fmgr_system_global – Global range attributes.
Added in version 1.0.0.
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
Argument name before 3.0.0:
var-name
,var name
,var.name
New argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiManager Version Compatibility
Supported Version Ranges: v6.0.0 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- system_global - Global range attributes. type: dict
- admin_lockout_duration (Alias name: admin-lockout-duration) Lockout duration(sec) for administration. type: int default: 60 more...
- admin_lockout_threshold (Alias name: admin-lockout-threshold) Lockout threshold for administration. type: int default: 3 more...
- adom_mode (Alias name: adom-mode) Adom mode. type: str choices: [normal, advanced] default: normal more...
- adom_rev_auto_delete (Alias name: adom-rev-auto-delete) Auto delete features for old adom revisions. type: str choices: [disable, by-revisions, by-days] default: by-revisions more...
- adom_rev_max_backup_revisions (Alias name: adom-rev-max-backup-revisions) Maximum number of adom revisions to backup. type: int default: 5 more...
- adom_rev_max_days (Alias name: adom-rev-max-days) Number of days to keep old adom revisions. type: int default: 30 more...
- adom_rev_max_revisions (Alias name: adom-rev-max-revisions) Maximum number of adom revisions to keep. type: int default: 120 more...
- adom_select (Alias name: adom-select) Enable/disable select adom after login. type: str choices: [disable, enable] default: enable more...
- adom_status (Alias name: adom-status) Adom status. type: str choices: [disable, enable] default: disable more...
- clt_cert_req (Alias name: clt-cert-req) Require client certificate for gui login. type: str choices: [disable, enable, optional] default: disable more...
- console_output (Alias name: console-output) Console output mode. type: str choices: [standard, more] default: standard more...
- country_flag (Alias name: country-flag) Country flag status. type: str choices: [disable, enable] default: enable more...
- create_revision (Alias name: create-revision) Enable/disable create revision by default. type: str choices: [disable, enable] default: disable more...
- daylightsavetime Enable/disable daylight saving time. type: str choices: [disable, enable] default: enable more...
- default_disk_quota (Alias name: default-disk-quota) Default disk quota for registered device (mb). type: int default: 1000 more...
- detect_unregistered_log_device (Alias name: detect-unregistered-log-device) Detect unregistered logging device from log message. type: str choices: [disable, enable] default: enable more...
- device_view_mode (Alias name: device-view-mode) Set devices/groups view mode. type: str choices: [regular, tree] default: regular more...
- dh_params (Alias name: dh-params) Minimum size of diffie-hellman prime for ssh/https (bits). type: str choices: [1024, 1536, 2048, 3072, 4096, 6144, 8192] default: 2048 more...
- disable_module (Alias name: disable-module) Disable module list. type: list choices: [fortiview-noc, none, fortirecorder, siem, soc, ai] more...
- enc_algorithm (Alias name: enc-algorithm) Ssl communication encryption algorithms. type: str choices: [low, medium, high, custom] default: high more...
- faz_status (Alias name: faz-status) Faz status. type: str choices: [disable, enable] default: disable more...
- fgfm_local_cert (Alias name: fgfm-local-cert) Set the fgfm local certificate. type: str more...
- fgfm_ssl_protocol (Alias name: fgfm-ssl-protocol) Set the lowest ssl protocols for fgfmsd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, follow-global-ssl-protocol] default: tlsv1.2 more...
- ha_member_auto_grouping (Alias name: ha-member-auto-grouping) Enable/disable automatically group ha members feature type: str choices: [disable, enable] default: enable more...
- hitcount_concurrent The number of fortigates that fortimanager polls at one time (10 - 500, default = 100). type: int default: 100 more...
- hitcount_interval The interval for getting hit count from managed fortigate devices, in seconds (60 - 86400, default = 300). type: int default: 300 more...
- hostname System hostname. type: str default: FMG-VM64 more...
- import_ignore_addr_cmt (Alias name: import-ignore-addr-cmt) Enable/disable import ignore of address comments. type: str choices: [disable, enable] default: disable more...
- language System global language. type: str choices: [english, simch, japanese, korean, spanish, trach] default: english more...
- latitude Fmg location latitude type: str more...
- ldap_cache_timeout (Alias name: ldap-cache-timeout) Ldap browser cache timeout (seconds). type: int default: 86400 more...
- ldapconntimeout Ldap connection timeout (msec). type: int default: 60000 more...
- lock_preempt (Alias name: lock-preempt) Enable/disable adom lock override. type: str choices: [disable, enable] default: disable more...
- log_checksum (Alias name: log-checksum) Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str choices: [none, md5, md5-auth] default: none more...
- log_forward_cache_size (Alias name: log-forward-cache-size) Log forwarding disk cache size (gb). type: int default: 0 more...
- longitude Fmg location longitude type: str more...
- max_log_forward (Alias name: max-log-forward) Maximum number of log-forward and aggregation settings. type: int default: 5 more...
- max_running_reports (Alias name: max-running-reports) Maximum number of reports generating at one time. type: int default: 1 more...
- oftp_ssl_protocol (Alias name: oftp-ssl-protocol) Set the lowest ssl protocols for oftpd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...
- partial_install (Alias name: partial-install) Enable/disable partial install (install some objects). type: str choices: [disable, enable] default: disable more...
- partial_install_force (Alias name: partial-install-force) Enable/disable partial install when devdb is modified. type: str choices: [disable, enable] default: disable more...
- partial_install_rev (Alias name: partial-install-rev) Enable/disable auto creating adom revision for partial install. type: str choices: [disable, enable] default: disable more...
- perform_improve_by_ha (Alias name: perform-improve-by-ha) Enable/disable performance improvement by distributing tasks to ha slaves. type: str choices: [disable, enable] default: disable more...
- policy_hit_count (Alias name: policy-hit-count) Show policy hit count. type: str choices: [disable, enable] default: disable more...
- policy_object_in_dual_pane (Alias name: policy-object-in-dual-pane) Show policies and objects in dual pane. type: str choices: [disable, enable] default: disable more...
- pre_login_banner (Alias name: pre-login-banner) Enable/disable pre-login banner. type: str choices: [disable, enable] default: disable more...
- pre_login_banner_message (Alias name: pre-login-banner-message) Pre-login banner message. type: str more...
- remoteauthtimeout Remote authentication (radius/ldap) timeout (sec). type: int default: 10 more...
- search_all_adoms (Alias name: search-all-adoms) Enable/disable search all adoms for where-used query. type: str choices: [disable, enable] default: disable more...
- ssl_low_encryption (Alias name: ssl-low-encryption) Ssl low-grade encryption. type: str choices: [disable, enable] default: disable more...
- ssl_protocol (Alias name: ssl-protocol) Ssl protocols. type: list choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3, tlsv1.3] more...
- ssl_static_key_ciphers (Alias name: ssl-static-key-ciphers) Enable/disable ssl static key ciphers. type: str choices: [disable, enable] default: enable more...
- task_list_size (Alias name: task-list-size) Maximum number of completed tasks to keep. type: int default: 2000 more...
- tftp Enable/disable tftp in `exec restore image` command (disabled by default in fips mode) type: str choices: [disable, enable] default: disable more...
- timezone Time zone. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91] default: 04 more...
- tunnel_mtu (Alias name: tunnel-mtu) Maximum transportation unit(68 - 9000). type: int default: 1500 more...
- usg Enable/disable fortiguard server restriction. type: str choices: [disable, enable] default: disable more...
- vdom_mirror (Alias name: vdom-mirror) Vdom mirror. type: str choices: [disable, enable] default: disable more...
- webservice_proto (Alias name: webservice-proto) Web service connection support ssl protocols. type: list choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2, tlsv1.3] more...
- workflow_max_sessions (Alias name: workflow-max-sessions) Maximum number of workflow sessions per adom (minimum 100). type: int default: 500 more...
- workspace_mode (Alias name: workspace-mode) Set workspace mode (adom locking). type: str choices: [disabled, normal, workflow, per-adom] default: disabled more...
- clone_name_option (Alias name: clone-name-option) Set the clone object names option. type: str choices: [default, keep] default: default more...
- fgfm_ca_cert (Alias name: fgfm-ca-cert) Set the extra fgfm ca certificates. type: str more...
- mc_policy_disabled_adoms (Alias name: mc-policy-disabled-adoms) Mc policy disabled adoms. type: list
more...
- adom_name (Alias name: adom-name) Adom names. type: str more...
- policy_object_icon (Alias name: policy-object-icon) Show icons of policy objects. type: str choices: [disable, enable] default: disable more...
- private_data_encryption (Alias name: private-data-encryption) Enable/disable private data encryption using an aes 128-bit key. type: str choices: [disable, enable] default: disable more...
- per_policy_lock (Alias name: per-policy-lock) Enable/disable per policy lock. type: str choices: [disable, enable] default: disable more...
- multiple_steps_upgrade_in_autolink (Alias name: multiple-steps-upgrade-in-autolink) Enable/disable multiple steps upgade in autolink process type: str choices: [disable, enable] default: disable more...
- object_revision_db_max (Alias name: object-revision-db-max) Maximum revisions for a single database (10,000-1,000,000 default 100,000). type: int default: 100000 more...
- object_revision_mandatory_note (Alias name: object-revision-mandatory-note) Enable/disable mandatory note when create revision. type: str choices: [disable, enable] default: enable more...
- object_revision_object_max (Alias name: object-revision-object-max) Maximum revisions for a single object (10-1000 default 100). type: int default: 100 more...
- object_revision_status (Alias name: object-revision-status) Enable/disable create revision when modify objects. type: str choices: [disable, enable] default: enable more...
- normalized_intf_zone_only (Alias name: normalized-intf-zone-only) Allow normalized interface to be zone only. type: str choices: [disable, enable] default: disable more...
- ssl_cipher_suites (Alias name: ssl-cipher-suites) Ssl cipher suites. type: list more...
- gui_curl_timeout (Alias name: gui-curl-timeout) Gui curl timeout in seconds (5-300 default 30). type: int default: 30 more...
- fgfm_cert_exclusive (Alias name: fgfm-cert-exclusive) Set if the local or ca certificates should be used exclusively. type: str choices: [disable, enable] default: disable more...
- fgfm_deny_unknown (Alias name: fgfm-deny-unknown) Set if allow devices with unknown sn actively register as an unauthorized device. type: str choices: [disable, enable] default: disable more...
- fgfm_peercert_withoutsn (Alias name: fgfm-peercert-withoutsn) Set if the subject cn or san of peers ssl certificate sent in fgfm should include the serial number of the device. type: str choices: [disable, enable] default: disable more...
- table_entry_blink (Alias name: table-entry-blink) Enable/disable table entry blink in gui type: str choices: [disable, enable] default: enable more...
- contentpack_fgt_install (Alias name: contentpack-fgt-install) Enable/disable outbreak alert auto install for fgt adoms . type: str choices: [disable, enable] default: disable more...
- gui_polling_interval (Alias name: gui-polling-interval) Gui polling interval in seconds (1-288000 default 5). type: int default: 5 more...
- no_copy_permission_check (Alias name: no-copy-permission-check) Do not perform permission check to block object changes in different adom during copy and install. type: str choices: [disable, enable] default: enable more...
- ssh_enc_algo (Alias name: ssh-enc-algo) Select one or more ssh ciphers. type: list choices: [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com] more...
- ssh_hostkey_algo (Alias name: ssh-hostkey-algo) Select one or more ssh hostkey algorithms. type: list choices: [ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519] more...
- ssh_kex_algo (Alias name: ssh-kex-algo) Select one or more ssh kex algorithms. type: list choices: [diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521] more...
- ssh_mac_algo (Alias name: ssh-mac-algo) Select one or more ssh mac algorithms. type: list choices: [hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com] more...
- ssh_strong_crypto (Alias name: ssh-strong-crypto) Only allow strong ciphers for ssh when enabled. type: str choices: [disable, enable] default: enable more...
- admin_lockout_method (Alias name: admin-lockout-method) Lockout method for administration. type: str choices: [ip, user] default: ip more...
- workspace_unlock_after_install (Alias name: workspace-unlock-after-install) Enable/disable adom auto-unlock after device installation. type: str choices: [disable, enable] default: disable more...
- log_checksum_upload (Alias name: log-checksum-upload) Enable/disable upload log checksum with log files. type: str choices: [disable, enable] default: disable more...
- apache_mode (Alias name: apache-mode) Set apache mode. type: str choices: [event, prefork] default: event more...
- no_vip_value_check (Alias name: no-vip-value-check) Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy type: str choices: [disable, enable] default: disable more...
- fortiservice_port (Alias name: fortiservice-port) Fortiservice port (1 - 65535, default = 8013). type: int default: 8013 more...
- management_ip (Alias name: management-ip) Management ip address of this fortigate. type: str more...
- management_port (Alias name: management-port) Overriding port for management connection (overrides admin port). type: int default: 443 more...
- save_last_hit_in_adomdb (Alias name: save-last-hit-in-adomdb) Enable/disable save last-hit value in adomdb. type: str choices: [disable, enable] default: disable more...
- api_ip_binding (Alias name: api-ip-binding) Enable/disable source ip check for json api request. type: str choices: [disable, enable] default: enable more...
- admin_host (Alias name: admin-host) Administrative host for http and https. type: str more...
- admin_ssh_grace_time (Alias name: admin-ssh-grace-time) Maximum time in seconds permitted between making an ssh connection to the fortimanager unit and authenticating (10 - 3600 sec (1 hour), default 120). type: int default: 120 more...
- fabric_storage_pool_quota (Alias name: fabric-storage-pool-quota) Disk quota for fabric (mb). type: int default: 0 more...
- fabric_storage_pool_size (Alias name: fabric-storage-pool-size) Max storage pooll size type: int default: 20 more...
- fcp_cfg_service (Alias name: fcp-cfg-service) Enable/disable fcp service processing configuration requests type: str choices: [disable, enable] default: disable more...
- jsonapi_log (Alias name: jsonapi-log) Enable jsonapi log. type: str choices: [disable, request, response, all] default: disable more...
- global_ssl_protocol (Alias name: global-ssl-protocol) Set the lowest ssl protocol version for all ssl connections. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...
- httpd_ssl_protocol (Alias name: httpd-ssl-protocol) Set ssl protocols for apache daemon (httpd) type: list choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] more...
- mapclient_ssl_protocol (Alias name: mapclient-ssl-protocol) Set the lowest ssl protocol version for connection to mapserver. type: str choices: [follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: follow-global-ssl-protocol more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Enable workspace mode
fortinet.fortimanager.fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: normal
- name: Script table.
fortinet.fortimanager.fmgr_dvmdb_script:
bypass_validation: false
adom: root
state: present
workspace_locking_adom: "root"
dvmdb_script:
content: "ansiblt-test"
name: "fooscript000"
target: device_database
type: cli
- name: Verify script table
fortinet.fortimanager.fmgr_fact:
facts:
selector: "dvmdb_script"
params:
adom: "root"
script: "fooscript000"
register: info
failed_when: info.meta.response_code != 0
- name: Restore workspace mode
fortinet.fortimanager.fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: disabled
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.