timeout: <integer>
gui_auto_upgrade_setup_warning: <value in [disable, enable]>
gui_cdn_usage: <value in [disable, enable]>
two_factor_email_expiry: <integer>
udp_idle_timer: <integer>
interface_subnet_usage: <value in [disable, enable]>
forticontroller_proxy: <value in [disable, enable]>
ssh_enc_algo:
- "chacha20-poly1305@openssh.com"
- "aes128-ctr"
- "aes192-ctr"
- "aes256-ctr"
- "arcfour256"
- "arcfour128"
- "aes128-cbc"
- "3des-cbc"
- "blowfish-cbc"
- "cast128-cbc"
- "aes192-cbc"
- "aes256-cbc"
- "arcfour"
- "rijndael-cbc@lysator.liu.se"
- "aes128-gcm@openssh.com"
- "aes256-gcm@openssh.com"
block_session_timer: <integer>
quic_pmtud: <value in [disable, enable]>
admin_https_ssl_ciphersuites:
- "TLS-AES-128-GCM-SHA256"
- "TLS-AES-256-GCM-SHA384"
- "TLS-CHACHA20-POLY1305-SHA256"
- "TLS-AES-128-CCM-SHA256"
- "TLS-AES-128-CCM-8-SHA256"
security_rating_result_submission: <value in [disable, enable]>
user_device_store_max_unified_mem: <integer>
management_port: <integer>
fortigslb_integration: <value in [disable, enable]>
admin_https_ssl_versions:
- "tlsv1-0"
- "tlsv1-1"
- "tlsv1-2"
- "sslv3"
- "tlsv1-3"
cert_chain_max: <integer>
qsfp28_40g_port: <list or string>
strong_crypto: <value in [disable, enable]>
multi_factor_authentication: <value in [optional, mandatory]>
fds_statistics: <value in [disable, enable]>
gui_display_hostname: <value in [disable, enable]>
two_factor_ftk_expiry: <integer>
wad_source_affinity: <value in [disable, enable]>
ssl_static_key_ciphers: <value in [disable, enable]>
daily_restart: <value in [disable, enable]>
snat_route_change: <value in [disable, enable]>
tcp_rst_timer: <integer>
anti_replay: <value in [disable, loose, strict]>
ssl_min_proto_version: <value in [TLSv1, TLSv1-1, TLSv1-2, ...]>
speedtestd_server_port: <integer>
cpu_use_threshold: <integer>
admin_host: <string>
csr_ca_attribute: <value in [disable, enable]>
fortiservice_port: <integer>
ssd_trim_hour: <integer>
purdue_level: <value in [1, 2, 3, ...]>
management_vdom: <list or string>
quic_ack_thresold: <integer>
qsfpdd_100g_port: <list or string>
ips_affinity: <string>
vip_arp_range: <value in [restricted, unlimited]>
internet_service_database: <value in [mini, standard, full, ...]>
revision_image_auto_backup: <value in [disable, enable]>
sflowd_max_children_num: <integer>
admin_https_pki_required: <value in [disable, enable]>
special_file_23_support: <value in [disable, enable]>
npu_neighbor_update: <value in [disable, enable]>
log_single_cpu_high: <value in [disable, enable]>
management_ip: <string>
proxy_resource_mode: <value in [disable, enable]>
admin_ble_button: <value in [disable, enable]>
gui_firmware_upgrade_warning: <value in [disable, enable]>
dp_tcp_normal_timer: <integer>
ipv6_allow_traffic_redirect: <value in [disable, enable]>
cli_audit_log: <value in [disable, enable]>
memory_use_threshold_extreme: <integer>
ha_affinity: <string>
restart_time: <string>
speedtestd_ctrl_port: <integer>
gui_wireless_opensecurity: <value in [disable, enable]>
memory_use_threshold_red: <integer>
dp_fragment_timer: <integer>
wad_restart_start_time: <string>
proxy_re_authentication_time: <integer>
gui_app_detection_sdwan: <value in [disable, enable]>
scanunit_count: <integer>
tftp: <value in [disable, enable]>
xstools_update_frequency: <integer>
clt_cert_req: <value in [disable, enable]>
fortiextender_vlan_mode: <value in [disable, enable]>
auth_http_port: <integer>
per_user_bal: <value in [disable, enable]>
gui_date_format: <value in [yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, ...]>
log_uuid_address: <value in [disable, enable]>
cloud_communication: <value in [disable, enable]>
lldp_reception: <value in [disable, enable]>
two_factor_ftm_expiry: <integer>
quic_udp_payload_size_shaping_per_cid: <value in [disable, enable]>
autorun_log_fsck: <value in [disable, enable]>
vpn_ems_sn_check: <value in [disable, enable]>
admin_ssh_password: <value in [disable, enable]>
airplane_mode: <value in [disable, enable]>
batch_cmdb: <value in [disable, enable]>
ip_src_port_range: <list or string>
strict_dirty_session_check: <value in [disable, enable]>
user_device_store_max_devices: <integer>
dp_udp_idle_timer: <integer>
internal_switch_speed:
- "auto"
- "10full"
- "10half"
- "100full"
- "100half"
- "1000full"
- "1000auto"
forticonverter_config_upload: <value in [disable, once]>
ipsec_round_robin: <value in [disable, enable]>
wad_affinity: <string>
wifi_ca_certificate: <list or string>
wimax_4g_usb: <value in [disable, enable]>
miglog_affinity: <string>
faz_disk_buffer_size: <integer>
ssh_kex_algo:
- "diffie-hellman-group1-sha1"
- "diffie-hellman-group14-sha1"
- "diffie-hellman-group-exchange-sha1"
- "diffie-hellman-group-exchange-sha256"
- "curve25519-sha256@libssh.org"
- "ecdh-sha2-nistp256"
- "ecdh-sha2-nistp384"
- "ecdh-sha2-nistp521"
- "diffie-hellman-group14-sha256"
- "diffie-hellman-group16-sha512"
- "diffie-hellman-group18-sha512"
auto_auth_extension_device: <value in [disable, enable]>
forticarrier_bypass: <value in [disable, enable]>
reset_sessionless_tcp: <value in [disable, enable]>
early_tcp_npu_session: <value in [disable, enable]>
http_unauthenticated_request_limit: <integer>
gui_local_out: <value in [disable, enable]>
tcp_option: <value in [disable, enable]>
proxy_auth_timeout: <integer>
fortiextender_discovery_lockdown: <value in [disable, enable]>
lldp_transmission: <value in [disable, enable]>
split_port: <list or string>
gui_certificates: <value in [disable, enable]>
cfg_save: <value in [automatic, manual, revert]>
auth_keepalive: <value in [disable, enable]>
split_port_mode:
-
interface: <string>
split_mode: <value in [disable, 4x10G, 4x25G, ...]>
admin_forticloud_sso_login: <value in [disable, enable]>
post_login_banner: <value in [disable, enable]>
br_fdb_max_entry: <integer>
ip_fragment_mem_thresholds: <integer>
fortiextender_provision_on_authorization: <value in [disable, enable]>
reboot_upon_config_restore: <value in [disable, enable]>
syslog_affinity: <string>
fortiextender_data_port: <integer>
quic_tls_handshake_timeout: <integer>
forticonverter_integration: <value in [disable, enable]>
proxy_keep_alive_mode: <value in [session, traffic, re-authentication]>
cmdbsvr_affinity: <string>
wad_memory_change_granularity: <integer>
dhcp_lease_backup_interval: <integer>
check_protocol_header: <value in [loose, strict]>
av_failopen_session: <value in [disable, enable]>
ipsec_ha_seqjump_rate: <integer>
admin_hsts_max_age: <integer>
igmp_state_limit: <integer>
admin_login_max: <integer>
ipv6_allow_multicast_probe: <value in [disable, enable]>
virtual_switch_vlan: <value in [disable, enable]>
admin_lockout_threshold: <integer>
dp_pinhole_timer: <integer>
wireless_controller: <value in [disable, enable]>
bfd_affinity: <string>
ssd_trim_freq: <value in [daily, weekly, monthly, ...]>
two_factor_sms_expiry: <integer>
traffic_priority: <value in [tos, dscp]>
proxy_and_explicit_proxy: <value in [disable, enable]>
sslvpn_web_mode: <value in [disable, enable]>
ssh_hostkey_password: <list or string>
wad_csvc_db_count: <integer>
ipv6_allow_anycast_probe: <value in [disable, enable]>
honor_df: <value in [disable, enable]>
hyper_scale_vdom_num: <integer>
wad_csvc_cs_count: <integer>
internal_switch_mode: <value in [switch, interface, hub]>
cfg_revert_timeout: <integer>
admin_concurrent: <value in [disable, enable]>
ipv6_allow_local_in_silent_drop: <value in [disable, enable]>
tcp_halfopen_timer: <integer>
dp_rsync_timer: <integer>
management_port_use_admin_sport: <value in [disable, enable]>
gui_forticare_registration_setup_warning: <value in [disable, enable]>
gui_replacement_message_groups: <value in [disable, enable]>
security_rating_run_on_schedule: <value in [disable, enable]>
admin_lockout_duration: <integer>
optimize_flow_mode: <value in [disable, enable]>
private_data_encryption: <value in [disable, enable]>
wireless_mode: <value in [ac, client, wtp, ...]>
alias: <string>
ssh_hostkey_algo:
- "ssh-rsa"
- "ecdsa-sha2-nistp521"
- "rsa-sha2-256"
- "rsa-sha2-512"
- "ssh-ed25519"
- "ecdsa-sha2-nistp384"
- "ecdsa-sha2-nistp256"
fortitoken_cloud: <value in [disable, enable]>
av_affinity: <string>
proxy_worker_count: <integer>
ipsec_asic_offload: <value in [disable, enable]>
miglogd_children: <integer>
sslvpn_max_worker_count: <integer>
ssh_mac_algo:
- "hmac-md5"
- "hmac-md5-etm@openssh.com"
- "hmac-md5-96"
- "hmac-md5-96-etm@openssh.com"
- "hmac-sha1"
- "hmac-sha1-etm@openssh.com"
- "hmac-sha2-256"
- "hmac-sha2-256-etm@openssh.com"
- "hmac-sha2-512"
- "hmac-sha2-512-etm@openssh.com"
- "hmac-ripemd160"
- "hmac-ripemd160@openssh.com"
- "hmac-ripemd160-etm@openssh.com"
- "umac-64@openssh.com"
- "umac-128@openssh.com"
- "umac-64-etm@openssh.com"
- "umac-128-etm@openssh.com"
url_filter_count: <integer>
wifi_certificate: <list or string>
radius_port: <integer>
sys_perf_log_interval: <integer>
gui_fortigate_cloud_sandbox: <value in [disable, enable]>
auth_cert: <list or string>
fortiextender: <value in [disable, enable]>
admin_reset_button: <value in [disable, enable]>
av_failopen: <value in [off, pass, one-shot, ...]>
user_device_store_max_users: <integer>
auth_session_limit: <value in [block-new, logout-inactive]>
ipv6_allow_local_in_slient_drop: <value in [disable, enable]>
quic_congestion_control_algo: <value in [cubic, bbr, bbr2, ...]>
auth_ike_saml_port: <integer>
wad_restart_end_time: <string>
http_request_limit: <integer>
irq_time_accounting: <value in [auto, force]>
remoteauthtimeout: <integer>
admin_https_ssl_banned_ciphers:
- "RSA"
- "DHE"
- "ECDHE"
- "DSS"
- "ECDSA"
- "AES"
- "AESGCM"
- "CAMELLIA"
- "3DES"
- "SHA1"
- "SHA256"
- "SHA384"
- "STATIC"
- "CHACHA20"
- "ARIA"
- "AESCCM"
allow_traffic_redirect: <value in [disable, enable]>
legacy_poe_device_support: <value in [disable, enable]>
wad_restart_mode: <value in [none, time, memory]>
fds_statistics_period: <integer>
admin_telnet: <value in [disable, enable]>
ipv6_accept_dad: <integer>
tcp_timewait_timer: <integer>
admin_console_timeout: <integer>
default_service_source_port: <string>
quic_max_datagram_size: <integer>
refresh: <integer>
extender_controller_reserved_network: <list or string>
url_filter_affinity: <string>
policy_auth_concurrent: <integer>
ipsec_hmac_offload: <value in [disable, enable]>
traffic_priority_level: <value in [high, medium, low]>
ipsec_qat_offload: <value in [disable, enable]>
ssd_trim_min: <integer>
gui_date_time_source: <value in [system, browser]>
log_ssl_connection: <value in [disable, enable]>
ndp_max_entry: <integer>
vdom_mode: <value in [no-vdom, multi-vdom, split-vdom]>
internet_service_download_list: <list or string>
fortitoken_cloud_sync_interval: <integer>
ssd_trim_weekday: <value in [sunday, monday, tuesday, ...]>
two_factor_fac_expiry: <integer>
gui_rest_api_cache: <value in [disable, enable]>
admin_forticloud_sso_default_profile: <list or string>
proxy_auth_lifetime: <value in [disable, enable]>
device_idle_timeout: <integer>
login_timestamp: <value in [disable, enable]>
speedtest_server: <value in [disable, enable]>
edit_vdom_prompt: <value in [disable, enable]>
gui_cdn_domain_override: <string>
admin_ssh_grace_time: <integer>
sslvpn_ems_sn_check: <value in [disable, enable]>
user_server_cert: <list or string>
gui_allow_default_hostname: <value in [disable, enable]>
proxy_re_authentication_mode: <value in [session, traffic, absolute]>
ipsec_soft_dec_async: <value in [disable, enable]>
admin_maintainer: <value in [disable, enable]>
dst: <value in [disable, enable]>
fec_port: <integer>
ssh_kex_sha1: <value in [disable, enable]>
ssh_mac_weak: <value in [disable, enable]>
sslvpn_cipher_hardware_acceleration: <value in [disable, enable]>
sys_file_check_interval: <integer>
ssh_hmac_md5: <value in [disable, enable]>
ssh_cbc_cipher: <value in [disable, enable]>
gui_fortiguard_resource_fetch: <value in [disable, enable]>
sslvpn_kxp_hardware_acceleration: <value in [disable, enable]>
sslvpn_plugin_version_check: <value in [disable, enable]>
fortiipam_integration: <value in [disable, enable]>
gui_firmware_upgrade_setup_warning: <value in [disable, enable]>
log_uuid_policy: <value in [disable, enable]>
per_user_bwl: <value in [disable, enable]>
gui_fortisandbox_cloud: <value in [disable, enable]>
fortitoken_cloud_service: <value in [disable, enable]>
hw_switch_ether_filter: <value in [disable, enable]>
virtual_server_count: <integer>
endpoint_control_fds_access: <value in [disable, enable]>
proxy_cipher_hardware_acceleration: <value in [disable, enable]>
proxy_kxp_hardware_acceleration: <value in [disable, enable]>
virtual_server_hardware_acceleration: <value in [disable, enable]>
user_history_password_threshold: <integer>
delay_tcp_npu_session: <value in [disable, enable]>
auth_session_auto_backup_interval: <value in [1min, 5min, 15min, ...]>
ip_conflict_detection: <value in [disable, enable]>
gtpu_dynamic_source_port: <value in [disable, enable]>
ip_fragment_timeout: <integer>
ipv6_fragment_timeout: <integer>
scim_server_cert: <list or string>
scim_http_port: <integer>
auth_session_auto_backup: <value in [disable, enable]>
scim_https_port: <integer>
httpd_max_worker_count: <integer>
rest_api_key_url_query: <value in [disable, enable]>
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.