fmgr_system_global – Global range attributes.

New in version 2.10.

Synopsis

  • This module is able to configure a FortiManager device.
  • Examples include all parameters and values need to be adjusted to data sources before usage.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

FortiManager Version Compatibility


6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
system_global yes yes yes yes yes yes yes yes yes

Parameters

  • enable_log - Enable/Disable logging for task type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0 type: str required: false
  • proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
  • bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters type: bool required: false default: False
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
  • system_global - no description type: dict
    • admin-lockout-duration - Lockout duration(sec) for administration. type: int default: 60 more...
    • admin-lockout-threshold - Lockout threshold for administration. type: int default: 3 more...
    • adom-mode - ADOM mode. type: str choices: [normal, advanced] default: normal more...
    • adom-rev-auto-delete - Auto delete features for old ADOM revisions. type: str choices: [disable, by-revisions, by-days] default: by-revisions more...
    • adom-rev-max-backup-revisions - Maximum number of ADOM revisions to backup. type: int default: 5 more...
    • adom-rev-max-days - Number of days to keep old ADOM revisions. type: int default: 30 more...
    • adom-rev-max-revisions - Maximum number of ADOM revisions to keep. type: int default: 120 more...
    • adom-select - Enable/disable select ADOM after login. type: str choices: [disable, enable] default: enable more...
    • adom-status - ADOM status. type: str choices: [disable, enable] default: disable more...
    • clt-cert-req - Require client certificate for GUI login. type: str choices: [disable, enable, optional] default: disable more...
    • console-output - Console output mode. type: str choices: [standard, more] default: standard more...
    • country-flag - Country flag Status. type: str choices: [disable, enable] default: enable more...
    • create-revision - Enable/disable create revision by default. type: str choices: [disable, enable] default: disable more...
    • daylightsavetime - Enable/disable daylight saving time. type: str choices: [disable, enable] default: enable more...
    • default-disk-quota - Default disk quota for registered device (MB). type: int default: 1000 more...
    • detect-unregistered-log-device - Detect unregistered logging device from log message. type: str choices: [disable, enable] default: enable more...
    • device-view-mode - Set devices/groups view mode. type: str choices: [regular, tree] default: regular more...
    • dh-params - Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). type: str choices: [1024, 1536, 2048, 3072, 4096, 6144, 8192] default: 2048 more...
    • disable-module - Disable module list. type: array choices: [fortiview-noc, none, fortirecorder, siem, soc, ai] more...
    • enc-algorithm - SSL communication encryption algorithms. type: str choices: [low, medium, high, custom] default: high more...
    • faz-status - FAZ status. type: str choices: [disable, enable] default: disable more...
    • fgfm-local-cert - set the fgfm local certificate. type: str more...
    • fgfm-ssl-protocol - set the lowest SSL protocols for fgfmsd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...
    • ha-member-auto-grouping - Enable/disable automatically group HA members feature type: str choices: [disable, enable] default: enable more...
    • hitcount_concurrent - The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int default: 100 more...
    • hitcount_interval - The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). type: int default: 300 more...
    • hostname - System hostname. type: str default: FMG-VM64 more...
    • import-ignore-addr-cmt - Enable/Disable import ignore of address comments. type: str choices: [disable, enable] default: disable more...
    • language - System global language. type: str choices: [english, simch, japanese, korean, spanish, trach] default: english more...
    • latitude - fmg location latitude type: str more...
    • ldap-cache-timeout - LDAP browser cache timeout (seconds). type: int default: 86400 more...
    • ldapconntimeout - LDAP connection timeout (msec). type: int default: 60000 more...
    • lock-preempt - Enable/disable ADOM lock override. type: str choices: [disable, enable] default: disable more...
    • log-checksum - Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str choices: [none, md5, md5-auth] default: none more...
    • log-forward-cache-size - Log forwarding disk cache size (GB). type: int default: 0 more...
    • longitude - fmg location longitude type: str more...
    • max-log-forward - Maximum number of log-forward and aggregation settings. type: int default: 5 more...
    • max-running-reports - Maximum number of reports generating at one time. type: int default: 1 more...
    • oftp-ssl-protocol - set the lowest SSL protocols for oftpd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] default: tlsv1.2 more...
    • partial-install - Enable/Disable partial install (install some objects). type: str choices: [disable, enable] default: disable more...
    • partial-install-force - Enable/Disable partial install when devdb is modified. type: str choices: [disable, enable] default: disable more...
    • partial-install-rev - Enable/Disable auto creating adom revision for partial install. type: str choices: [disable, enable] default: disable more...
    • perform-improve-by-ha - Enable/Disable performance improvement by distributing tasks to HA slaves. type: str choices: [disable, enable] default: disable more...
    • policy-hit-count - show policy hit count. type: str choices: [disable, enable] default: disable more...
    • policy-object-in-dual-pane - show policies and objects in dual pane. type: str choices: [disable, enable] default: disable more...
    • pre-login-banner - Enable/disable pre-login banner. type: str choices: [disable, enable] default: disable more...
    • pre-login-banner-message - Pre-login banner message. type: str more...
    • remoteauthtimeout - Remote authentication (RADIUS/LDAP) timeout (sec). type: int default: 10 more...
    • search-all-adoms - Enable/Disable Search all ADOMs for where-used query. type: str choices: [disable, enable] default: disable more...
    • ssl-low-encryption - SSL low-grade encryption. type: str choices: [disable, enable] default: disable more...
    • ssl-protocol - SSL protocols. type: array choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3, tlsv1.3] more...
    • ssl-static-key-ciphers - Enable/disable SSL static key ciphers. type: str choices: [disable, enable] default: enable more...
    • task-list-size - Maximum number of completed tasks to keep. type: int default: 2000 more...
    • tftp - Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: str choices: [disable, enable] default: disable more...
    • timezone - Time zone. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91] default: 04 more...
    • tunnel-mtu - Maximum transportation unit(68 - 9000). type: int default: 1500 more...
    • usg - Enable/disable Fortiguard server restriction. type: str choices: [disable, enable] default: disable more...
    • vdom-mirror - VDOM mirror. type: str choices: [disable, enable] default: disable more...
    • webservice-proto - Web Service connection support SSL protocols. type: array choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2, tlsv1.3] more...
    • workflow-max-sessions - Maximum number of workflow sessions per ADOM (minimum 100). type: int default: 500 more...
    • workspace-mode - Set workspace mode (ADOM Locking). type: str choices: [disabled, normal, workflow, per-adom] default: disabled more...
    • clone-name-option - set the clone object names option. type: str choices: [default, keep] default: default more...
    • fgfm-ca-cert - set the extra fgfm CA certificates. type: str more...
    • mc-policy-disabled-adoms - Mc-Policy-Disabled-Adoms. type: array more...
      • adom-name - Adom names. type: str more...
    • policy-object-icon - show icons of policy objects. type: str choices: [disable, enable] default: disable more...
    • private-data-encryption - Enable/disable private data encryption using an AES 128-bit key. type: str choices: [disable, enable] default: disable more...
    • per-policy-lock - Enable/Disable per policy lock. type: str choices: [disable, enable] default: disable more...
    • multiple-steps-upgrade-in-autolink - Enable/disable multiple steps upgade in autolink process type: str choices: [disable, enable] default: disable more...
    • object-revision-db-max - Maximum revisions for a single database (10,000-1,000,000 default 100,000). type: int default: 100000 more...
    • object-revision-mandatory-note - Enable/disable mandatory note when create revision. type: str choices: [disable, enable] default: enable more...
    • object-revision-object-max - Maximum revisions for a single object (10-1000 default 100). type: int default: 100 more...
    • object-revision-status - Enable/disable create revision when modify objects. type: str choices: [disable, enable] default: enable more...
    • normalized-intf-zone-only - allow normalized interface to be zone only. type: str choices: [disable, enable] default: disable more...
    • ssl-cipher-suites - No description for the parameter type: array more...
      • cipher - Cipher name type: str more...
      • priority - SSL/TLS cipher suites priority. type: int default: 0 more...
      • version - SSL/TLS version the cipher suite can be used with. type: str choices: [tls1.2-or-below, tls1.3] default: tls1.2-or-below more...

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
  • To create or update an object, use state: present directive.
  • To delete an object, use state: absent directive
  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: enable workspace mode
     fmgr_system_global:
        system_global:
             adom-status: enable
             workspace-mode: normal

   - name: Script table.
     fmgr_dvmdb_script:
        bypass_validation: False
        adom: root
        state: present
        workspace_locking_adom: 'root'
        dvmdb_script:
           content: 'ansiblt-test'
           name: 'fooscript000'
           target: device_database
           type: cli

   - name: verify script table
     fmgr_fact:
        facts:
           selector: 'dvmdb_script'
           params:
               adom: 'root'
               script: 'fooscript000'
     register: info
     failed_when: info.meta.response_code != 0

   - name: restore workspace mode
     fmgr_system_global:
        system_global:
            adom-status: enable
            workspace-mode: disabled

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • request_url - The full url requested returned: always type: str sample: /sys/login/user
  • response_code - The status of api request returned: always type: int sample: 0
  • response_message - The descriptive message of the api response returned: always type: str sample: OK
  • response_data - The data body of the api response returned: optional type: list or dict

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Link Zheng (@chillancezen)
  • Jie Xue (@JieX19)
  • Frank Shen (@fshen01)
  • Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.