fmgr_vap_dynamicmapping – Configure Virtual Access Points (VAPs).
Added in version 2.0.0.
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
Argument name before 3.0.0:
var-name
,var name
,var.name
New argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiManager Version Compatibility
Supported Version Ranges: v6.0.0 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- vap - The parameter in requested url type: str required: true
- vap_dynamicmapping - Configure Virtual Access Points type: dict
- _centmgmt Centmgmt. type: str choices: [disable, enable] default: disable more...
- _dhcp_svr_id Dhcp svr id. type: str more...
- _intf_allowaccess Intf allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- _intf_device_identification (Alias name: _intf_device-identification) Intf device identification. type: str choices: [disable, enable] default: disable more...
- _intf_device_netscan (Alias name: _intf_device-netscan) Intf device netscan. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_ip (Alias name: _intf_dhcp-relay-ip) Intf dhcp relay ip. type: list more...
- _intf_dhcp_relay_service (Alias name: _intf_dhcp-relay-service) Intf dhcp relay service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_type (Alias name: _intf_dhcp-relay-type) Intf dhcp relay type. type: str choices: [regular, ipsec] default: regular more...
- _intf_dhcp6_relay_ip (Alias name: _intf_dhcp6-relay-ip) Intf dhcp6 relay ip. type: str more...
- _intf_dhcp6_relay_service (Alias name: _intf_dhcp6-relay-service) Intf dhcp6 relay service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp6_relay_type (Alias name: _intf_dhcp6-relay-type) Intf dhcp6 relay type. type: str choices: [regular] default: regular more...
- _intf_ip Intf ip. type: str more...
- _intf_ip6_address (Alias name: _intf_ip6-address) Intf ip6 address. type: str more...
- _intf_ip6_allowaccess (Alias name: _intf_ip6-allowaccess) Intf ip6 allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
- _intf_listen_forticlient_connection (Alias name: _intf_listen-forticlient-connection) Intf listen forticlient connection. type: str choices: [disable, enable] default: disable more...
- _scope Scope. type: list more...
- acct_interim_interval (Alias name: acct-interim-interval) Acct interim interval. type: int more...
- address_group (Alias name: address-group) Address group. type: str more...
- alias Alias. type: str more...
- atf_weight (Alias name: atf-weight) Atf weight. type: int more...
- auth Auth. type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
- broadcast_ssid (Alias name: broadcast-ssid) Broadcast ssid. type: str choices: [disable, enable] more...
- broadcast_suppression (Alias name: broadcast-suppression) Broadcast suppression. type: list choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
- captive_portal_ac_name (Alias name: captive-portal-ac-name) Captive portal ac name. type: str more...
- captive_portal_macauth_radius_secret (Alias name: captive-portal-macauth-radius-secret) Captive portal macauth radius secret. type: list more...
- captive_portal_macauth_radius_server (Alias name: captive-portal-macauth-radius-server) Captive portal macauth radius server. type: str more...
- captive_portal_radius_secret (Alias name: captive-portal-radius-secret) Captive portal radius secret. type: list more...
- captive_portal_radius_server (Alias name: captive-portal-radius-server) Captive portal radius server. type: str more...
- captive_portal_session_timeout_interval (Alias name: captive-portal-session-timeout-interval) Captive portal session timeout interval. type: int more...
- client_count (Alias name: client-count) Client count. type: int more...
- dhcp_lease_time (Alias name: dhcp-lease-time) Dhcp lease time. type: int more...
- dhcp_option82_circuit_id_insertion (Alias name: dhcp-option82-circuit-id-insertion) Dhcp option82 circuit id insertion. type: str choices: [disable, style-1, style-2, style-3] more...
- dhcp_option82_insertion (Alias name: dhcp-option82-insertion) Dhcp option82 insertion. type: str choices: [disable, enable] more...
- dhcp_option82_remote_id_insertion (Alias name: dhcp-option82-remote-id-insertion) Dhcp option82 remote id insertion. type: str choices: [disable, style-1] more...
- dynamic_vlan (Alias name: dynamic-vlan) Dynamic vlan. type: str choices: [disable, enable] more...
- eap_reauth (Alias name: eap-reauth) Eap reauth. type: str choices: [disable, enable] more...
- eap_reauth_intv (Alias name: eap-reauth-intv) Eap reauth intv. type: int more...
- eapol_key_retries (Alias name: eapol-key-retries) Eapol key retries. type: str choices: [disable, enable] more...
- encrypt Encrypt. type: str choices: [TKIP, AES, TKIP-AES] more...
- external_fast_roaming (Alias name: external-fast-roaming) External fast roaming. type: str choices: [disable, enable] more...
- external_logout (Alias name: external-logout) External logout. type: str more...
- external_web (Alias name: external-web) External web. type: str more...
- fast_bss_transition (Alias name: fast-bss-transition) Fast bss transition. type: str choices: [disable, enable] more...
- fast_roaming (Alias name: fast-roaming) Fast roaming. type: str choices: [disable, enable] more...
- ft_mobility_domain (Alias name: ft-mobility-domain) Ft mobility domain. type: int more...
- ft_over_ds (Alias name: ft-over-ds) Ft over ds. type: str choices: [disable, enable] more...
- ft_r0_key_lifetime (Alias name: ft-r0-key-lifetime) Ft r0 key lifetime. type: int more...
- gtk_rekey (Alias name: gtk-rekey) Gtk rekey. type: str choices: [disable, enable] more...
- gtk_rekey_intv (Alias name: gtk-rekey-intv) Gtk rekey intv. type: int more...
- hotspot20_profile (Alias name: hotspot20-profile) Hotspot20 profile. type: str more...
- intra_vap_privacy (Alias name: intra-vap-privacy) Intra vap privacy. type: str choices: [disable, enable] more...
- ip Ip. type: str more...
- key Key. type: list more...
- keyindex Keyindex. type: int more...
- ldpc Ldpc. type: str choices: [disable, tx, rx, rxtx] more...
- local_authentication (Alias name: local-authentication) Local authentication. type: str choices: [disable, enable] more...
- local_bridging (Alias name: local-bridging) Local bridging. type: str choices: [disable, enable] more...
- local_lan (Alias name: local-lan) Local lan. type: str choices: [deny, allow] more...
- local_standalone (Alias name: local-standalone) Local standalone. type: str choices: [disable, enable] more...
- local_standalone_nat (Alias name: local-standalone-nat) Local standalone nat. type: str choices: [disable, enable] more...
- local_switching (Alias name: local-switching) Local switching. type: str choices: [disable, enable] more...
- mac_auth_bypass (Alias name: mac-auth-bypass) Mac auth bypass. type: str choices: [disable, enable] more...
- mac_filter (Alias name: mac-filter) Mac filter. type: str choices: [disable, enable] more...
- mac_filter_policy_other (Alias name: mac-filter-policy-other) Mac filter policy other. type: str choices: [deny, allow] more...
- max_clients (Alias name: max-clients) Max clients. type: int more...
- max_clients_ap (Alias name: max-clients-ap) Max clients ap. type: int more...
- me_disable_thresh (Alias name: me-disable-thresh) Me disable thresh. type: int more...
- mesh_backhaul (Alias name: mesh-backhaul) Mesh backhaul. type: str choices: [disable, enable] more...
- mpsk Mpsk. type: str choices: [disable, enable] more...
- mpsk_concurrent_clients (Alias name: mpsk-concurrent-clients) Mpsk concurrent clients. type: int more...
- multicast_enhance (Alias name: multicast-enhance) Multicast enhance. type: str choices: [disable, enable] more...
- multicast_rate (Alias name: multicast-rate) Multicast rate. type: str choices: [0, 6000, 12000, 24000] more...
- okc Okc. type: str choices: [disable, enable] more...
- owe_groups (Alias name: owe-groups) Owe groups. type: list choices: [19, 20, 21] more...
- owe_transition (Alias name: owe-transition) Owe transition. type: str choices: [disable, enable] more...
- owe_transition_ssid (Alias name: owe-transition-ssid) Owe transition ssid. type: str more...
- passphrase Passphrase. type: list more...
- pmf Pmf. type: str choices: [disable, enable, optional] more...
- pmf_assoc_comeback_timeout (Alias name: pmf-assoc-comeback-timeout) Pmf assoc comeback timeout. type: int more...
- pmf_sa_query_retry_timeout (Alias name: pmf-sa-query-retry-timeout) Pmf sa query retry timeout. type: int more...
- portal_message_override_group (Alias name: portal-message-override-group) Portal message override group. type: str more...
- portal_type (Alias name: portal-type) Portal type. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
- probe_resp_suppression (Alias name: probe-resp-suppression) Probe resp suppression. type: str choices: [disable, enable] more...
- probe_resp_threshold (Alias name: probe-resp-threshold) Probe resp threshold. type: str more...
- ptk_rekey (Alias name: ptk-rekey) Ptk rekey. type: str choices: [disable, enable] more...
- ptk_rekey_intv (Alias name: ptk-rekey-intv) Ptk rekey intv. type: int more...
- qos_profile (Alias name: qos-profile) Qos profile. type: str more...
- quarantine Quarantine. type: str choices: [disable, enable] more...
- radio_2g_threshold (Alias name: radio-2g-threshold) Radio 2g threshold. type: str more...
- radio_5g_threshold (Alias name: radio-5g-threshold) Radio 5g threshold. type: str more...
- radio_sensitivity (Alias name: radio-sensitivity) Radio sensitivity. type: str choices: [disable, enable] more...
- radius_mac_auth (Alias name: radius-mac-auth) Radius mac auth. type: str choices: [disable, enable] more...
- radius_mac_auth_server (Alias name: radius-mac-auth-server) Radius mac auth server. type: str more...
- radius_mac_auth_usergroups (Alias name: radius-mac-auth-usergroups) Radius mac auth usergroups. type: list more...
- radius_server (Alias name: radius-server) Radius server. type: str more...
- rates_11a (Alias name: rates-11a) Rates 11a. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11ac_ss12 (Alias name: rates-11ac-ss12) Rates 11ac ss12. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
- rates_11ac_ss34 (Alias name: rates-11ac-ss34) Rates 11ac ss34. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
- rates_11bg (Alias name: rates-11bg) Rates 11bg. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11n_ss12 (Alias name: rates-11n-ss12) Rates 11n ss12. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
- rates_11n_ss34 (Alias name: rates-11n-ss34) Rates 11n ss34. type: list choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
- sae_groups (Alias name: sae-groups) Sae groups. type: list choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
- sae_password (Alias name: sae-password) Sae password. type: list more...
- schedule Schedule. type: list or str more...
- security Security. type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
- security_exempt_list (Alias name: security-exempt-list) Security exempt list. type: str more...
- security_obsolete_option (Alias name: security-obsolete-option) Security obsolete option. type: str choices: [disable, enable] more...
- security_redirect_url (Alias name: security-redirect-url) Security redirect url. type: str more...
- selected_usergroups (Alias name: selected-usergroups) Selected usergroups. type: list or str more...
- split_tunneling (Alias name: split-tunneling) Split tunneling. type: str choices: [disable, enable] more...
- ssid Ssid. type: str more...
- tkip_counter_measure (Alias name: tkip-counter-measure) Tkip counter measure. type: str choices: [disable, enable] more...
- usergroup Usergroup. type: list or str more...
- utm_profile (Alias name: utm-profile) Utm profile. type: str more...
- vdom Vdom. type: list or str more...
- vlan_auto (Alias name: vlan-auto) Vlan auto. type: str choices: [disable, enable] more...
- vlan_pooling (Alias name: vlan-pooling) Vlan pooling. type: str choices: [wtp-group, round-robin, hash, disable] more...
- vlanid Vlanid. type: int more...
- voice_enterprise (Alias name: voice-enterprise) Voice enterprise. type: str choices: [disable, enable] more...
- mu_mimo (Alias name: mu-mimo) Mu mimo. type: str choices: [disable, enable] more...
- _intf_device_access_list (Alias name: _intf_device-access-list) Intf device access list. type: str more...
- external_web_format (Alias name: external-web-format) External web format. type: str choices: [auto-detect, no-query-string, partial-query-string] more...
- high_efficiency (Alias name: high-efficiency) High efficiency. type: str choices: [disable, enable] more...
- primary_wag_profile (Alias name: primary-wag-profile) Primary wag profile. type: str more...
- secondary_wag_profile (Alias name: secondary-wag-profile) Secondary wag profile. type: str more...
- target_wake_time (Alias name: target-wake-time) Target wake time. type: str choices: [disable, enable] more...
- tunnel_echo_interval (Alias name: tunnel-echo-interval) Tunnel echo interval. type: int more...
- tunnel_fallback_interval (Alias name: tunnel-fallback-interval) Tunnel fallback interval. type: int more...
- access_control_list (Alias name: access-control-list) Access control list. type: str more...
- captive_portal_auth_timeout (Alias name: captive-portal-auth-timeout) Captive portal auth timeout. type: int more...
- ipv6_rules (Alias name: ipv6-rules) Ipv6 rules. type: list choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
- sticky_client_remove (Alias name: sticky-client-remove) Sticky client remove. type: str choices: [disable, enable] more...
- sticky_client_threshold_2g (Alias name: sticky-client-threshold-2g) Sticky client threshold 2g. type: str more...
- sticky_client_threshold_5g (Alias name: sticky-client-threshold-5g) Sticky client threshold 5g. type: str more...
- bss_color_partial (Alias name: bss-color-partial) Bss color partial. type: str choices: [disable, enable] more...
- dhcp_option43_insertion (Alias name: dhcp-option43-insertion) Dhcp option43 insertion. type: str choices: [disable, enable] more...
- mpsk_profile (Alias name: mpsk-profile) Mpsk profile. type: str more...
- igmp_snooping (Alias name: igmp-snooping) Enable/disable igmp snooping. type: str choices: [disable, enable] more...
- port_macauth (Alias name: port-macauth) Enable/disable lan port mac authentication (default = disable). type: str choices: [disable, radius, address-group] more...
- port_macauth_reauth_timeout (Alias name: port-macauth-reauth-timeout) Lan port mac authentication re-authentication timeout value (default = 7200 sec). type: int more...
- port_macauth_timeout (Alias name: port-macauth-timeout) Lan port mac authentication idle timeout value (default = 600 sec). type: int more...
- additional_akms (Alias name: additional-akms) Additional akms. type: list choices: [akm6, akm24] more...
- bstm_disassociation_imminent (Alias name: bstm-disassociation-imminent) Enable/disable forcing of disassociation after the bstm request timer has been reached (default = enable). type: str choices: [disable, enable] more...
- bstm_load_balancing_disassoc_timer (Alias name: bstm-load-balancing-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to ap load-balancing (0 to 30, default = 10). type: int more...
- bstm_rssi_disassoc_timer (Alias name: bstm-rssi-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to low rssi (0 to 2000, default = 200). type: int more...
- dhcp_address_enforcement (Alias name: dhcp-address-enforcement) Enable/disable dhcp address enforcement (default = disable). type: str choices: [disable, enable] more...
- gas_comeback_delay (Alias name: gas-comeback-delay) Gas comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
- gas_fragmentation_limit (Alias name: gas-fragmentation-limit) Gas fragmentation limit (512 - 4096, default = 1024). type: int more...
- mac_called_station_delimiter (Alias name: mac-called-station-delimiter) Mac called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_calling_station_delimiter (Alias name: mac-calling-station-delimiter) Mac calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_case (Alias name: mac-case) Mac case (default = uppercase). type: str choices: [uppercase, lowercase] more...
- mac_password_delimiter (Alias name: mac-password-delimiter) Mac authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_username_delimiter (Alias name: mac-username-delimiter) Mac authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mbo Enable/disable multiband operation (default = disable). type: str choices: [disable, enable] more...
- mbo_cell_data_conn_pref (Alias name: mbo-cell-data-conn-pref) Mbo cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
- nac Enable/disable network access control. type: str choices: [disable, enable] more...
- nac_profile (Alias name: nac-profile) Nac profile name. type: str more...
- neighbor_report_dual_band (Alias name: neighbor-report-dual-band) Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
- address_group_policy (Alias name: address-group-policy) Configure mac address filtering policy for mac addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
- antivirus_profile (Alias name: antivirus-profile) Antivirus profile name. type: str more...
- application_detection_engine (Alias name: application-detection-engine) Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
- application_list (Alias name: application-list) Application control list name. type: str more...
- application_report_intv (Alias name: application-report-intv) Application report interval (30 - 864000 sec, default = 120). type: int more...
- auth_cert (Alias name: auth-cert) Https server certificate. type: str more...
- auth_portal_addr (Alias name: auth-portal-addr) Address of captive portal. type: str more...
- beacon_advertising (Alias name: beacon-advertising) Fortinet beacon advertising ie data (default = empty). type: list choices: [name, model, serial-number] more...
- ips_sensor (Alias name: ips-sensor) Ips sensor name. type: str more...
- l3_roaming (Alias name: l3-roaming) Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
- local_standalone_dns (Alias name: local-standalone-dns) Enable/disable ap local standalone dns. type: str choices: [disable, enable] more...
- local_standalone_dns_ip (Alias name: local-standalone-dns-ip) Ipv4 addresses for the local standalone dns. type: list more...
- osen Enable/disable osen as part of key management (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_auth (Alias name: radius-mac-mpsk-auth) Enable/disable radius-based mac authentication of clients for mpsk authentication (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_timeout (Alias name: radius-mac-mpsk-timeout) Radius mac mpsk cache timeout interval (1800 - 864000, default = 86400). type: int more...
- rates_11ax_ss12 (Alias name: rates-11ax-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
- rates_11ax_ss34 (Alias name: rates-11ax-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
- scan_botnet_connections (Alias name: scan-botnet-connections) Block or monitor connections to botnet servers or disable botnet scanning. type: str choices: [disable, block, monitor] more...
- utm_log (Alias name: utm-log) Enable/disable utm logging. type: str choices: [disable, enable] more...
- utm_status (Alias name: utm-status) Enable to add one or more security profiles (av, ips, etc. type: str choices: [disable, enable] more...
- webfilter_profile (Alias name: webfilter-profile) Webfilter profile name. type: str more...
- sae_h2e_only (Alias name: sae-h2e-only) Use hash-to-element-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
- sae_pk (Alias name: sae-pk) Enable/disable wpa3 sae-pk (default = disable). type: str choices: [disable, enable] more...
- sae_private_key (Alias name: sae-private-key) Private key used for wpa3 sae-pk authentication. type: str more...
- sticky_client_threshold_6g (Alias name: sticky-client-threshold-6g) Minimum signal level/threshold in dbm required for the 6g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
- application_dscp_marking (Alias name: application-dscp-marking) Enable/disable application attribute based dscp marking (default = disable). type: str choices: [disable, enable] more...
- l3_roaming_mode (Alias name: l3-roaming-mode) Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
- rates_11ac_mcs_map (Alias name: rates-11ac-mcs-map) Comma separated list of max supported vht mcs for spatial streams 1 through 8. type: str more...
- rates_11ax_mcs_map (Alias name: rates-11ax-mcs-map) Comma separated list of max supported he mcs for spatial streams 1 through 8. type: str more...
- captive_portal_fw_accounting (Alias name: captive-portal-fw-accounting) Enable/disable radius accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
- radius_mac_auth_block_interval (Alias name: radius-mac-auth-block-interval) Dont send radius mac auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
- _is_factory_setting Is factory setting. type: str choices: [disable, enable, ext] default: disable more...
- d80211k (Alias name: 80211k) Enable/disable 802. type: str choices: [disable, enable] more...
- d80211v (Alias name: 80211v) Enable/disable 802. type: str choices: [disable, enable] more...
- roaming_acct_interim_update (Alias name: roaming-acct-interim-update) Enable/disable using accounting interim update instead of accounting start/stop on roaming for wpa-enterprise security. type: str choices: [disable, enable] more...
- sae_hnp_only (Alias name: sae-hnp-only) Use hunting-and-pecking-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
- akm24_only (Alias name: akm24-only) Wpa3 sae using group-dependent hash only (default = disable). type: str choices: [disable, enable] more...
- beacon_protection (Alias name: beacon-protection) Enable/disable beacon protection support (default = disable). type: str choices: [disable, enable] more...
- captive_portal (Alias name: captive-portal) Enable/disable captive portal. type: str choices: [disable, enable] more...
- nas_filter_rule (Alias name: nas-filter-rule) Enable/disable nas filter rule support (default = disable). type: str choices: [disable, enable] more...
- rates_11be_mcs_map (Alias name: rates-11be-mcs-map) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 20mhz/40mhz/80mhz bandwidth. type: str more...
- rates_11be_mcs_map_160 (Alias name: rates-11be-mcs-map-160) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 160mhz bandwidth. type: str more...
- rates_11be_mcs_map_320 (Alias name: rates-11be-mcs-map-320) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 320mhz bandwidth. type: str more...
- _intf_ip_managed_by_fortiipam (Alias name: _intf_ip-managed-by-fortiipam) Intf ip managed by fortiipam. type: str choices: [disable, enable, inherit-global] more...
- _intf_managed_subnetwork_size (Alias name: _intf_managed-subnetwork-size) Intf managed subnetwork size. type: str choices: [32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536] default: 256 more...
- domain_name_stripping (Alias name: domain-name-stripping) Enable/disable stripping domain name from identity (default = disable). type: str choices: [disable, enable] more...
- local_lan_partition (Alias name: local-lan-partition) Enable/disable segregating client traffic to local lan side (default = disable). type: str choices: [disable, enable] more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fortinet.fortimanager.fmgr_vap_dynamicmapping:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
vap: <your own value>
state: present # <value in [present, absent]>
vap_dynamicmapping:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "auto-ipsec"
- "radius-acct"
- "probe-response"
- "capwap"
- "dnp"
- "ftm"
- "fabric"
- "speed-test"
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "any"
- "fgfm"
- "capwap"
_intf_listen_forticlient_connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct_interim_interval: <integer>
address_group: <string>
alias: <string>
atf_weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- "dhcp"
- "arp"
- "dhcp2"
- "arp2"
- "netbios-ns"
- "netbios-ds"
- "arp3"
- "dhcp-up"
- "dhcp-down"
- "arp-known"
- "arp-unknown"
- "arp-reply"
- "ipv6"
- "dhcp-starvation"
- "arp-poison"
- "all-other-mc"
- "all-other-bc"
- "arp-proxy"
- "dhcp-ucast"
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
client_count: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
local_switching: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe_groups:
- "19"
- "20"
- "21"
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- "1"
- "1-basic"
- "2"
- "2-basic"
- "5.5"
- "5.5-basic"
- "6"
- "6-basic"
- "9"
- "9-basic"
- "12"
- "12-basic"
- "18"
- "18-basic"
- "24"
- "24-basic"
- "36"
- "36-basic"
- "48"
- "48-basic"
- "54"
- "54-basic"
- "11"
- "11-basic"
rates_11ac_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/1"
- "mcs9/1"
- "mcs0/2"
- "mcs1/2"
- "mcs2/2"
- "mcs3/2"
- "mcs4/2"
- "mcs5/2"
- "mcs6/2"
- "mcs7/2"
- "mcs8/2"
- "mcs9/2"
- "mcs10/1"
- "mcs11/1"
- "mcs10/2"
- "mcs11/2"
rates_11ac_ss34:
- "mcs0/3"
- "mcs1/3"
- "mcs2/3"
- "mcs3/3"
- "mcs4/3"
- "mcs5/3"
- "mcs6/3"
- "mcs7/3"
- "mcs8/3"
- "mcs9/3"
- "mcs0/4"
- "mcs1/4"
- "mcs2/4"
- "mcs3/4"
- "mcs4/4"
- "mcs5/4"
- "mcs6/4"
- "mcs7/4"
- "mcs8/4"
- "mcs9/4"
- "mcs10/3"
- "mcs11/3"
- "mcs10/4"
- "mcs11/4"
rates_11bg:
- "1"
- "1-basic"
- "2"
- "2-basic"
- "5.5"
- "5.5-basic"
- "6"
- "6-basic"
- "9"
- "9-basic"
- "12"
- "12-basic"
- "18"
- "18-basic"
- "24"
- "24-basic"
- "36"
- "36-basic"
- "48"
- "48-basic"
- "54"
- "54-basic"
- "11"
- "11-basic"
rates_11n_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/2"
- "mcs9/2"
- "mcs10/2"
- "mcs11/2"
- "mcs12/2"
- "mcs13/2"
- "mcs14/2"
- "mcs15/2"
rates_11n_ss34:
- "mcs16/3"
- "mcs17/3"
- "mcs18/3"
- "mcs19/3"
- "mcs20/3"
- "mcs21/3"
- "mcs22/3"
- "mcs23/3"
- "mcs24/4"
- "mcs25/4"
- "mcs26/4"
- "mcs27/4"
- "mcs28/4"
- "mcs29/4"
- "mcs30/4"
- "mcs31/4"
sae_groups:
- "1"
- "2"
- "5"
- "14"
- "15"
- "16"
- "17"
- "18"
- "19"
- "20"
- "21"
- "27"
- "28"
- "29"
- "30"
- "31"
sae_password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <list or string>
vlan_auto: <value in [disable, enable]>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
mu_mimo: <value in [disable, enable]>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- "drop-icmp6ra"
- "drop-icmp6rs"
- "drop-llmnr6"
- "drop-icmp6mld2"
- "drop-dhcp6s"
- "drop-dhcp6c"
- "ndp-proxy"
- "drop-ns-dad"
- "drop-ns-nondad"
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
additional_akms:
- "akm6"
- "akm24"
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- "name"
- "model"
- "serial-number"
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/1"
- "mcs9/1"
- "mcs10/1"
- "mcs11/1"
- "mcs0/2"
- "mcs1/2"
- "mcs2/2"
- "mcs3/2"
- "mcs4/2"
- "mcs5/2"
- "mcs6/2"
- "mcs7/2"
- "mcs8/2"
- "mcs9/2"
- "mcs10/2"
- "mcs11/2"
rates_11ax_ss34:
- "mcs0/3"
- "mcs1/3"
- "mcs2/3"
- "mcs3/3"
- "mcs4/3"
- "mcs5/3"
- "mcs6/3"
- "mcs7/3"
- "mcs8/3"
- "mcs9/3"
- "mcs10/3"
- "mcs11/3"
- "mcs0/4"
- "mcs1/4"
- "mcs2/4"
- "mcs3/4"
- "mcs4/4"
- "mcs5/4"
- "mcs6/4"
- "mcs7/4"
- "mcs8/4"
- "mcs9/4"
- "mcs10/4"
- "mcs11/4"
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
akm24_only: <value in [disable, enable]>
beacon_protection: <value in [disable, enable]>
captive_portal: <value in [disable, enable]>
nas_filter_rule: <value in [disable, enable]>
rates_11be_mcs_map: <string>
rates_11be_mcs_map_160: <string>
rates_11be_mcs_map_320: <string>
_intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
_intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
domain_name_stripping: <value in [disable, enable]>
local_lan_partition: <value in [disable, enable]>
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.