fmgr_system_global – Global range attributes.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /cli/global/system/global
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [get] - Global range attributes.
- parameters for method: [set, update] - Global range attributes.
- data - No description for the parameter type: dict
- admin-lockout-duration - Lockout duration(sec) for administration. type: int default: 60
- admin-lockout-threshold - Lockout threshold for administration. type: int default: 3
- adom-mode - ADOM mode. type: str choices: [normal, advanced] default: normal
- adom-rev-auto-delete - Auto delete features for old ADOM revisions. type: str choices: [disable, by-revisions, by-days] default: by-revisions
- adom-rev-max-backup-revisions - Maximum number of ADOM revisions to backup. type: int default: 5
- adom-rev-max-days - Number of days to keep old ADOM revisions. type: int default: 30
- adom-rev-max-revisions - Maximum number of ADOM revisions to keep. type: int default: 120
- adom-select - Enable/disable select ADOM after login. type: str choices: [disable, enable] default: enable
- adom-status - ADOM status. type: str choices: [disable, enable] default: disable
- clt-cert-req - Require client certificate for GUI login. type: str choices: [disable, enable, optional] default: disable
- console-output - Console output mode. type: str choices: [standard, more] default: standard
- country-flag - Country flag Status. type: str choices: [disable, enable] default: enable
- create-revision - Enable/disable create revision by default. type: str choices: [disable, enable] default: disable
- daylightsavetime - Enable/disable daylight saving time. type: str choices: [disable, enable] default: enable
- default-disk-quota - Default disk quota for registered device (MB). type: int default: 1000
- detect-unregistered-log-device - Detect unregistered logging device from log message. type: str choices: [disable, enable] default: enable
- device-view-mode - Set devices/groups view mode. type: str choices: [regular, tree] default: regular
- dh-params - Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). type: str choices: [1024, 1536, 2048, 3072, 4096, 6144, 8192] default: 2048
- disable-module - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [fortiview-noc]
- enc-algorithm - SSL communication encryption algorithms. type: str choices: [low, medium, high] default: high
- faz-status - FAZ status. type: str choices: [disable, enable] default: disable
- fgfm-local-cert - set the fgfm local certificate. type: str
- fgfm-ssl-protocol - set the lowest SSL protocols for fgfmsd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2] default: tlsv1.2
- ha-member-auto-grouping - Enable/disable automatically group HA members feature type: str choices: [disable, enable] default: enable
- hitcount_concurrent - The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int default: 100
- hitcount_interval - The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). type: int default: 300
- hostname - System hostname. type: str default: FMG-VM64
- import-ignore-addr-cmt - Enable/Disable import ignore of address comments. type: str choices: [disable, enable] default: disable
- language - System global language. type: str choices: [english, simch, japanese, korean, spanish, trach] default: english
- latitude - fmg location latitude type: str
- ldap-cache-timeout - LDAP browser cache timeout (seconds). type: int default: 86400
- ldapconntimeout - LDAP connection timeout (msec). type: int default: 60000
- lock-preempt - Enable/disable ADOM lock override. type: str choices: [disable, enable] default: disable
- log-checksum - Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str choices: [none, md5, md5-auth] default: none
- log-forward-cache-size - Log forwarding disk cache size (GB). type: int default: 0
- longitude - fmg location longitude type: str
- max-log-forward - Maximum number of log-forward and aggregation settings. type: int default: 5
- max-running-reports - Maximum number of reports generating at one time. type: int default: 1
- oftp-ssl-protocol - set the lowest SSL protocols for oftpd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2] default: tlsv1.2
- partial-install - Enable/Disable partial install (install some objects). type: str choices: [disable, enable] default: disable
- partial-install-force - Enable/Disable partial install when devdb is modified. type: str choices: [disable, enable] default: disable
- partial-install-rev - Enable/Disable auto creating adom revision for partial install. type: str choices: [disable, enable] default: disable
- perform-improve-by-ha - Enable/Disable performance improvement by distributing tasks to HA slaves. type: str choices: [disable, enable] default: disable
- policy-hit-count - show policy hit count. type: str choices: [disable, enable] default: disable
- policy-object-in-dual-pane - show policies and objects in dual pane. type: str choices: [disable, enable] default: disable
- pre-login-banner - Enable/disable pre-login banner. type: str choices: [disable, enable] default: disable
- pre-login-banner-message - Pre-login banner message. type: str
- remoteauthtimeout - Remote authentication (RADIUS/LDAP) timeout (sec). type: int default: 10
- search-all-adoms - Enable/Disable Search all ADOMs for where-used query. type: str choices: [disable, enable] default: disable
- ssl-low-encryption - SSL low-grade encryption. type: str choices: [disable, enable] default: disable
- ssl-protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3]
- ssl-static-key-ciphers - Enable/disable SSL static key ciphers. type: str choices: [disable, enable] default: enable
- task-list-size - Maximum number of completed tasks to keep. type: int default: 2000
- tftp - Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: str choices: [disable, enable] default: disable
- timezone - Time zone. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89] default: 04
- tunnel-mtu - Maximum transportation unit(68 - 9000). type: int default: 1500
- usg - Enable/disable Fortiguard server restriction. type: str choices: [disable, enable] default: disable
- vdom-mirror - VDOM mirror. type: str choices: [disable, enable] default: disable
- webservice-proto - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2]
- workflow-max-sessions - Maximum number of workflow sessions per ADOM (minimum 100). type: int default: 500
- workspace-mode - Set workspace mode (ADOM Locking). type: str choices: [disabled, normal, workflow] default: disabled
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /CLI/SYSTEM/GLOBAL
fmgr_system_global:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
params:
-
data:
admin-lockout-duration: <value of integer>
admin-lockout-threshold: <value of integer>
adom-mode: <value in [normal, advanced]>
adom-rev-auto-delete: <value in [disable, by-revisions, by-days]>
adom-rev-max-backup-revisions: <value of integer>
adom-rev-max-days: <value of integer>
adom-rev-max-revisions: <value of integer>
adom-select: <value in [disable, enable]>
adom-status: <value in [disable, enable]>
clt-cert-req: <value in [disable, enable, optional]>
console-output: <value in [standard, more]>
country-flag: <value in [disable, enable]>
create-revision: <value in [disable, enable]>
daylightsavetime: <value in [disable, enable]>
default-disk-quota: <value of integer>
detect-unregistered-log-device: <value in [disable, enable]>
device-view-mode: <value in [regular, tree]>
dh-params: <value in [1024, 1536, 2048, ...]>
disable-module:
- <value in [fortiview-noc]>
enc-algorithm: <value in [low, medium, high]>
faz-status: <value in [disable, enable]>
fgfm-local-cert: <value of string>
fgfm-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
ha-member-auto-grouping: <value in [disable, enable]>
hitcount_concurrent: <value of integer>
hitcount_interval: <value of integer>
hostname: <value of string>
import-ignore-addr-cmt: <value in [disable, enable]>
language: <value in [english, simch, japanese, ...]>
latitude: <value of string>
ldap-cache-timeout: <value of integer>
ldapconntimeout: <value of integer>
lock-preempt: <value in [disable, enable]>
log-checksum: <value in [none, md5, md5-auth]>
log-forward-cache-size: <value of integer>
longitude: <value of string>
max-log-forward: <value of integer>
max-running-reports: <value of integer>
oftp-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
partial-install: <value in [disable, enable]>
partial-install-force: <value in [disable, enable]>
partial-install-rev: <value in [disable, enable]>
perform-improve-by-ha: <value in [disable, enable]>
policy-hit-count: <value in [disable, enable]>
policy-object-in-dual-pane: <value in [disable, enable]>
pre-login-banner: <value in [disable, enable]>
pre-login-banner-message: <value of string>
remoteauthtimeout: <value of integer>
search-all-adoms: <value in [disable, enable]>
ssl-low-encryption: <value in [disable, enable]>
ssl-protocol:
- <value in [tlsv1.2, tlsv1.1, tlsv1.0, ...]>
ssl-static-key-ciphers: <value in [disable, enable]>
task-list-size: <value of integer>
tftp: <value in [disable, enable]>
timezone: <value in [00, 01, 02, ...]>
tunnel-mtu: <value of integer>
usg: <value in [disable, enable]>
vdom-mirror: <value in [disable, enable]>
webservice-proto:
- <value in [tlsv1.2, tlsv1.1, tlsv1.0, ...]>
workflow-max-sessions: <value of integer>
workspace-mode: <value in [disabled, normal, workflow]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- admin-lockout-duration - Lockout duration(sec) for administration. type: int example: 60
- admin-lockout-threshold - Lockout threshold for administration. type: int example: 3
- adom-mode - ADOM mode. type: str example: normal
- adom-rev-auto-delete - Auto delete features for old ADOM revisions. type: str example: by-revisions
- adom-rev-max-backup-revisions - Maximum number of ADOM revisions to backup. type: int example: 5
- adom-rev-max-days - Number of days to keep old ADOM revisions. type: int example: 30
- adom-rev-max-revisions - Maximum number of ADOM revisions to keep. type: int example: 120
- adom-select - Enable/disable select ADOM after login. type: str example: enable
- adom-status - ADOM status. type: str example: disable
- clt-cert-req - Require client certificate for GUI login. type: str example: disable
- console-output - Console output mode. type: str example: standard
- country-flag - Country flag Status. type: str example: enable
- create-revision - Enable/disable create revision by default. type: str example: disable
- daylightsavetime - Enable/disable daylight saving time. type: str example: enable
- default-disk-quota - Default disk quota for registered device (MB). type: int example: 1000
- detect-unregistered-log-device - Detect unregistered logging device from log message. type: str example: enable
- device-view-mode - Set devices/groups view mode. type: str example: regular
- dh-params - Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). type: str example: 2048
- disable-module - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- enc-algorithm - SSL communication encryption algorithms. type: str example: high
- faz-status - FAZ status. type: str example: disable
- fgfm-local-cert - set the fgfm local certificate. type: str
- fgfm-ssl-protocol - set the lowest SSL protocols for fgfmsd. type: str example: tlsv1.2
- ha-member-auto-grouping - Enable/disable automatically group HA members feature type: str example: enable
- hitcount_concurrent - The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int example: 100
- hitcount_interval - The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). type: int example: 300
- hostname - System hostname. type: str example: FMG-VM64
- import-ignore-addr-cmt - Enable/Disable import ignore of address comments. type: str example: disable
- language - System global language. type: str example: english
- latitude - fmg location latitude type: str
- ldap-cache-timeout - LDAP browser cache timeout (seconds). type: int example: 86400
- ldapconntimeout - LDAP connection timeout (msec). type: int example: 60000
- lock-preempt - Enable/disable ADOM lock override. type: str example: disable
- log-checksum - Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str example: none
- log-forward-cache-size - Log forwarding disk cache size (GB). type: int example: 0
- longitude - fmg location longitude type: str
- max-log-forward - Maximum number of log-forward and aggregation settings. type: int example: 5
- max-running-reports - Maximum number of reports generating at one time. type: int example: 1
- oftp-ssl-protocol - set the lowest SSL protocols for oftpd. type: str example: tlsv1.2
- partial-install - Enable/Disable partial install (install some objects). type: str example: disable
- partial-install-force - Enable/Disable partial install when devdb is modified. type: str example: disable
- partial-install-rev - Enable/Disable auto creating adom revision for partial install. type: str example: disable
- perform-improve-by-ha - Enable/Disable performance improvement by distributing tasks to HA slaves. type: str example: disable
- policy-hit-count - show policy hit count. type: str example: disable
- policy-object-in-dual-pane - show policies and objects in dual pane. type: str example: disable
- pre-login-banner - Enable/disable pre-login banner. type: str example: disable
- pre-login-banner-message - Pre-login banner message. type: str
- remoteauthtimeout - Remote authentication (RADIUS/LDAP) timeout (sec). type: int example: 10
- search-all-adoms - Enable/Disable Search all ADOMs for where-used query. type: str example: disable
- ssl-low-encryption - SSL low-grade encryption. type: str example: disable
- ssl-protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-static-key-ciphers - Enable/disable SSL static key ciphers. type: str example: enable
- task-list-size - Maximum number of completed tasks to keep. type: int example: 2000
- tftp - Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: str example: disable
- timezone - Time zone. type: str example: 04
- tunnel-mtu - Maximum transportation unit(68 - 9000). type: int example: 1500
- usg - Enable/disable Fortiguard server restriction. type: str example: disable
- vdom-mirror - VDOM mirror. type: str example: disable
- webservice-proto - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- workflow-max-sessions - Maximum number of workflow sessions per ADOM (minimum 100). type: int example: 500
- workspace-mode - Set workspace mode (ADOM Locking). type: str example: disabled
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/global
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/global