fmgr_vap_dynamicmapping – Configure Virtual Access Points (VAPs).

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

  • Argument name before 3.0.0: var-name, var name, var.name

  • New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • Tested with FortiManager v7.x.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

  • access_token -The token to access FortiManager without using username and password. type: str required: false
  • bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
  • proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
  • state - The directive to create, update or delete an object type: str required: true choices: present, absent
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
  • adom - The parameter in requested url type: str required: true
  • vap - The parameter in requested url type: str required: true
  • vap_dynamicmapping - Configure Virtual Access Points type: dict
    • _centmgmt Centmgmt. type: str choices: [disable, enable] default: disable more...
    • _dhcp_svr_id Dhcp svr id. type: str more...
    • _intf_allowaccess Intf allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
    • _intf_device_identification (Alias name: _intf_device-identification) Intf device identification. type: str choices: [disable, enable] default: disable more...
    • _intf_device_netscan (Alias name: _intf_device-netscan) Intf device netscan. type: str choices: [disable, enable] default: disable more...
    • _intf_dhcp_relay_ip (Alias name: _intf_dhcp-relay-ip) Intf dhcp relay ip. type: list more...
    • _intf_dhcp_relay_service (Alias name: _intf_dhcp-relay-service) Intf dhcp relay service. type: str choices: [disable, enable] default: disable more...
    • _intf_dhcp_relay_type (Alias name: _intf_dhcp-relay-type) Intf dhcp relay type. type: str choices: [regular, ipsec] default: regular more...
    • _intf_dhcp6_relay_ip (Alias name: _intf_dhcp6-relay-ip) Intf dhcp6 relay ip. type: str more...
    • _intf_dhcp6_relay_service (Alias name: _intf_dhcp6-relay-service) Intf dhcp6 relay service. type: str choices: [disable, enable] default: disable more...
    • _intf_dhcp6_relay_type (Alias name: _intf_dhcp6-relay-type) Intf dhcp6 relay type. type: str choices: [regular] default: regular more...
    • _intf_ip Intf ip. type: str more...
    • _intf_ip6_address (Alias name: _intf_ip6-address) Intf ip6 address. type: str more...
    • _intf_ip6_allowaccess (Alias name: _intf_ip6-allowaccess) Intf ip6 allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
    • _intf_listen_forticlient_connection (Alias name: _intf_listen-forticlient-connection) Intf listen forticlient connection. type: str choices: [disable, enable] default: disable more...
    • _scope Scope. type: list more...
      • name Name. type: str more...
      • vdom Vdom. type: str more...
    • acct_interim_interval (Alias name: acct-interim-interval) Acct interim interval. type: int more...
    • address_group (Alias name: address-group) Address group. type: str more...
    • alias Alias. type: str more...
    • atf_weight (Alias name: atf-weight) Atf weight. type: int more...
    • auth Auth. type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
    • broadcast_ssid (Alias name: broadcast-ssid) Broadcast ssid. type: str choices: [disable, enable] more...
    • broadcast_suppression (Alias name: broadcast-suppression) Broadcast suppression. type: list choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
    • captive_portal_ac_name (Alias name: captive-portal-ac-name) Captive portal ac name. type: str more...
    • captive_portal_macauth_radius_secret (Alias name: captive-portal-macauth-radius-secret) Captive portal macauth radius secret. type: list more...
    • captive_portal_macauth_radius_server (Alias name: captive-portal-macauth-radius-server) Captive portal macauth radius server. type: str more...
    • captive_portal_radius_secret (Alias name: captive-portal-radius-secret) Captive portal radius secret. type: list more...
    • captive_portal_radius_server (Alias name: captive-portal-radius-server) Captive portal radius server. type: str more...
    • captive_portal_session_timeout_interval (Alias name: captive-portal-session-timeout-interval) Captive portal session timeout interval. type: int more...
    • client_count (Alias name: client-count) Client count. type: int more...
    • dhcp_lease_time (Alias name: dhcp-lease-time) Dhcp lease time. type: int more...
    • dhcp_option82_circuit_id_insertion (Alias name: dhcp-option82-circuit-id-insertion) Dhcp option82 circuit id insertion. type: str choices: [disable, style-1, style-2, style-3] more...
    • dhcp_option82_insertion (Alias name: dhcp-option82-insertion) Dhcp option82 insertion. type: str choices: [disable, enable] more...
    • dhcp_option82_remote_id_insertion (Alias name: dhcp-option82-remote-id-insertion) Dhcp option82 remote id insertion. type: str choices: [disable, style-1] more...
    • dynamic_vlan (Alias name: dynamic-vlan) Dynamic vlan. type: str choices: [disable, enable] more...
    • eap_reauth (Alias name: eap-reauth) Eap reauth. type: str choices: [disable, enable] more...
    • eap_reauth_intv (Alias name: eap-reauth-intv) Eap reauth intv. type: int more...
    • eapol_key_retries (Alias name: eapol-key-retries) Eapol key retries. type: str choices: [disable, enable] more...
    • encrypt Encrypt. type: str choices: [TKIP, AES, TKIP-AES] more...
    • external_fast_roaming (Alias name: external-fast-roaming) External fast roaming. type: str choices: [disable, enable] more...
    • external_logout (Alias name: external-logout) External logout. type: str more...
    • external_web (Alias name: external-web) External web. type: str more...
    • fast_bss_transition (Alias name: fast-bss-transition) Fast bss transition. type: str choices: [disable, enable] more...
    • fast_roaming (Alias name: fast-roaming) Fast roaming. type: str choices: [disable, enable] more...
    • ft_mobility_domain (Alias name: ft-mobility-domain) Ft mobility domain. type: int more...
    • ft_over_ds (Alias name: ft-over-ds) Ft over ds. type: str choices: [disable, enable] more...
    • ft_r0_key_lifetime (Alias name: ft-r0-key-lifetime) Ft r0 key lifetime. type: int more...
    • gtk_rekey (Alias name: gtk-rekey) Gtk rekey. type: str choices: [disable, enable] more...
    • gtk_rekey_intv (Alias name: gtk-rekey-intv) Gtk rekey intv. type: int more...
    • hotspot20_profile (Alias name: hotspot20-profile) Hotspot20 profile. type: str more...
    • intra_vap_privacy (Alias name: intra-vap-privacy) Intra vap privacy. type: str choices: [disable, enable] more...
    • ip Ip. type: str more...
    • key Key. type: list more...
    • keyindex Keyindex. type: int more...
    • ldpc Ldpc. type: str choices: [disable, tx, rx, rxtx] more...
    • local_authentication (Alias name: local-authentication) Local authentication. type: str choices: [disable, enable] more...
    • local_bridging (Alias name: local-bridging) Local bridging. type: str choices: [disable, enable] more...
    • local_lan (Alias name: local-lan) Local lan. type: str choices: [deny, allow] more...
    • local_standalone (Alias name: local-standalone) Local standalone. type: str choices: [disable, enable] more...
    • local_standalone_nat (Alias name: local-standalone-nat) Local standalone nat. type: str choices: [disable, enable] more...
    • local_switching (Alias name: local-switching) Local switching. type: str choices: [disable, enable] more...
    • mac_auth_bypass (Alias name: mac-auth-bypass) Mac auth bypass. type: str choices: [disable, enable] more...
    • mac_filter (Alias name: mac-filter) Mac filter. type: str choices: [disable, enable] more...
    • mac_filter_policy_other (Alias name: mac-filter-policy-other) Mac filter policy other. type: str choices: [deny, allow] more...
    • max_clients (Alias name: max-clients) Max clients. type: int more...
    • max_clients_ap (Alias name: max-clients-ap) Max clients ap. type: int more...
    • me_disable_thresh (Alias name: me-disable-thresh) Me disable thresh. type: int more...
    • mesh_backhaul (Alias name: mesh-backhaul) Mesh backhaul. type: str choices: [disable, enable] more...
    • mpsk Mpsk. type: str choices: [disable, enable] more...
    • mpsk_concurrent_clients (Alias name: mpsk-concurrent-clients) Mpsk concurrent clients. type: int more...
    • multicast_enhance (Alias name: multicast-enhance) Multicast enhance. type: str choices: [disable, enable] more...
    • multicast_rate (Alias name: multicast-rate) Multicast rate. type: str choices: [0, 6000, 12000, 24000] more...
    • okc Okc. type: str choices: [disable, enable] more...
    • owe_groups (Alias name: owe-groups) Owe groups. type: list choices: [19, 20, 21] more...
    • owe_transition (Alias name: owe-transition) Owe transition. type: str choices: [disable, enable] more...
    • owe_transition_ssid (Alias name: owe-transition-ssid) Owe transition ssid. type: str more...
    • passphrase Passphrase. type: list more...
    • pmf Pmf. type: str choices: [disable, enable, optional] more...
    • pmf_assoc_comeback_timeout (Alias name: pmf-assoc-comeback-timeout) Pmf assoc comeback timeout. type: int more...
    • pmf_sa_query_retry_timeout (Alias name: pmf-sa-query-retry-timeout) Pmf sa query retry timeout. type: int more...
    • portal_message_override_group (Alias name: portal-message-override-group) Portal message override group. type: str more...
    • portal_type (Alias name: portal-type) Portal type. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
    • probe_resp_suppression (Alias name: probe-resp-suppression) Probe resp suppression. type: str choices: [disable, enable] more...
    • probe_resp_threshold (Alias name: probe-resp-threshold) Probe resp threshold. type: str more...
    • ptk_rekey (Alias name: ptk-rekey) Ptk rekey. type: str choices: [disable, enable] more...
    • ptk_rekey_intv (Alias name: ptk-rekey-intv) Ptk rekey intv. type: int more...
    • qos_profile (Alias name: qos-profile) Qos profile. type: str more...
    • quarantine Quarantine. type: str choices: [disable, enable] more...
    • radio_2g_threshold (Alias name: radio-2g-threshold) Radio 2g threshold. type: str more...
    • radio_5g_threshold (Alias name: radio-5g-threshold) Radio 5g threshold. type: str more...
    • radio_sensitivity (Alias name: radio-sensitivity) Radio sensitivity. type: str choices: [disable, enable] more...
    • radius_mac_auth (Alias name: radius-mac-auth) Radius mac auth. type: str choices: [disable, enable] more...
    • radius_mac_auth_server (Alias name: radius-mac-auth-server) Radius mac auth server. type: str more...
    • radius_mac_auth_usergroups (Alias name: radius-mac-auth-usergroups) Radius mac auth usergroups. type: list more...
    • radius_server (Alias name: radius-server) Radius server. type: str more...
    • rates_11a (Alias name: rates-11a) Rates 11a. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
    • rates_11ac_ss12 (Alias name: rates-11ac-ss12) Rates 11ac ss12. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
    • rates_11ac_ss34 (Alias name: rates-11ac-ss34) Rates 11ac ss34. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
    • rates_11bg (Alias name: rates-11bg) Rates 11bg. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
    • rates_11n_ss12 (Alias name: rates-11n-ss12) Rates 11n ss12. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
    • rates_11n_ss34 (Alias name: rates-11n-ss34) Rates 11n ss34. type: list choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
    • sae_groups (Alias name: sae-groups) Sae groups. type: list choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
    • sae_password (Alias name: sae-password) Sae password. type: list more...
    • schedule Schedule. type: list or str more...
    • security Security. type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
    • security_exempt_list (Alias name: security-exempt-list) Security exempt list. type: str more...
    • security_obsolete_option (Alias name: security-obsolete-option) Security obsolete option. type: str choices: [disable, enable] more...
    • security_redirect_url (Alias name: security-redirect-url) Security redirect url. type: str more...
    • selected_usergroups (Alias name: selected-usergroups) Selected usergroups. type: list or str more...
    • split_tunneling (Alias name: split-tunneling) Split tunneling. type: str choices: [disable, enable] more...
    • ssid Ssid. type: str more...
    • tkip_counter_measure (Alias name: tkip-counter-measure) Tkip counter measure. type: str choices: [disable, enable] more...
    • usergroup Usergroup. type: list or str more...
    • utm_profile (Alias name: utm-profile) Utm profile. type: str more...
    • vdom Vdom. type: list or str more...
    • vlan_auto (Alias name: vlan-auto) Vlan auto. type: str choices: [disable, enable] more...
    • vlan_pooling (Alias name: vlan-pooling) Vlan pooling. type: str choices: [wtp-group, round-robin, hash, disable] more...
    • vlanid Vlanid. type: int more...
    • voice_enterprise (Alias name: voice-enterprise) Voice enterprise. type: str choices: [disable, enable] more...
    • mu_mimo (Alias name: mu-mimo) Mu mimo. type: str choices: [disable, enable] more...
    • _intf_device_access_list (Alias name: _intf_device-access-list) Intf device access list. type: str more...
    • external_web_format (Alias name: external-web-format) External web format. type: str choices: [auto-detect, no-query-string, partial-query-string] more...
    • high_efficiency (Alias name: high-efficiency) High efficiency. type: str choices: [disable, enable] more...
    • primary_wag_profile (Alias name: primary-wag-profile) Primary wag profile. type: str more...
    • secondary_wag_profile (Alias name: secondary-wag-profile) Secondary wag profile. type: str more...
    • target_wake_time (Alias name: target-wake-time) Target wake time. type: str choices: [disable, enable] more...
    • tunnel_echo_interval (Alias name: tunnel-echo-interval) Tunnel echo interval. type: int more...
    • tunnel_fallback_interval (Alias name: tunnel-fallback-interval) Tunnel fallback interval. type: int more...
    • access_control_list (Alias name: access-control-list) Access control list. type: str more...
    • captive_portal_auth_timeout (Alias name: captive-portal-auth-timeout) Captive portal auth timeout. type: int more...
    • ipv6_rules (Alias name: ipv6-rules) Ipv6 rules. type: list choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
    • sticky_client_remove (Alias name: sticky-client-remove) Sticky client remove. type: str choices: [disable, enable] more...
    • sticky_client_threshold_2g (Alias name: sticky-client-threshold-2g) Sticky client threshold 2g. type: str more...
    • sticky_client_threshold_5g (Alias name: sticky-client-threshold-5g) Sticky client threshold 5g. type: str more...
    • bss_color_partial (Alias name: bss-color-partial) Bss color partial. type: str choices: [disable, enable] more...
    • dhcp_option43_insertion (Alias name: dhcp-option43-insertion) Dhcp option43 insertion. type: str choices: [disable, enable] more...
    • mpsk_profile (Alias name: mpsk-profile) Mpsk profile. type: str more...
    • igmp_snooping (Alias name: igmp-snooping) Enable/disable igmp snooping. type: str choices: [disable, enable] more...
    • port_macauth (Alias name: port-macauth) Enable/disable lan port mac authentication (default = disable). type: str choices: [disable, radius, address-group] more...
    • port_macauth_reauth_timeout (Alias name: port-macauth-reauth-timeout) Lan port mac authentication re-authentication timeout value (default = 7200 sec). type: int more...
    • port_macauth_timeout (Alias name: port-macauth-timeout) Lan port mac authentication idle timeout value (default = 600 sec). type: int more...
    • additional_akms (Alias name: additional-akms) Additional akms. type: list choices: [akm6, akm24] more...
    • bstm_disassociation_imminent (Alias name: bstm-disassociation-imminent) Enable/disable forcing of disassociation after the bstm request timer has been reached (default = enable). type: str choices: [disable, enable] more...
    • bstm_load_balancing_disassoc_timer (Alias name: bstm-load-balancing-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to ap load-balancing (0 to 30, default = 10). type: int more...
    • bstm_rssi_disassoc_timer (Alias name: bstm-rssi-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to low rssi (0 to 2000, default = 200). type: int more...
    • dhcp_address_enforcement (Alias name: dhcp-address-enforcement) Enable/disable dhcp address enforcement (default = disable). type: str choices: [disable, enable] more...
    • gas_comeback_delay (Alias name: gas-comeback-delay) Gas comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
    • gas_fragmentation_limit (Alias name: gas-fragmentation-limit) Gas fragmentation limit (512 - 4096, default = 1024). type: int more...
    • mac_called_station_delimiter (Alias name: mac-called-station-delimiter) Mac called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • mac_calling_station_delimiter (Alias name: mac-calling-station-delimiter) Mac calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • mac_case (Alias name: mac-case) Mac case (default = uppercase). type: str choices: [uppercase, lowercase] more...
    • mac_password_delimiter (Alias name: mac-password-delimiter) Mac authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • mac_username_delimiter (Alias name: mac-username-delimiter) Mac authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • mbo Enable/disable multiband operation (default = disable). type: str choices: [disable, enable] more...
    • mbo_cell_data_conn_pref (Alias name: mbo-cell-data-conn-pref) Mbo cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
    • nac Enable/disable network access control. type: str choices: [disable, enable] more...
    • nac_profile (Alias name: nac-profile) Nac profile name. type: str more...
    • neighbor_report_dual_band (Alias name: neighbor-report-dual-band) Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
    • address_group_policy (Alias name: address-group-policy) Configure mac address filtering policy for mac addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
    • antivirus_profile (Alias name: antivirus-profile) Antivirus profile name. type: str more...
    • application_detection_engine (Alias name: application-detection-engine) Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
    • application_list (Alias name: application-list) Application control list name. type: str more...
    • application_report_intv (Alias name: application-report-intv) Application report interval (30 - 864000 sec, default = 120). type: int more...
    • auth_cert (Alias name: auth-cert) Https server certificate. type: str more...
    • auth_portal_addr (Alias name: auth-portal-addr) Address of captive portal. type: str more...
    • beacon_advertising (Alias name: beacon-advertising) Fortinet beacon advertising ie data (default = empty). type: list choices: [name, model, serial-number] more...
    • ips_sensor (Alias name: ips-sensor) Ips sensor name. type: str more...
    • l3_roaming (Alias name: l3-roaming) Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
    • local_standalone_dns (Alias name: local-standalone-dns) Enable/disable ap local standalone dns. type: str choices: [disable, enable] more...
    • local_standalone_dns_ip (Alias name: local-standalone-dns-ip) Ipv4 addresses for the local standalone dns. type: list more...
    • osen Enable/disable osen as part of key management (default = disable). type: str choices: [disable, enable] more...
    • radius_mac_mpsk_auth (Alias name: radius-mac-mpsk-auth) Enable/disable radius-based mac authentication of clients for mpsk authentication (default = disable). type: str choices: [disable, enable] more...
    • radius_mac_mpsk_timeout (Alias name: radius-mac-mpsk-timeout) Radius mac mpsk cache timeout interval (1800 - 864000, default = 86400). type: int more...
    • rates_11ax_ss12 (Alias name: rates-11ax-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
    • rates_11ax_ss34 (Alias name: rates-11ax-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
    • scan_botnet_connections (Alias name: scan-botnet-connections) Block or monitor connections to botnet servers or disable botnet scanning. type: str choices: [disable, block, monitor] more...
    • utm_log (Alias name: utm-log) Enable/disable utm logging. type: str choices: [disable, enable] more...
    • utm_status (Alias name: utm-status) Enable to add one or more security profiles (av, ips, etc. type: str choices: [disable, enable] more...
    • webfilter_profile (Alias name: webfilter-profile) Webfilter profile name. type: str more...
    • sae_h2e_only (Alias name: sae-h2e-only) Use hash-to-element-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
    • sae_pk (Alias name: sae-pk) Enable/disable wpa3 sae-pk (default = disable). type: str choices: [disable, enable] more...
    • sae_private_key (Alias name: sae-private-key) Private key used for wpa3 sae-pk authentication. type: str more...
    • sticky_client_threshold_6g (Alias name: sticky-client-threshold-6g) Minimum signal level/threshold in dbm required for the 6g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
    • application_dscp_marking (Alias name: application-dscp-marking) Enable/disable application attribute based dscp marking (default = disable). type: str choices: [disable, enable] more...
    • l3_roaming_mode (Alias name: l3-roaming-mode) Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
    • rates_11ac_mcs_map (Alias name: rates-11ac-mcs-map) Comma separated list of max supported vht mcs for spatial streams 1 through 8. type: str more...
    • rates_11ax_mcs_map (Alias name: rates-11ax-mcs-map) Comma separated list of max supported he mcs for spatial streams 1 through 8. type: str more...
    • captive_portal_fw_accounting (Alias name: captive-portal-fw-accounting) Enable/disable radius accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
    • radius_mac_auth_block_interval (Alias name: radius-mac-auth-block-interval) Dont send radius mac auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
    • _is_factory_setting Is factory setting. type: str choices: [disable, enable, ext] default: disable more...
    • d80211k (Alias name: 80211k) Enable/disable 802. type: str choices: [disable, enable] more...
    • d80211v (Alias name: 80211v) Enable/disable 802. type: str choices: [disable, enable] more...
    • roaming_acct_interim_update (Alias name: roaming-acct-interim-update) Enable/disable using accounting interim update instead of accounting start/stop on roaming for wpa-enterprise security. type: str choices: [disable, enable] more...
    • sae_hnp_only (Alias name: sae-hnp-only) Use hunting-and-pecking-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
    • akm24_only (Alias name: akm24-only) Wpa3 sae using group-dependent hash only (default = disable). type: str choices: [disable, enable] more...
    • beacon_protection (Alias name: beacon-protection) Enable/disable beacon protection support (default = disable). type: str choices: [disable, enable] more...
    • captive_portal (Alias name: captive-portal) Enable/disable captive portal. type: str choices: [disable, enable] more...
    • nas_filter_rule (Alias name: nas-filter-rule) Enable/disable nas filter rule support (default = disable). type: str choices: [disable, enable] more...
    • rates_11be_mcs_map (Alias name: rates-11be-mcs-map) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 20mhz/40mhz/80mhz bandwidth. type: str more...
    • rates_11be_mcs_map_160 (Alias name: rates-11be-mcs-map-160) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 160mhz bandwidth. type: str more...
    • rates_11be_mcs_map_320 (Alias name: rates-11be-mcs-map-320) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 320mhz bandwidth. type: str more...
    • _intf_ip_managed_by_fortiipam (Alias name: _intf_ip-managed-by-fortiipam) Intf ip managed by fortiipam. type: str choices: [disable, enable, inherit-global] more...
    • _intf_managed_subnetwork_size (Alias name: _intf_managed-subnetwork-size) Intf managed subnetwork size. type: str choices: [32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536] default: 256 more...
    • domain_name_stripping (Alias name: domain-name-stripping) Enable/disable stripping domain name from identity (default = disable). type: str choices: [disable, enable] more...
    • local_lan_partition (Alias name: local-lan-partition) Enable/disable segregating client traffic to local lan side (default = disable). type: str choices: [disable, enable] more...

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state: present directive.

  • To delete an object, use state: absent directive

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure Virtual Access Points
      fortinet.fortimanager.fmgr_vap_dynamicmapping:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        vap: <your own value>
        state: present # <value in [present, absent]>
        vap_dynamicmapping:
          _centmgmt: <value in [disable, enable]>
          _dhcp_svr_id: <string>
          _intf_allowaccess:
            - "https"
            - "ping"
            - "ssh"
            - "snmp"
            - "http"
            - "telnet"
            - "fgfm"
            - "auto-ipsec"
            - "radius-acct"
            - "probe-response"
            - "capwap"
            - "dnp"
            - "ftm"
            - "fabric"
            - "speed-test"
          _intf_device_identification: <value in [disable, enable]>
          _intf_device_netscan: <value in [disable, enable]>
          _intf_dhcp_relay_ip: <list or string>
          _intf_dhcp_relay_service: <value in [disable, enable]>
          _intf_dhcp_relay_type: <value in [regular, ipsec]>
          _intf_dhcp6_relay_ip: <string>
          _intf_dhcp6_relay_service: <value in [disable, enable]>
          _intf_dhcp6_relay_type: <value in [regular]>
          _intf_ip: <string>
          _intf_ip6_address: <string>
          _intf_ip6_allowaccess:
            - "https"
            - "ping"
            - "ssh"
            - "snmp"
            - "http"
            - "telnet"
            - "any"
            - "fgfm"
            - "capwap"
          _intf_listen_forticlient_connection: <value in [disable, enable]>
          _scope:
            -
              name: <string>
              vdom: <string>
          acct_interim_interval: <integer>
          address_group: <string>
          alias: <string>
          atf_weight: <integer>
          auth: <value in [PSK, psk, RADIUS, ...]>
          broadcast_ssid: <value in [disable, enable]>
          broadcast_suppression:
            - "dhcp"
            - "arp"
            - "dhcp2"
            - "arp2"
            - "netbios-ns"
            - "netbios-ds"
            - "arp3"
            - "dhcp-up"
            - "dhcp-down"
            - "arp-known"
            - "arp-unknown"
            - "arp-reply"
            - "ipv6"
            - "dhcp-starvation"
            - "arp-poison"
            - "all-other-mc"
            - "all-other-bc"
            - "arp-proxy"
            - "dhcp-ucast"
          captive_portal_ac_name: <string>
          captive_portal_macauth_radius_secret: <list or string>
          captive_portal_macauth_radius_server: <string>
          captive_portal_radius_secret: <list or string>
          captive_portal_radius_server: <string>
          captive_portal_session_timeout_interval: <integer>
          client_count: <integer>
          dhcp_lease_time: <integer>
          dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
          dhcp_option82_insertion: <value in [disable, enable]>
          dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
          dynamic_vlan: <value in [disable, enable]>
          eap_reauth: <value in [disable, enable]>
          eap_reauth_intv: <integer>
          eapol_key_retries: <value in [disable, enable]>
          encrypt: <value in [TKIP, AES, TKIP-AES]>
          external_fast_roaming: <value in [disable, enable]>
          external_logout: <string>
          external_web: <string>
          fast_bss_transition: <value in [disable, enable]>
          fast_roaming: <value in [disable, enable]>
          ft_mobility_domain: <integer>
          ft_over_ds: <value in [disable, enable]>
          ft_r0_key_lifetime: <integer>
          gtk_rekey: <value in [disable, enable]>
          gtk_rekey_intv: <integer>
          hotspot20_profile: <string>
          intra_vap_privacy: <value in [disable, enable]>
          ip: <string>
          key: <list or string>
          keyindex: <integer>
          ldpc: <value in [disable, tx, rx, ...]>
          local_authentication: <value in [disable, enable]>
          local_bridging: <value in [disable, enable]>
          local_lan: <value in [deny, allow]>
          local_standalone: <value in [disable, enable]>
          local_standalone_nat: <value in [disable, enable]>
          local_switching: <value in [disable, enable]>
          mac_auth_bypass: <value in [disable, enable]>
          mac_filter: <value in [disable, enable]>
          mac_filter_policy_other: <value in [deny, allow]>
          max_clients: <integer>
          max_clients_ap: <integer>
          me_disable_thresh: <integer>
          mesh_backhaul: <value in [disable, enable]>
          mpsk: <value in [disable, enable]>
          mpsk_concurrent_clients: <integer>
          multicast_enhance: <value in [disable, enable]>
          multicast_rate: <value in [0, 6000, 12000, ...]>
          okc: <value in [disable, enable]>
          owe_groups:
            - "19"
            - "20"
            - "21"
          owe_transition: <value in [disable, enable]>
          owe_transition_ssid: <string>
          passphrase: <list or string>
          pmf: <value in [disable, enable, optional]>
          pmf_assoc_comeback_timeout: <integer>
          pmf_sa_query_retry_timeout: <integer>
          portal_message_override_group: <string>
          portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
          probe_resp_suppression: <value in [disable, enable]>
          probe_resp_threshold: <string>
          ptk_rekey: <value in [disable, enable]>
          ptk_rekey_intv: <integer>
          qos_profile: <string>
          quarantine: <value in [disable, enable]>
          radio_2g_threshold: <string>
          radio_5g_threshold: <string>
          radio_sensitivity: <value in [disable, enable]>
          radius_mac_auth: <value in [disable, enable]>
          radius_mac_auth_server: <string>
          radius_mac_auth_usergroups: <list or string>
          radius_server: <string>
          rates_11a:
            - "1"
            - "1-basic"
            - "2"
            - "2-basic"
            - "5.5"
            - "5.5-basic"
            - "6"
            - "6-basic"
            - "9"
            - "9-basic"
            - "12"
            - "12-basic"
            - "18"
            - "18-basic"
            - "24"
            - "24-basic"
            - "36"
            - "36-basic"
            - "48"
            - "48-basic"
            - "54"
            - "54-basic"
            - "11"
            - "11-basic"
          rates_11ac_ss12:
            - "mcs0/1"
            - "mcs1/1"
            - "mcs2/1"
            - "mcs3/1"
            - "mcs4/1"
            - "mcs5/1"
            - "mcs6/1"
            - "mcs7/1"
            - "mcs8/1"
            - "mcs9/1"
            - "mcs0/2"
            - "mcs1/2"
            - "mcs2/2"
            - "mcs3/2"
            - "mcs4/2"
            - "mcs5/2"
            - "mcs6/2"
            - "mcs7/2"
            - "mcs8/2"
            - "mcs9/2"
            - "mcs10/1"
            - "mcs11/1"
            - "mcs10/2"
            - "mcs11/2"
          rates_11ac_ss34:
            - "mcs0/3"
            - "mcs1/3"
            - "mcs2/3"
            - "mcs3/3"
            - "mcs4/3"
            - "mcs5/3"
            - "mcs6/3"
            - "mcs7/3"
            - "mcs8/3"
            - "mcs9/3"
            - "mcs0/4"
            - "mcs1/4"
            - "mcs2/4"
            - "mcs3/4"
            - "mcs4/4"
            - "mcs5/4"
            - "mcs6/4"
            - "mcs7/4"
            - "mcs8/4"
            - "mcs9/4"
            - "mcs10/3"
            - "mcs11/3"
            - "mcs10/4"
            - "mcs11/4"
          rates_11bg:
            - "1"
            - "1-basic"
            - "2"
            - "2-basic"
            - "5.5"
            - "5.5-basic"
            - "6"
            - "6-basic"
            - "9"
            - "9-basic"
            - "12"
            - "12-basic"
            - "18"
            - "18-basic"
            - "24"
            - "24-basic"
            - "36"
            - "36-basic"
            - "48"
            - "48-basic"
            - "54"
            - "54-basic"
            - "11"
            - "11-basic"
          rates_11n_ss12:
            - "mcs0/1"
            - "mcs1/1"
            - "mcs2/1"
            - "mcs3/1"
            - "mcs4/1"
            - "mcs5/1"
            - "mcs6/1"
            - "mcs7/1"
            - "mcs8/2"
            - "mcs9/2"
            - "mcs10/2"
            - "mcs11/2"
            - "mcs12/2"
            - "mcs13/2"
            - "mcs14/2"
            - "mcs15/2"
          rates_11n_ss34:
            - "mcs16/3"
            - "mcs17/3"
            - "mcs18/3"
            - "mcs19/3"
            - "mcs20/3"
            - "mcs21/3"
            - "mcs22/3"
            - "mcs23/3"
            - "mcs24/4"
            - "mcs25/4"
            - "mcs26/4"
            - "mcs27/4"
            - "mcs28/4"
            - "mcs29/4"
            - "mcs30/4"
            - "mcs31/4"
          sae_groups:
            - "1"
            - "2"
            - "5"
            - "14"
            - "15"
            - "16"
            - "17"
            - "18"
            - "19"
            - "20"
            - "21"
            - "27"
            - "28"
            - "29"
            - "30"
            - "31"
          sae_password: <list or string>
          schedule: <list or string>
          security: <value in [None, WEP64, wep64, ...]>
          security_exempt_list: <string>
          security_obsolete_option: <value in [disable, enable]>
          security_redirect_url: <string>
          selected_usergroups: <list or string>
          split_tunneling: <value in [disable, enable]>
          ssid: <string>
          tkip_counter_measure: <value in [disable, enable]>
          usergroup: <list or string>
          utm_profile: <string>
          vdom: <list or string>
          vlan_auto: <value in [disable, enable]>
          vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
          vlanid: <integer>
          voice_enterprise: <value in [disable, enable]>
          mu_mimo: <value in [disable, enable]>
          _intf_device_access_list: <string>
          external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
          high_efficiency: <value in [disable, enable]>
          primary_wag_profile: <string>
          secondary_wag_profile: <string>
          target_wake_time: <value in [disable, enable]>
          tunnel_echo_interval: <integer>
          tunnel_fallback_interval: <integer>
          access_control_list: <string>
          captive_portal_auth_timeout: <integer>
          ipv6_rules:
            - "drop-icmp6ra"
            - "drop-icmp6rs"
            - "drop-llmnr6"
            - "drop-icmp6mld2"
            - "drop-dhcp6s"
            - "drop-dhcp6c"
            - "ndp-proxy"
            - "drop-ns-dad"
            - "drop-ns-nondad"
          sticky_client_remove: <value in [disable, enable]>
          sticky_client_threshold_2g: <string>
          sticky_client_threshold_5g: <string>
          bss_color_partial: <value in [disable, enable]>
          dhcp_option43_insertion: <value in [disable, enable]>
          mpsk_profile: <string>
          igmp_snooping: <value in [disable, enable]>
          port_macauth: <value in [disable, radius, address-group]>
          port_macauth_reauth_timeout: <integer>
          port_macauth_timeout: <integer>
          additional_akms:
            - "akm6"
            - "akm24"
          bstm_disassociation_imminent: <value in [disable, enable]>
          bstm_load_balancing_disassoc_timer: <integer>
          bstm_rssi_disassoc_timer: <integer>
          dhcp_address_enforcement: <value in [disable, enable]>
          gas_comeback_delay: <integer>
          gas_fragmentation_limit: <integer>
          mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_case: <value in [uppercase, lowercase]>
          mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mbo: <value in [disable, enable]>
          mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
          nac: <value in [disable, enable]>
          nac_profile: <string>
          neighbor_report_dual_band: <value in [disable, enable]>
          address_group_policy: <value in [disable, allow, deny]>
          antivirus_profile: <string>
          application_detection_engine: <value in [disable, enable]>
          application_list: <string>
          application_report_intv: <integer>
          auth_cert: <string>
          auth_portal_addr: <string>
          beacon_advertising:
            - "name"
            - "model"
            - "serial-number"
          ips_sensor: <string>
          l3_roaming: <value in [disable, enable]>
          local_standalone_dns: <value in [disable, enable]>
          local_standalone_dns_ip: <list or string>
          osen: <value in [disable, enable]>
          radius_mac_mpsk_auth: <value in [disable, enable]>
          radius_mac_mpsk_timeout: <integer>
          rates_11ax_ss12:
            - "mcs0/1"
            - "mcs1/1"
            - "mcs2/1"
            - "mcs3/1"
            - "mcs4/1"
            - "mcs5/1"
            - "mcs6/1"
            - "mcs7/1"
            - "mcs8/1"
            - "mcs9/1"
            - "mcs10/1"
            - "mcs11/1"
            - "mcs0/2"
            - "mcs1/2"
            - "mcs2/2"
            - "mcs3/2"
            - "mcs4/2"
            - "mcs5/2"
            - "mcs6/2"
            - "mcs7/2"
            - "mcs8/2"
            - "mcs9/2"
            - "mcs10/2"
            - "mcs11/2"
          rates_11ax_ss34:
            - "mcs0/3"
            - "mcs1/3"
            - "mcs2/3"
            - "mcs3/3"
            - "mcs4/3"
            - "mcs5/3"
            - "mcs6/3"
            - "mcs7/3"
            - "mcs8/3"
            - "mcs9/3"
            - "mcs10/3"
            - "mcs11/3"
            - "mcs0/4"
            - "mcs1/4"
            - "mcs2/4"
            - "mcs3/4"
            - "mcs4/4"
            - "mcs5/4"
            - "mcs6/4"
            - "mcs7/4"
            - "mcs8/4"
            - "mcs9/4"
            - "mcs10/4"
            - "mcs11/4"
          scan_botnet_connections: <value in [disable, block, monitor]>
          utm_log: <value in [disable, enable]>
          utm_status: <value in [disable, enable]>
          webfilter_profile: <string>
          sae_h2e_only: <value in [disable, enable]>
          sae_pk: <value in [disable, enable]>
          sae_private_key: <string>
          sticky_client_threshold_6g: <string>
          application_dscp_marking: <value in [disable, enable]>
          l3_roaming_mode: <value in [direct, indirect]>
          rates_11ac_mcs_map: <string>
          rates_11ax_mcs_map: <string>
          captive_portal_fw_accounting: <value in [disable, enable]>
          radius_mac_auth_block_interval: <integer>
          _is_factory_setting: <value in [disable, enable, ext]>
          d80211k: <value in [disable, enable]>
          d80211v: <value in [disable, enable]>
          roaming_acct_interim_update: <value in [disable, enable]>
          sae_hnp_only: <value in [disable, enable]>
          akm24_only: <value in [disable, enable]>
          beacon_protection: <value in [disable, enable]>
          captive_portal: <value in [disable, enable]>
          nas_filter_rule: <value in [disable, enable]>
          rates_11be_mcs_map: <string>
          rates_11be_mcs_map_160: <string>
          rates_11be_mcs_map_320: <string>
          _intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
          _intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
          domain_name_stripping: <value in [disable, enable]>
          local_lan_partition: <value in [disable, enable]>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)