fmgr_vap – Configure Virtual Access Points (VAPs).¶

New in version 2.10.

Synopsis
Requirements
FortiManager Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis ¶

This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

FortiManager Version Compatibility ¶

	`6.0.0`	`6.2.1`	`6.2.3`	`6.2.5`	`6.4.0`	`6.4.2`	`6.4.5`	`7.0.0`	`7.2.0`
vap	yes	yes	yes	yes	yes	yes	yes	yes	yes

Parameters ¶

enable_log - Enable/Disable logging for task type: bool required: false default: False
forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0 type: str required: false
proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters type: bool required: false default: False
workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom adom including root
workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
state - The directive to create, update or delete an object type: str required: true choices: present, absent
adom - The parameter in requested url type: str required: true
vap - no description type: dict

_centmgmt - _Centmgmt. type: str choices: [disable, enable] default: disable more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_centmgmt True True True True True True True True True
_dhcp_svr_id - _Dhcp_Svr_Id. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_dhcp_svr_id True True True True True True True True True
_intf_allowaccess - _Intf_Allowaccess. type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_allowaccess True True True True True True True True True
_intf_device-identification - _Intf_Device-Identification. type: str choices: [disable, enable] default: disable more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_device-identification True True True True True True True True True
_intf_device-netscan - _Intf_Device-Netscan. type: str choices: [disable, enable] default: disable more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_device-netscan True True True True True True True True True
_intf_dhcp-relay-ip - _Intf_Dhcp-Relay-Ip. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_dhcp-relay-ip True True True True True True True True True
_intf_dhcp-relay-service - _Intf_Dhcp-Relay-Service. type: str choices: [disable, enable] default: disable more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_dhcp-relay-service True True True True True True True True True
_intf_dhcp-relay-type - _Intf_Dhcp-Relay-Type. type: str choices: [regular, ipsec] default: regular more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_dhcp-relay-type True True True True True True True True True
_intf_dhcp6-relay-ip - _Intf_Dhcp6-Relay-Ip. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_dhcp6-relay-ip True True True True True True True True True
_intf_dhcp6-relay-service - _Intf_Dhcp6-Relay-Service. type: str choices: [disable, enable] default: disable more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_dhcp6-relay-service True True True True True True True True True
_intf_dhcp6-relay-type - _Intf_Dhcp6-Relay-Type. type: str choices: [regular] default: regular more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_dhcp6-relay-type True True True True True True True True True
_intf_ip - _Intf_Ip. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_ip True True True True True True True True True
_intf_ip6-address - _Intf_Ip6-Address. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_ip6-address True True True True True True True True True
_intf_ip6-allowaccess - _Intf_Ip6-Allowaccess. type: array choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_ip6-allowaccess True True True True True True True True True
_intf_listen-forticlient-connection - _Intf_Listen-Forticlient-Connection. type: str choices: [disable, enable] default: disable more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_listen-forticlient-connection True True True True True True True True True
acct-interim-interval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

acct-interim-interval True True True True False False False False False
alias - Alias. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

alias True True True True True True True True True
auth - Authentication protocol. type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

auth True True True True True True True True True
broadcast-ssid - Enable/disable broadcasting the SSID (default = enable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

broadcast-ssid True True True True True True True True True
broadcast-suppression - Optional suppression of broadcast messages. type: array choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

broadcast-suppression True True True True True True True True True
captive-portal-ac-name - Local-bridging captive portal ac-name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

captive-portal-ac-name True True True True True True True True True
captive-portal-macauth-radius-secret - Secret key to access the macauth RADIUS server. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

captive-portal-macauth-radius-secret True True True True False False False False False
captive-portal-macauth-radius-server - Captive portal external RADIUS server domain name or IP address. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

captive-portal-macauth-radius-server True True True True False False False False False
captive-portal-radius-secret - Secret key to access the RADIUS server. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

captive-portal-radius-secret True True True True False False False False False
captive-portal-radius-server - Captive portal RADIUS server domain name or IP address. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

captive-portal-radius-server True True True True False False False False False
captive-portal-session-timeout-interval - Session timeout interval (0 - 864000 sec, default = 0). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

captive-portal-session-timeout-interval True True True True False False False False False
dhcp-lease-time - DHCP lease time in seconds for NAT IP address. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dhcp-lease-time True True True True True True True True True
dhcp-option82-circuit-id-insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). type: str choices: [disable, style-1, style-2, style-3] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dhcp-option82-circuit-id-insertion True True True True True True True True True
dhcp-option82-insertion - Enable/disable DHCP option 82 insert (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dhcp-option82-insertion True True True True True True True True True
dhcp-option82-remote-id-insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). type: str choices: [disable, style-1] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dhcp-option82-remote-id-insertion True True True True True True True True True
dynamic-vlan - Enable/disable dynamic VLAN assignment. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dynamic-vlan True True True True True True True True True
dynamic_mapping - Dynamic_Mapping. type: array more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dynamic_mapping True True True True True True True True True
- _centmgmt - _Centmgmt. type: str choices: [disable, enable] default: disable more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _centmgmt True True True True True True True True True
- _dhcp_svr_id - _Dhcp_Svr_Id. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _dhcp_svr_id True True True True True True True True True
- _intf_allowaccess - _Intf_Allowaccess. type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_allowaccess True True True True True True True True True
- _intf_device-identification - _Intf_Device-Identification. type: str choices: [disable, enable] default: disable more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_device-identification True True True True True True True True True
- _intf_device-netscan - _Intf_Device-Netscan. type: str choices: [disable, enable] default: disable more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_device-netscan True True True True True True True True True
- _intf_dhcp-relay-ip - _Intf_Dhcp-Relay-Ip. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_dhcp-relay-ip True True True True True True True True True
- _intf_dhcp-relay-service - _Intf_Dhcp-Relay-Service. type: str choices: [disable, enable] default: disable more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_dhcp-relay-service True True True True True True True True True
- _intf_dhcp-relay-type - _Intf_Dhcp-Relay-Type. type: str choices: [regular, ipsec] default: regular more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_dhcp-relay-type True True True True True True True True True
- _intf_dhcp6-relay-ip - _Intf_Dhcp6-Relay-Ip. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_dhcp6-relay-ip True True True True True True True True True
- _intf_dhcp6-relay-service - _Intf_Dhcp6-Relay-Service. type: str choices: [disable, enable] default: disable more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_dhcp6-relay-service True True True True True True True True True
- _intf_dhcp6-relay-type - _Intf_Dhcp6-Relay-Type. type: str choices: [regular] default: regular more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_dhcp6-relay-type True True True True True True True True True
- _intf_ip - _Intf_Ip. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_ip True True True True True True True True True
- _intf_ip6-address - _Intf_Ip6-Address. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_ip6-address True True True True True True True True True
- _intf_ip6-allowaccess - _Intf_Ip6-Allowaccess. type: array choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_ip6-allowaccess True True True True True True True True True
- _intf_listen-forticlient-connection - _Intf_Listen-Forticlient-Connection. type: str choices: [disable, enable] default: disable more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_listen-forticlient-connection True True True True True True True True True
- _scope - _Scope. type: array more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _scope True True True True True True True True True
  - name - Name. type: str more...
    
    6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
    
    name True True True True True True True True True
  - vdom - Vdom. type: str more...
    
    6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
    
    vdom True True True True True True True True True
- acct-interim-interval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  acct-interim-interval True True True True True True True True True
- address-group - Address group ID. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  address-group True True True True True True True True True
- alias - Alias. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  alias True True True True True True True True True
- atf-weight - Airtime weight in percentage (default = 20). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  atf-weight True True True True True True True True True
- auth - Authentication protocol. type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  auth True True True True True True True True True
- broadcast-ssid - Enable/disable broadcasting the SSID (default = enable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  broadcast-ssid True True True True True True True True True
- broadcast-suppression - Optional suppression of broadcast messages. type: array choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  broadcast-suppression True True True True True True True True True
- captive-portal-ac-name - Local-bridging captive portal ac-name. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  captive-portal-ac-name True True True True True True True True True
- captive-portal-macauth-radius-secret - Secret key to access the macauth RADIUS server. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  captive-portal-macauth-radius-secret True True True True True True True True True
- captive-portal-macauth-radius-server - Captive portal external RADIUS server domain name or IP address. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  captive-portal-macauth-radius-server True True True True True True True True True
- captive-portal-radius-secret - Secret key to access the RADIUS server. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  captive-portal-radius-secret True True True True True True True True True
- captive-portal-radius-server - Captive portal RADIUS server domain name or IP address. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  captive-portal-radius-server True True True True True True True True True
- captive-portal-session-timeout-interval - Session timeout interval (0 - 864000 sec, default = 0). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  captive-portal-session-timeout-interval True True True True True True True True True
- client-count - Client-Count. type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  client-count True True True True True True True True True
- dhcp-lease-time - DHCP lease time in seconds for NAT IP address. type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  dhcp-lease-time True True True True True True True True True
- dhcp-option82-circuit-id-insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). type: str choices: [disable, style-1, style-2, style-3] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  dhcp-option82-circuit-id-insertion True True True True True True True True True
- dhcp-option82-insertion - Enable/disable DHCP option 82 insert (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  dhcp-option82-insertion True True True True True True True True True
- dhcp-option82-remote-id-insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). type: str choices: [disable, style-1] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  dhcp-option82-remote-id-insertion True True True True True True True True True
- dynamic-vlan - Enable/disable dynamic VLAN assignment. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  dynamic-vlan True True True True True True True True True
- eap-reauth - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  eap-reauth True True True True True True True True True
- eap-reauth-intv - EAP re-authentication interval (1800 - 864000 sec, default = 86400). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  eap-reauth-intv True True True True True True True True True
- eapol-key-retries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  eapol-key-retries True True True True True True True True True
- encrypt - Encryption protocol to use (only available when security is set to a WPA type). type: str choices: [TKIP, AES, TKIP-AES] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  encrypt True True True True True True True True True
- external-fast-roaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  external-fast-roaming True True True True True True True True True
- external-logout - URL of external authentication logout server. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  external-logout True True True True True True True True True
- external-web - URL of external authentication web server. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  external-web True True True True True True True True True
- fast-bss-transition - Enable/disable 802. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  fast-bss-transition True True True True True True True True True
- fast-roaming - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  fast-roaming True True True True True True True True True
- ft-mobility-domain - Mobility domain identifier in FT (1 - 65535, default = 1000). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ft-mobility-domain True True True True True True True True True
- ft-over-ds - Enable/disable FT over the Distribution System (DS). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ft-over-ds True True True True True True True True True
- ft-r0-key-lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ft-r0-key-lifetime True True True True True True True True True
- gtk-rekey - Enable/disable GTK rekey for WPA security. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  gtk-rekey True True True True True True True True True
- gtk-rekey-intv - GTK rekey interval (1800 - 864000 sec, default = 86400). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  gtk-rekey-intv True True True True True True True True True
- hotspot20-profile - Hotspot 2. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  hotspot20-profile True True True True True True True True True
- intra-vap-privacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  intra-vap-privacy True True True True True True True True True
- ip - IP address and subnet mask for the local standalone NAT subnet. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ip True True True True True True True True True
- key - WEP Key. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  key True True True True True True True True True
- keyindex - WEP key index (1 - 4). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  keyindex True True True True True True True True True
- ldpc - VAP low-density parity-check (LDPC) coding configuration. type: str choices: [disable, tx, rx, rxtx] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ldpc True True True True True True True True True
- local-authentication - Enable/disable AP local authentication. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  local-authentication True True True True True True True True True
- local-bridging - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  local-bridging True True True True True True True True True
- local-lan - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). type: str choices: [deny, allow] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  local-lan True True True True True True True True True
- local-standalone - Enable/disable AP local standalone (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  local-standalone True True True True True True True True True
- local-standalone-nat - Enable/disable AP local standalone NAT mode. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  local-standalone-nat True True True True True True True True True
- local-switching - Local-Switching. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  local-switching True True True True True True True True True
- mac-auth-bypass - Enable/disable MAC authentication bypass. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mac-auth-bypass True True True True True True True True True
- mac-filter - Enable/disable MAC filtering to block wireless clients by mac address. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mac-filter True True True True True True True True True
- mac-filter-policy-other - Allow or block clients with MAC addresses that are not in the filter list. type: str choices: [deny, allow] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mac-filter-policy-other True True True True True True True True True
- max-clients - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  max-clients True True True True True True True True True
- max-clients-ap - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  max-clients-ap True True True True True True True True True
- me-disable-thresh - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  me-disable-thresh True True True True True True True True True
- mesh-backhaul - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mesh-backhaul True True True True True True True True True
- mpsk - Enable/disable multiple PSK authentication. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mpsk True True True True True True True True True
- mpsk-concurrent-clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mpsk-concurrent-clients True True True True True True True True True
- multicast-enhance - Enable/disable converting multicast to unicast to improve performance (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  multicast-enhance True True True True True True True True True
- multicast-rate - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). type: str choices: [0, 6000, 12000, 24000] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  multicast-rate True True True True True True True True True
- okc - Enable/disable Opportunistic Key Caching (OKC) (default = enable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  okc True True True True True True True True True
- owe-groups - OWE-Groups. type: array choices: [19, 20, 21] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  owe-groups True True True True True True True True True
- owe-transition - Enable/disable OWE transition mode support. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  owe-transition True True True True True True True True True
- owe-transition-ssid - OWE transition mode peer SSID. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  owe-transition-ssid True True True True True True True True True
- passphrase - WPA pre-shared key (PSK) to be used to authenticate WiFi users. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  passphrase True True True True True True True True True
- pmf - Protected Management Frames (PMF) support (default = disable). type: str choices: [disable, enable, optional] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  pmf True True True True True True True True True
- pmf-assoc-comeback-timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  pmf-assoc-comeback-timeout True True True True True True True True True
- pmf-sa-query-retry-timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  pmf-sa-query-retry-timeout True True True True True True True True True
- portal-message-override-group - Replacement message group for this VAP (only available when security is set to a captive portal type). type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  portal-message-override-group True True True True True True True True True
- portal-type - Captive portal functionality. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  portal-type True True True True True True True True True
- probe-resp-suppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  probe-resp-suppression True True True True True True True True True
- probe-resp-threshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80). type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  probe-resp-threshold True True True True True True True True True
- ptk-rekey - Enable/disable PTK rekey for WPA-Enterprise security. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ptk-rekey True True True True True True True True True
- ptk-rekey-intv - PTK rekey interval (1800 - 864000 sec, default = 86400). type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ptk-rekey-intv True True True True True True True True True
- qos-profile - Quality of service profile name. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  qos-profile True True True True True True True True True
- quarantine - Enable/disable station quarantine (default = enable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  quarantine True True True True True True True True True
- radio-2g-threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  radio-2g-threshold True True True True True True True True True
- radio-5g-threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76). type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  radio-5g-threshold True True True True True True True True True
- radio-sensitivity - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  radio-sensitivity True True True True True True True True True
- radius-mac-auth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  radius-mac-auth True True True True True True True True True
- radius-mac-auth-server - RADIUS-based MAC authentication server. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  radius-mac-auth-server True True True True True True True True True
- radius-mac-auth-usergroups - Selective user groups that are permitted for RADIUS mac authentication. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  radius-mac-auth-usergroups True True True True True True True True True
- radius-server - RADIUS server to be used to authenticate WiFi users. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  radius-server True True True True True True True True True
- rates-11a - Allowed data rates for 802. type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  rates-11a True True True True True True True True True
- rates-11ac-ss12 - Allowed data rates for 802. type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  rates-11ac-ss12 True True True True True True True True True
- rates-11ac-ss34 - Allowed data rates for 802. type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  rates-11ac-ss34 True True True True True True True True True
- rates-11bg - Allowed data rates for 802. type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  rates-11bg True True True True True True True True True
- rates-11n-ss12 - Allowed data rates for 802. type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  rates-11n-ss12 True True True True True True True True True
- rates-11n-ss34 - Allowed data rates for 802. type: array choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  rates-11n-ss34 True True True True True True True True True
- sae-groups - SAE-Groups. type: array choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  sae-groups True True True True True True True True True
- sae-password - WPA3 SAE password to be used to authenticate WiFi users. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  sae-password True True True True True True True True True
- schedule - Firewall schedules for enabling this VAP on the FortiAP. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  schedule True True True True True True True True True
- security - Security mode for the wireless interface (default = wpa2-only-personal). type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  security True True True True True True True True True
- security-exempt-list - Optional security exempt list for captive portal authentication. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  security-exempt-list True True True True True True True True True
- security-obsolete-option - Enable/disable obsolete security options. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  security-obsolete-option True True True True True True True True True
- security-redirect-url - Optional URL for redirecting users after they pass captive portal authentication. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  security-redirect-url True True True True True True True True True
- selected-usergroups - Selective user groups that are permitted to authenticate. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  selected-usergroups True True True True True True True True True
- split-tunneling - Enable/disable split tunneling (default = disable). type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  split-tunneling True True True True True True True True True
- ssid - IEEE 802. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ssid True True True True True True True True True
- tkip-counter-measure - Enable/disable TKIP counter measure. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  tkip-counter-measure True True True True True True True True True
- usergroup - Firewall user group to be used to authenticate WiFi users. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  usergroup True True True True True True True True True
- utm-profile - UTM profile name. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  utm-profile True True True True True True True True True
- vdom - Vdom. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  vdom True True True True True True True True True
- vlan-auto - Enable/disable automatic management of SSID VLAN interface. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  vlan-auto True True True True True True True True True
- vlan-pooling - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). type: str choices: [wtp-group, round-robin, hash, disable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  vlan-pooling True True True True True True True True True
- vlanid - Optional VLAN ID. type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  vlanid True True True True True True True True True
- voice-enterprise - Enable/disable 802. type: str choices: [disable, enable] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  voice-enterprise True True True True True True True True True
- mu-mimo - Enable/disable Multi-user MIMO (default = enable). type: str choices: [disable, enable] more...
  
  6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mu-mimo True True True True True True True True
- _intf_device-access-list - _Intf_Device-Access-List. type: str more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _intf_device-access-list True True True True True True True
- external-web-format - URL query parameter detection (default = auto-detect). type: str choices: [auto-detect, no-query-string, partial-query-string] more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  external-web-format True True True True True True True
- high-efficiency - Enable/disable 802. type: str choices: [disable, enable] more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  high-efficiency True True True True True True True
- primary-wag-profile - Primary wireless access gateway profile name. type: str more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  primary-wag-profile True True True True True True True
- secondary-wag-profile - Secondary wireless access gateway profile name. type: str more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  secondary-wag-profile True True True True True True True
- target-wake-time - Enable/disable 802. type: str choices: [disable, enable] more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  target-wake-time True True True True True True True
- tunnel-echo-interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). type: int more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  tunnel-echo-interval True True True True True True True
- tunnel-fallback-interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). type: int more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  tunnel-fallback-interval True True True True True True True
- access-control-list - Access-Control-List. type: str more...
  
  6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  access-control-list True True True True True
- captive-portal-auth-timeout - Captive-Portal-Auth-Timeout. type: int more...
  
  6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  captive-portal-auth-timeout True True True True True
- ipv6-rules - Ipv6-Rules. type: array choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
  
  6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  ipv6-rules True True True True True
- sticky-client-remove - Sticky-Client-Remove. type: str choices: [disable, enable] more...
  
  6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  sticky-client-remove True True True True True
- sticky-client-threshold-2g - Sticky-Client-Threshold-2G. type: str more...
  
  6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  sticky-client-threshold-2g True True True True True
- sticky-client-threshold-5g - Sticky-Client-Threshold-5G. type: str more...
  
  6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  sticky-client-threshold-5g True True True True True
- bss-color-partial - Bss-Color-Partial. type: str choices: [disable, enable] more...
  
  6.4.2 6.4.5 7.0.0 7.2.0
  
  bss-color-partial True True True True
- dhcp-option43-insertion - Dhcp-Option43-Insertion. type: str choices: [disable, enable] more...
  
  6.4.2 6.4.5 7.0.0 7.2.0
  
  dhcp-option43-insertion True True True True
- mpsk-profile - Mpsk-Profile. type: str more...
  
  6.4.2 6.4.5 7.0.0 7.2.0
  
  mpsk-profile True True True True
- igmp-snooping - Enable/disable IGMP snooping. type: str choices: [disable, enable] more...
  
  6.4.5 7.0.0 7.2.0
  
  igmp-snooping True True True
- port-macauth - Enable/disable LAN port MAC authentication (default = disable). type: str choices: [disable, radius, address-group] more...
  
  6.4.5 7.0.0 7.2.0
  
  port-macauth True True True
- port-macauth-reauth-timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec). type: int more...
  
  6.4.5 7.0.0 7.2.0
  
  port-macauth-reauth-timeout True True True
- port-macauth-timeout - LAN port MAC authentication idle timeout value (default = 600 sec). type: int more...
  
  6.4.5 7.0.0 7.2.0
  
  port-macauth-timeout True True True
- additional-akms - Additional-Akms. type: array choices: [akm6] more...
  
  7.0.0 7.2.0
  
  additional-akms True True
- bstm-disassociation-imminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). type: str choices: [disable, enable] more...
  
  7.0.0 7.2.0
  
  bstm-disassociation-imminent True True
- bstm-load-balancing-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10). type: int more...
  
  7.0.0 7.2.0
  
  bstm-load-balancing-disassoc-timer True True
- bstm-rssi-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200). type: int more...
  
  7.0.0 7.2.0
  
  bstm-rssi-disassoc-timer True True
- dhcp-address-enforcement - Enable/disable DHCP address enforcement (default = disable). type: str choices: [disable, enable] more...
  
  7.0.0 7.2.0
  
  dhcp-address-enforcement True True
- gas-comeback-delay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
  
  7.0.0 7.2.0
  
  gas-comeback-delay True True
- gas-fragmentation-limit - GAS fragmentation limit (512 - 4096, default = 1024). type: int more...
  
  7.0.0 7.2.0
  
  gas-fragmentation-limit True True
- mac-called-station-delimiter - MAC called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
  
  7.0.0 7.2.0
  
  mac-called-station-delimiter True True
- mac-calling-station-delimiter - MAC calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
  
  7.0.0 7.2.0
  
  mac-calling-station-delimiter True True
- mac-case - MAC case (default = uppercase). type: str choices: [uppercase, lowercase] more...
  
  7.0.0 7.2.0
  
  mac-case True True
- mac-password-delimiter - MAC authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
  
  7.0.0 7.2.0
  
  mac-password-delimiter True True
- mac-username-delimiter - MAC authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
  
  7.0.0 7.2.0
  
  mac-username-delimiter True True
- mbo - Enable/disable Multiband Operation (default = disable). type: str choices: [disable, enable] more...
  
  7.0.0 7.2.0
  
  mbo True True
- mbo-cell-data-conn-pref - MBO cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
  
  7.0.0 7.2.0
  
  mbo-cell-data-conn-pref True True
- nac - Enable/disable network access control. type: str choices: [disable, enable] more...
  
  7.0.0 7.2.0
  
  nac True True
- nac-profile - NAC profile name. type: str more...
  
  7.0.0 7.2.0
  
  nac-profile True True
- neighbor-report-dual-band - Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
  
  7.0.0 7.2.0
  
  neighbor-report-dual-band True True
- address-group-policy - Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
  
  7.2.0
  
  address-group-policy True
- antivirus-profile - AntiVirus profile name. type: str more...
  
  7.2.0
  
  antivirus-profile True
- application-detection-engine - Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
  
  7.2.0
  
  application-detection-engine True
- application-list - Application control list name. type: str more...
  
  7.2.0
  
  application-list True
- application-report-intv - Application report interval (30 - 864000 sec, default = 120). type: int more...
  
  7.2.0
  
  application-report-intv True
- auth-cert - HTTPS server certificate. type: str more...
  
  7.2.0
  
  auth-cert True
- auth-portal-addr - Address of captive portal. type: str more...
  
  7.2.0
  
  auth-portal-addr True
- beacon-advertising - No description for the parameter type: array choices: [name, model, serial-number] more...
  
  7.2.0
  
  beacon-advertising True
- ips-sensor - IPS sensor name. type: str more...
  
  7.2.0
  
  ips-sensor True
- l3-roaming - Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
  
  7.2.0
  
  l3-roaming True
- local-standalone-dns - Enable/disable AP local standalone DNS. type: str choices: [disable, enable] more...
  
  7.2.0
  
  local-standalone-dns True
- local-standalone-dns-ip - No description for the parameter type: str more...
  
  7.2.0
  
  local-standalone-dns-ip True
- osen - Enable/disable OSEN as part of key management (default = disable). type: str choices: [disable, enable] more...
  
  7.2.0
  
  osen True
- radius-mac-mpsk-auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). type: str choices: [disable, enable] more...
  
  7.2.0
  
  radius-mac-mpsk-auth True
- radius-mac-mpsk-timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400). type: int more...
  
  7.2.0
  
  radius-mac-mpsk-timeout True
- rates-11ax-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
  
  7.2.0
  
  rates-11ax-ss12 True
- rates-11ax-ss34 - No description for the parameter type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
  
  7.2.0
  
  rates-11ax-ss34 True
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: [disable, block, monitor] more...
  
  7.2.0
  
  scan-botnet-connections True
- utm-log - Enable/disable UTM logging. type: str choices: [disable, enable] more...
  
  7.2.0
  
  utm-log True
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str choices: [disable, enable] more...
  
  7.2.0
  
  utm-status True
- webfilter-profile - WebFilter profile name. type: str more...
  
  7.2.0
  
  webfilter-profile True
eap-reauth - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

eap-reauth True True True True True True True True True
eap-reauth-intv - EAP re-authentication interval (1800 - 864000 sec, default = 86400). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

eap-reauth-intv True True True True True True True True True
eapol-key-retries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

eapol-key-retries True True True True True True True True True
encrypt - Encryption protocol to use (only available when security is set to a WPA type). type: str choices: [TKIP, AES, TKIP-AES] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

encrypt True True True True True True True True True
external-fast-roaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

external-fast-roaming True True True True True True True True True
external-logout - URL of external authentication logout server. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

external-logout True True True True True True True True True
external-web - URL of external authentication web server. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

external-web True True True True True True True True True
fast-bss-transition - Enable/disable 802. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

fast-bss-transition True True True True True True True True True
fast-roaming - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

fast-roaming True True True True True True True True True
ft-mobility-domain - Mobility domain identifier in FT (1 - 65535, default = 1000). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ft-mobility-domain True True True True True True True True True
ft-over-ds - Enable/disable FT over the Distribution System (DS). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ft-over-ds True True True True True True True True True
ft-r0-key-lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ft-r0-key-lifetime True True True True True True True True True
gtk-rekey - Enable/disable GTK rekey for WPA security. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

gtk-rekey True True True True True True True True True
gtk-rekey-intv - GTK rekey interval (1800 - 864000 sec, default = 86400). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

gtk-rekey-intv True True True True True True True True True
hotspot20-profile - Hotspot 2. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

hotspot20-profile True True True True True True True True True
intra-vap-privacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

intra-vap-privacy True True True True True True True True True
ip - IP address and subnet mask for the local standalone NAT subnet. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ip True True True True True True True True True
key - WEP Key. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

key True True True True True True True True True
keyindex - WEP key index (1 - 4). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

keyindex True True True True True True True True True
ldpc - VAP low-density parity-check (LDPC) coding configuration. type: str choices: [disable, tx, rx, rxtx] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ldpc True True True True True True True True True
local-authentication - Enable/disable AP local authentication. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

local-authentication True True True True True True True True True
local-bridging - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

local-bridging True True True True True True True True True
local-lan - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). type: str choices: [deny, allow] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

local-lan True True True True True True True True True
local-standalone - Enable/disable AP local standalone (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

local-standalone True True True True True True True True True
local-standalone-nat - Enable/disable AP local standalone NAT mode. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

local-standalone-nat True True True True True True True True True
mac-auth-bypass - Enable/disable MAC authentication bypass. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mac-auth-bypass True True True True True True True True True
mac-filter - Enable/disable MAC filtering to block wireless clients by mac address. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mac-filter True True True True True True True True True
mac-filter-list - Mac-Filter-List. type: array more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mac-filter-list True True True True True True True True True
- id - ID. type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  id True True True True True True True True True
- mac - MAC address. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mac True True True True True True True True True
- mac-filter-policy - Deny or allow the client with this MAC address. type: str choices: [deny, allow] more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mac-filter-policy True True True True True True True True True
mac-filter-policy-other - Allow or block clients with MAC addresses that are not in the filter list. type: str choices: [deny, allow] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mac-filter-policy-other True True True True True True True True True
max-clients - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

max-clients True True True True True True True True True
max-clients-ap - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

max-clients-ap True True True True True True True True True
me-disable-thresh - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

me-disable-thresh True True True True True True True True True
mesh-backhaul - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mesh-backhaul True True True True True True True True True
mpsk - Enable/disable multiple pre-shared keys (PSKs. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mpsk True True True True True True True False False
mpsk-concurrent-clients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mpsk-concurrent-clients True True True True True True True False False
mpsk-key - Mpsk-Key. type: array more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mpsk-key True True True True True True True False False
- comment - Comment. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  comment True True True True True True True False False
- concurrent-clients - Number of clients that can connect using this pre-shared key. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  concurrent-clients True True True True True True True False False
- key-name - Pre-shared key name. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  key-name True True True True True True True False False
- passphrase - WPA Pre-shared key. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  passphrase True True True True True True True False False
- mpsk-schedules - Firewall schedule for MPSK passphrase. type: str more...
  
  6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  mpsk-schedules True True True True True False False
multicast-enhance - Enable/disable converting multicast to unicast to improve performance (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

multicast-enhance True True True True True True True True True
multicast-rate - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). type: str choices: [0, 6000, 12000, 24000] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

multicast-rate True True True True True True True True True
name - Virtual AP name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

name True True True True True True True True True
okc - Enable/disable Opportunistic Key Caching (OKC) (default = enable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

okc True True True True True True True True True
passphrase - WPA pre-shared key (PSK) to be used to authenticate WiFi users. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

passphrase True True True True True True True True True
pmf - Protected Management Frames (PMF) support (default = disable). type: str choices: [disable, enable, optional] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

pmf True True True True True True True True True
pmf-assoc-comeback-timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

pmf-assoc-comeback-timeout True True True True True True True True True
pmf-sa-query-retry-timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

pmf-sa-query-retry-timeout True True True True True True True True True
portal-message-override-group - Replacement message group for this VAP (only available when security is set to a captive portal type). type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

portal-message-override-group True True True True True True True True True
portal-type - Captive portal functionality. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

portal-type True True True True True True True True True
probe-resp-suppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

probe-resp-suppression True True True True True True True True True
probe-resp-threshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80). type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

probe-resp-threshold True True True True True True True True True
ptk-rekey - Enable/disable PTK rekey for WPA-Enterprise security. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ptk-rekey True True True True True True True True True
ptk-rekey-intv - PTK rekey interval (1800 - 864000 sec, default = 86400). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ptk-rekey-intv True True True True True True True True True
qos-profile - Quality of service profile name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

qos-profile True True True True True True True True True
quarantine - Enable/disable station quarantine (default = enable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

quarantine True True True True True True True True True
radio-2g-threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

radio-2g-threshold True True True True True True True True True
radio-5g-threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76). type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

radio-5g-threshold True True True True True True True True True
radio-sensitivity - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

radio-sensitivity True True True True True True True True True
radius-mac-auth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

radius-mac-auth True True True True True True True True True
radius-mac-auth-server - RADIUS-based MAC authentication server. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

radius-mac-auth-server True True True True True True True True True
radius-mac-auth-usergroups - Selective user groups that are permitted for RADIUS mac authentication. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

radius-mac-auth-usergroups True True True True True True True True True
radius-server - RADIUS server to be used to authenticate WiFi users. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

radius-server True True True True True True True True True
rates-11a - Allowed data rates for 802. type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

rates-11a True True True True True True True True True
rates-11ac-ss12 - Allowed data rates for 802. type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

rates-11ac-ss12 True True True True True True True True True
rates-11ac-ss34 - Allowed data rates for 802. type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

rates-11ac-ss34 True True True True True True True True True
rates-11bg - Allowed data rates for 802. type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

rates-11bg True True True True True True True True True
rates-11n-ss12 - Allowed data rates for 802. type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

rates-11n-ss12 True True True True True True True True True
rates-11n-ss34 - Allowed data rates for 802. type: array choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

rates-11n-ss34 True True True True True True True True True
schedule - VAP schedule name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

schedule True True True True True True True True True
security - Security mode for the wireless interface (default = wpa2-only-personal). type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

security True True True True True True True True True
security-exempt-list - Optional security exempt list for captive portal authentication. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

security-exempt-list True True True True True True True True True
security-obsolete-option - Enable/disable obsolete security options. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

security-obsolete-option True True True True True True True True True
security-redirect-url - Optional URL for redirecting users after they pass captive portal authentication. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

security-redirect-url True True True True True True True True True
selected-usergroups - Selective user groups that are permitted to authenticate. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

selected-usergroups True True True True True True True True True
split-tunneling - Enable/disable split tunneling (default = disable). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

split-tunneling True True True True True True True True True
ssid - IEEE 802. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ssid True True True True True True True True True
tkip-counter-measure - Enable/disable TKIP counter measure. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tkip-counter-measure True True True True True True True True True
usergroup - Firewall user group to be used to authenticate WiFi users. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

usergroup True True True True True True True True True
utm-profile - UTM profile name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

utm-profile True True True True True True True True True
vdom - Name of the VDOM that the Virtual AP has been added to. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vdom True False False False False False False False False
vlan-auto - Enable/disable automatic management of SSID VLAN interface. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vlan-auto True True True True True True True True True
vlan-pool - Vlan-Pool. type: array more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vlan-pool True True True True True True True True True
- _wtp-group - _Wtp-Group. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  _wtp-group True True True True True True True True True
- id - ID. type: int more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  id True True True True True True True True True
- wtp-group - WTP group name. type: str more...
  
  6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0
  
  wtp-group True False False False False False False False False
vlan-pooling - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). type: str choices: [wtp-group, round-robin, hash, disable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vlan-pooling True True True True True True True True True
vlanid - Optional VLAN ID. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vlanid True True True True True True True True True
voice-enterprise - Enable/disable 802. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

voice-enterprise True True True True True True True True True
address-group - Address group ID. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

address-group True True True True True True True True
atf-weight - Airtime weight in percentage (default = 20). type: int more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

atf-weight True True True True True True True True
mu-mimo - Enable/disable Multi-user MIMO (default = enable). type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mu-mimo True True True True True True True True
owe-groups - OWE-Groups. type: array choices: [19, 20, 21] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

owe-groups True True True True True True True True
owe-transition - Enable/disable OWE transition mode support. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

owe-transition True True True True True True True True
owe-transition-ssid - OWE transition mode peer SSID. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

owe-transition-ssid True True True True True True True True
sae-groups - SAE-Groups. type: array choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

sae-groups True True True True True True True True
sae-password - WPA3 SAE password to be used to authenticate WiFi users. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

sae-password True True True True True True True True
_intf_device-access-list - _Intf_Device-Access-List. type: str more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

_intf_device-access-list True True True True True True True
external-web-format - URL query parameter detection (default = auto-detect). type: str choices: [auto-detect, no-query-string, partial-query-string] more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

external-web-format True True True True True True True
high-efficiency - Enable/disable 802. type: str choices: [disable, enable] more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

high-efficiency True True True True True True True
primary-wag-profile - Primary wireless access gateway profile name. type: str more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

primary-wag-profile True True True True True True True
secondary-wag-profile - Secondary wireless access gateway profile name. type: str more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

secondary-wag-profile True True True True True True True
target-wake-time - Enable/disable 802. type: str choices: [disable, enable] more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

target-wake-time True True True True True True True
tunnel-echo-interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). type: int more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tunnel-echo-interval True True True True True True True
tunnel-fallback-interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). type: int more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tunnel-fallback-interval True True True True True True True
access-control-list - access-control-list profile name. type: str more...

6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

access-control-list True True True True True
captive-portal-auth-timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0). type: int more...

6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

captive-portal-auth-timeout True True True True True
ipv6-rules - Optional rules of IPv6 packets. type: array choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...

6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ipv6-rules True True True True True
sticky-client-remove - Enable/disable sticky client remove to maintain good signal level clients in SSID. type: str choices: [disable, enable] more...

6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

sticky-client-remove True True True True True
sticky-client-threshold-2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79). type: str more...

6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

sticky-client-threshold-2g True True True True True
sticky-client-threshold-5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76). type: str more...

6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

sticky-client-threshold-5g True True True True True
bss-color-partial - Enable/disable 802. type: str choices: [disable, enable] more...

6.4.2 6.4.5 7.0.0 7.2.0

bss-color-partial True True True True
dhcp-option43-insertion - Enable/disable insertion of DHCP option 43 (default = enable). type: str choices: [disable, enable] more...

6.4.2 6.4.5 7.0.0 7.2.0

dhcp-option43-insertion True True True True
mpsk-profile - MPSK profile name. type: str more...

6.4.2 6.4.5 7.0.0 7.2.0

mpsk-profile True True True True
igmp-snooping - Enable/disable IGMP snooping. type: str choices: [disable, enable] more...

6.4.5 7.0.0 7.2.0

igmp-snooping True True True
port-macauth - Enable/disable LAN port MAC authentication (default = disable). type: str choices: [disable, radius, address-group] more...

6.4.5 7.0.0 7.2.0

port-macauth True True True
port-macauth-reauth-timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec). type: int more...

6.4.5 7.0.0 7.2.0

port-macauth-reauth-timeout True True True
port-macauth-timeout - LAN port MAC authentication idle timeout value (default = 600 sec). type: int more...

6.4.5 7.0.0 7.2.0

port-macauth-timeout True True True
portal-message-overrides type: dict

auth-disclaimer-page - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str more...

6.4.5 7.0.0 7.2.0

auth-disclaimer-page True True True
auth-login-failed-page - Override auth-login-failed-page message with message from portal-message-overrides group. type: str more...

6.4.5 7.0.0 7.2.0

auth-login-failed-page True True True
auth-login-page - Override auth-login-page message with message from portal-message-overrides group. type: str more...

6.4.5 7.0.0 7.2.0

auth-login-page True True True
auth-reject-page - Override auth-reject-page message with message from portal-message-overrides group. type: str more...

6.4.5 7.0.0 7.2.0

auth-reject-page True True True

additional-akms - Additional AKMs. type: array choices: [akm6] more...

7.0.0 7.2.0

additional-akms True True
bstm-disassociation-imminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). type: str choices: [disable, enable] more...

7.0.0 7.2.0

bstm-disassociation-imminent True True
bstm-load-balancing-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10). type: int more...

7.0.0 7.2.0

bstm-load-balancing-disassoc-timer True True
bstm-rssi-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200). type: int more...

7.0.0 7.2.0

bstm-rssi-disassoc-timer True True
dhcp-address-enforcement - Enable/disable DHCP address enforcement (default = disable). type: str choices: [disable, enable] more...

7.0.0 7.2.0

dhcp-address-enforcement True True
gas-comeback-delay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...

7.0.0 7.2.0

gas-comeback-delay True True
gas-fragmentation-limit - GAS fragmentation limit (512 - 4096, default = 1024). type: int more...

7.0.0 7.2.0

gas-fragmentation-limit True True
mac-called-station-delimiter - MAC called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...

7.0.0 7.2.0

mac-called-station-delimiter True True
mac-calling-station-delimiter - MAC calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...

7.0.0 7.2.0

mac-calling-station-delimiter True True
mac-case - MAC case (default = uppercase). type: str choices: [uppercase, lowercase] more...

7.0.0 7.2.0

mac-case True True
mac-password-delimiter - MAC authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...

7.0.0 7.2.0

mac-password-delimiter True True
mac-username-delimiter - MAC authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...

7.0.0 7.2.0

mac-username-delimiter True True
mbo - Enable/disable Multiband Operation (default = disable). type: str choices: [disable, enable] more...

7.0.0 7.2.0

mbo True True
mbo-cell-data-conn-pref - MBO cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...

7.0.0 7.2.0

mbo-cell-data-conn-pref True True
nac - Enable/disable network access control. type: str choices: [disable, enable] more...

7.0.0 7.2.0

nac True True
nac-profile - NAC profile name. type: str more...

7.0.0 7.2.0

nac-profile True True
neighbor-report-dual-band - Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...

7.0.0 7.2.0

neighbor-report-dual-band True True
address-group-policy - Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str choices: [disable, allow, deny] more...

7.2.0

address-group-policy True
antivirus-profile - AntiVirus profile name. type: str more...

7.2.0

antivirus-profile True
application-detection-engine - Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...

7.2.0

application-detection-engine True
application-list - Application control list name. type: str more...

7.2.0

application-list True
application-report-intv - Application report interval (30 - 864000 sec, default = 120). type: int more...

7.2.0

application-report-intv True
auth-cert - HTTPS server certificate. type: str more...

7.2.0

auth-cert True
auth-portal-addr - Address of captive portal. type: str more...

7.2.0

auth-portal-addr True
beacon-advertising - No description for the parameter type: array choices: [name, model, serial-number] more...

7.2.0

beacon-advertising True
ips-sensor - IPS sensor name. type: str more...

7.2.0

ips-sensor True
l3-roaming - Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...

7.2.0

l3-roaming True
local-standalone-dns - Enable/disable AP local standalone DNS. type: str choices: [disable, enable] more...

7.2.0

local-standalone-dns True
local-standalone-dns-ip - No description for the parameter type: str more...

7.2.0

local-standalone-dns-ip True
osen - Enable/disable OSEN as part of key management (default = disable). type: str choices: [disable, enable] more...

7.2.0

osen True
radius-mac-mpsk-auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). type: str choices: [disable, enable] more...

7.2.0

radius-mac-mpsk-auth True
radius-mac-mpsk-timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400). type: int more...

7.2.0

radius-mac-mpsk-timeout True
rates-11ax-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...

7.2.0

rates-11ax-ss12 True
rates-11ax-ss34 - No description for the parameter type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...

7.2.0

rates-11ax-ss34 True
scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: [disable, block, monitor] more...

7.2.0

scan-botnet-connections True
utm-log - Enable/disable UTM logging. type: str choices: [disable, enable] more...

7.2.0

utm-log True
utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str choices: [disable, enable] more...

7.2.0

utm-status True
vlan-name - No description for the parameter type: array more...

7.2.0

vlan-name True
- name - VLAN name. type: str more...
  
  7.2.0
  
  name True
- vlan-id - VLAN ID. type: int more...
  
  7.2.0
  
  vlan-id True
webfilter-profile - WebFilter profile name. type: str more...

7.2.0

webfilter-profile True

Notes ¶

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples ¶

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: no description
     fmgr_vap:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        vap:
           _centmgmt: <value in [disable, enable]>
           _dhcp_svr_id: <value of string>
           _intf_allowaccess:
             - https
             - ping
             - ssh
             - snmp
             - http
             - telnet
             - fgfm
             - auto-ipsec
             - radius-acct
             - probe-response
             - capwap
             - dnp
             - ftm
             - fabric
             - speed-test
           _intf_device-identification: <value in [disable, enable]>
           _intf_device-netscan: <value in [disable, enable]>
           _intf_dhcp-relay-ip: <value of string>
           _intf_dhcp-relay-service: <value in [disable, enable]>
           _intf_dhcp-relay-type: <value in [regular, ipsec]>
           _intf_dhcp6-relay-ip: <value of string>
           _intf_dhcp6-relay-service: <value in [disable, enable]>
           _intf_dhcp6-relay-type: <value in [regular]>
           _intf_ip: <value of string>
           _intf_ip6-address: <value of string>
           _intf_ip6-allowaccess:
             - https
             - ping
             - ssh
             - snmp
             - http
             - telnet
             - any
             - fgfm
             - capwap
           _intf_listen-forticlient-connection: <value in [disable, enable]>
           acct-interim-interval: <value of integer>
           alias: <value of string>
           auth: <value in [PSK, psk, RADIUS, ...]>
           broadcast-ssid: <value in [disable, enable]>
           broadcast-suppression:
             - dhcp
             - arp
             - dhcp2
             - arp2
             - netbios-ns
             - netbios-ds
             - arp3
             - dhcp-up
             - dhcp-down
             - arp-known
             - arp-unknown
             - arp-reply
             - ipv6
             - dhcp-starvation
             - arp-poison
             - all-other-mc
             - all-other-bc
             - arp-proxy
             - dhcp-ucast
           captive-portal-ac-name: <value of string>
           captive-portal-macauth-radius-secret: <value of string>
           captive-portal-macauth-radius-server: <value of string>
           captive-portal-radius-secret: <value of string>
           captive-portal-radius-server: <value of string>
           captive-portal-session-timeout-interval: <value of integer>
           dhcp-lease-time: <value of integer>
           dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
           dhcp-option82-insertion: <value in [disable, enable]>
           dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
           dynamic-vlan: <value in [disable, enable]>
           dynamic_mapping:
             -
                 _centmgmt: <value in [disable, enable]>
                 _dhcp_svr_id: <value of string>
                 _intf_allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - fgfm
                   - auto-ipsec
                   - radius-acct
                   - probe-response
                   - capwap
                   - dnp
                   - ftm
                   - fabric
                   - speed-test
                 _intf_device-identification: <value in [disable, enable]>
                 _intf_device-netscan: <value in [disable, enable]>
                 _intf_dhcp-relay-ip: <value of string>
                 _intf_dhcp-relay-service: <value in [disable, enable]>
                 _intf_dhcp-relay-type: <value in [regular, ipsec]>
                 _intf_dhcp6-relay-ip: <value of string>
                 _intf_dhcp6-relay-service: <value in [disable, enable]>
                 _intf_dhcp6-relay-type: <value in [regular]>
                 _intf_ip: <value of string>
                 _intf_ip6-address: <value of string>
                 _intf_ip6-allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - any
                   - fgfm
                   - capwap
                 _intf_listen-forticlient-connection: <value in [disable, enable]>
                 _scope:
                   -
                       name: <value of string>
                       vdom: <value of string>
                 acct-interim-interval: <value of integer>
                 address-group: <value of string>
                 alias: <value of string>
                 atf-weight: <value of integer>
                 auth: <value in [PSK, psk, RADIUS, ...]>
                 broadcast-ssid: <value in [disable, enable]>
                 broadcast-suppression:
                   - dhcp
                   - arp
                   - dhcp2
                   - arp2
                   - netbios-ns
                   - netbios-ds
                   - arp3
                   - dhcp-up
                   - dhcp-down
                   - arp-known
                   - arp-unknown
                   - arp-reply
                   - ipv6
                   - dhcp-starvation
                   - arp-poison
                   - all-other-mc
                   - all-other-bc
                   - arp-proxy
                   - dhcp-ucast
                 captive-portal-ac-name: <value of string>
                 captive-portal-macauth-radius-secret: <value of string>
                 captive-portal-macauth-radius-server: <value of string>
                 captive-portal-radius-secret: <value of string>
                 captive-portal-radius-server: <value of string>
                 captive-portal-session-timeout-interval: <value of integer>
                 client-count: <value of integer>
                 dhcp-lease-time: <value of integer>
                 dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
                 dhcp-option82-insertion: <value in [disable, enable]>
                 dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
                 dynamic-vlan: <value in [disable, enable]>
                 eap-reauth: <value in [disable, enable]>
                 eap-reauth-intv: <value of integer>
                 eapol-key-retries: <value in [disable, enable]>
                 encrypt: <value in [TKIP, AES, TKIP-AES]>
                 external-fast-roaming: <value in [disable, enable]>
                 external-logout: <value of string>
                 external-web: <value of string>
                 fast-bss-transition: <value in [disable, enable]>
                 fast-roaming: <value in [disable, enable]>
                 ft-mobility-domain: <value of integer>
                 ft-over-ds: <value in [disable, enable]>
                 ft-r0-key-lifetime: <value of integer>
                 gtk-rekey: <value in [disable, enable]>
                 gtk-rekey-intv: <value of integer>
                 hotspot20-profile: <value of string>
                 intra-vap-privacy: <value in [disable, enable]>
                 ip: <value of string>
                 key: <value of string>
                 keyindex: <value of integer>
                 ldpc: <value in [disable, tx, rx, ...]>
                 local-authentication: <value in [disable, enable]>
                 local-bridging: <value in [disable, enable]>
                 local-lan: <value in [deny, allow]>
                 local-standalone: <value in [disable, enable]>
                 local-standalone-nat: <value in [disable, enable]>
                 local-switching: <value in [disable, enable]>
                 mac-auth-bypass: <value in [disable, enable]>
                 mac-filter: <value in [disable, enable]>
                 mac-filter-policy-other: <value in [deny, allow]>
                 max-clients: <value of integer>
                 max-clients-ap: <value of integer>
                 me-disable-thresh: <value of integer>
                 mesh-backhaul: <value in [disable, enable]>
                 mpsk: <value in [disable, enable]>
                 mpsk-concurrent-clients: <value of integer>
                 multicast-enhance: <value in [disable, enable]>
                 multicast-rate: <value in [0, 6000, 12000, ...]>
                 okc: <value in [disable, enable]>
                 owe-groups:
                   - 19
                   - 20
                   - 21
                 owe-transition: <value in [disable, enable]>
                 owe-transition-ssid: <value of string>
                 passphrase: <value of string>
                 pmf: <value in [disable, enable, optional]>
                 pmf-assoc-comeback-timeout: <value of integer>
                 pmf-sa-query-retry-timeout: <value of integer>
                 portal-message-override-group: <value of string>
                 portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
                 probe-resp-suppression: <value in [disable, enable]>
                 probe-resp-threshold: <value of string>
                 ptk-rekey: <value in [disable, enable]>
                 ptk-rekey-intv: <value of integer>
                 qos-profile: <value of string>
                 quarantine: <value in [disable, enable]>
                 radio-2g-threshold: <value of string>
                 radio-5g-threshold: <value of string>
                 radio-sensitivity: <value in [disable, enable]>
                 radius-mac-auth: <value in [disable, enable]>
                 radius-mac-auth-server: <value of string>
                 radius-mac-auth-usergroups: <value of string>
                 radius-server: <value of string>
                 rates-11a:
                   - 1
                   - 1-basic
                   - 2
                   - 2-basic
                   - 5.5
                   - 5.5-basic
                   - 6
                   - 6-basic
                   - 9
                   - 9-basic
                   - 12
                   - 12-basic
                   - 18
                   - 18-basic
                   - 24
                   - 24-basic
                   - 36
                   - 36-basic
                   - 48
                   - 48-basic
                   - 54
                   - 54-basic
                   - 11
                   - 11-basic
                 rates-11ac-ss12:
                   - mcs0/1
                   - mcs1/1
                   - mcs2/1
                   - mcs3/1
                   - mcs4/1
                   - mcs5/1
                   - mcs6/1
                   - mcs7/1
                   - mcs8/1
                   - mcs9/1
                   - mcs0/2
                   - mcs1/2
                   - mcs2/2
                   - mcs3/2
                   - mcs4/2
                   - mcs5/2
                   - mcs6/2
                   - mcs7/2
                   - mcs8/2
                   - mcs9/2
                   - mcs10/1
                   - mcs11/1
                   - mcs10/2
                   - mcs11/2
                 rates-11ac-ss34:
                   - mcs0/3
                   - mcs1/3
                   - mcs2/3
                   - mcs3/3
                   - mcs4/3
                   - mcs5/3
                   - mcs6/3
                   - mcs7/3
                   - mcs8/3
                   - mcs9/3
                   - mcs0/4
                   - mcs1/4
                   - mcs2/4
                   - mcs3/4
                   - mcs4/4
                   - mcs5/4
                   - mcs6/4
                   - mcs7/4
                   - mcs8/4
                   - mcs9/4
                   - mcs10/3
                   - mcs11/3
                   - mcs10/4
                   - mcs11/4
                 rates-11bg:
                   - 1
                   - 1-basic
                   - 2
                   - 2-basic
                   - 5.5
                   - 5.5-basic
                   - 6
                   - 6-basic
                   - 9
                   - 9-basic
                   - 12
                   - 12-basic
                   - 18
                   - 18-basic
                   - 24
                   - 24-basic
                   - 36
                   - 36-basic
                   - 48
                   - 48-basic
                   - 54
                   - 54-basic
                   - 11
                   - 11-basic
                 rates-11n-ss12:
                   - mcs0/1
                   - mcs1/1
                   - mcs2/1
                   - mcs3/1
                   - mcs4/1
                   - mcs5/1
                   - mcs6/1
                   - mcs7/1
                   - mcs8/2
                   - mcs9/2
                   - mcs10/2
                   - mcs11/2
                   - mcs12/2
                   - mcs13/2
                   - mcs14/2
                   - mcs15/2
                 rates-11n-ss34:
                   - mcs16/3
                   - mcs17/3
                   - mcs18/3
                   - mcs19/3
                   - mcs20/3
                   - mcs21/3
                   - mcs22/3
                   - mcs23/3
                   - mcs24/4
                   - mcs25/4
                   - mcs26/4
                   - mcs27/4
                   - mcs28/4
                   - mcs29/4
                   - mcs30/4
                   - mcs31/4
                 sae-groups:
                   - 1
                   - 2
                   - 5
                   - 14
                   - 15
                   - 16
                   - 17
                   - 18
                   - 19
                   - 20
                   - 21
                   - 27
                   - 28
                   - 29
                   - 30
                   - 31
                 sae-password: <value of string>
                 schedule: <value of string>
                 security: <value in [None, WEP64, wep64, ...]>
                 security-exempt-list: <value of string>
                 security-obsolete-option: <value in [disable, enable]>
                 security-redirect-url: <value of string>
                 selected-usergroups: <value of string>
                 split-tunneling: <value in [disable, enable]>
                 ssid: <value of string>
                 tkip-counter-measure: <value in [disable, enable]>
                 usergroup: <value of string>
                 utm-profile: <value of string>
                 vdom: <value of string>
                 vlan-auto: <value in [disable, enable]>
                 vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
                 vlanid: <value of integer>
                 voice-enterprise: <value in [disable, enable]>
                 mu-mimo: <value in [disable, enable]>
                 _intf_device-access-list: <value of string>
                 external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
                 high-efficiency: <value in [disable, enable]>
                 primary-wag-profile: <value of string>
                 secondary-wag-profile: <value of string>
                 target-wake-time: <value in [disable, enable]>
                 tunnel-echo-interval: <value of integer>
                 tunnel-fallback-interval: <value of integer>
                 access-control-list: <value of string>
                 captive-portal-auth-timeout: <value of integer>
                 ipv6-rules:
                   - drop-icmp6ra
                   - drop-icmp6rs
                   - drop-llmnr6
                   - drop-icmp6mld2
                   - drop-dhcp6s
                   - drop-dhcp6c
                   - ndp-proxy
                   - drop-ns-dad
                   - drop-ns-nondad
                 sticky-client-remove: <value in [disable, enable]>
                 sticky-client-threshold-2g: <value of string>
                 sticky-client-threshold-5g: <value of string>
                 bss-color-partial: <value in [disable, enable]>
                 dhcp-option43-insertion: <value in [disable, enable]>
                 mpsk-profile: <value of string>
                 igmp-snooping: <value in [disable, enable]>
                 port-macauth: <value in [disable, radius, address-group]>
                 port-macauth-reauth-timeout: <value of integer>
                 port-macauth-timeout: <value of integer>
                 additional-akms:
                   - akm6
                 bstm-disassociation-imminent: <value in [disable, enable]>
                 bstm-load-balancing-disassoc-timer: <value of integer>
                 bstm-rssi-disassoc-timer: <value of integer>
                 dhcp-address-enforcement: <value in [disable, enable]>
                 gas-comeback-delay: <value of integer>
                 gas-fragmentation-limit: <value of integer>
                 mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mac-case: <value in [uppercase, lowercase]>
                 mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
                 mbo: <value in [disable, enable]>
                 mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
                 nac: <value in [disable, enable]>
                 nac-profile: <value of string>
                 neighbor-report-dual-band: <value in [disable, enable]>
                 address-group-policy: <value in [disable, allow, deny]>
                 antivirus-profile: <value of string>
                 application-detection-engine: <value in [disable, enable]>
                 application-list: <value of string>
                 application-report-intv: <value of integer>
                 auth-cert: <value of string>
                 auth-portal-addr: <value of string>
                 beacon-advertising:
                   - name
                   - model
                   - serial-number
                 ips-sensor: <value of string>
                 l3-roaming: <value in [disable, enable]>
                 local-standalone-dns: <value in [disable, enable]>
                 local-standalone-dns-ip: <value of string>
                 osen: <value in [disable, enable]>
                 radius-mac-mpsk-auth: <value in [disable, enable]>
                 radius-mac-mpsk-timeout: <value of integer>
                 rates-11ax-ss12:
                   - mcs0/1
                   - mcs1/1
                   - mcs2/1
                   - mcs3/1
                   - mcs4/1
                   - mcs5/1
                   - mcs6/1
                   - mcs7/1
                   - mcs8/1
                   - mcs9/1
                   - mcs10/1
                   - mcs11/1
                   - mcs0/2
                   - mcs1/2
                   - mcs2/2
                   - mcs3/2
                   - mcs4/2
                   - mcs5/2
                   - mcs6/2
                   - mcs7/2
                   - mcs8/2
                   - mcs9/2
                   - mcs10/2
                   - mcs11/2
                 rates-11ax-ss34:
                   - mcs0/3
                   - mcs1/3
                   - mcs2/3
                   - mcs3/3
                   - mcs4/3
                   - mcs5/3
                   - mcs6/3
                   - mcs7/3
                   - mcs8/3
                   - mcs9/3
                   - mcs10/3
                   - mcs11/3
                   - mcs0/4
                   - mcs1/4
                   - mcs2/4
                   - mcs3/4
                   - mcs4/4
                   - mcs5/4
                   - mcs6/4
                   - mcs7/4
                   - mcs8/4
                   - mcs9/4
                   - mcs10/4
                   - mcs11/4
                 scan-botnet-connections: <value in [disable, block, monitor]>
                 utm-log: <value in [disable, enable]>
                 utm-status: <value in [disable, enable]>
                 webfilter-profile: <value of string>
           eap-reauth: <value in [disable, enable]>
           eap-reauth-intv: <value of integer>
           eapol-key-retries: <value in [disable, enable]>
           encrypt: <value in [TKIP, AES, TKIP-AES]>
           external-fast-roaming: <value in [disable, enable]>
           external-logout: <value of string>
           external-web: <value of string>
           fast-bss-transition: <value in [disable, enable]>
           fast-roaming: <value in [disable, enable]>
           ft-mobility-domain: <value of integer>
           ft-over-ds: <value in [disable, enable]>
           ft-r0-key-lifetime: <value of integer>
           gtk-rekey: <value in [disable, enable]>
           gtk-rekey-intv: <value of integer>
           hotspot20-profile: <value of string>
           intra-vap-privacy: <value in [disable, enable]>
           ip: <value of string>
           key: <value of string>
           keyindex: <value of integer>
           ldpc: <value in [disable, tx, rx, ...]>
           local-authentication: <value in [disable, enable]>
           local-bridging: <value in [disable, enable]>
           local-lan: <value in [deny, allow]>
           local-standalone: <value in [disable, enable]>
           local-standalone-nat: <value in [disable, enable]>
           mac-auth-bypass: <value in [disable, enable]>
           mac-filter: <value in [disable, enable]>
           mac-filter-list:
             -
                 id: <value of integer>
                 mac: <value of string>
                 mac-filter-policy: <value in [deny, allow]>
           mac-filter-policy-other: <value in [deny, allow]>
           max-clients: <value of integer>
           max-clients-ap: <value of integer>
           me-disable-thresh: <value of integer>
           mesh-backhaul: <value in [disable, enable]>
           mpsk: <value in [disable, enable]>
           mpsk-concurrent-clients: <value of integer>
           mpsk-key:
             -
                 comment: <value of string>
                 concurrent-clients: <value of string>
                 key-name: <value of string>
                 passphrase: <value of string>
                 mpsk-schedules: <value of string>
           multicast-enhance: <value in [disable, enable]>
           multicast-rate: <value in [0, 6000, 12000, ...]>
           name: <value of string>
           okc: <value in [disable, enable]>
           passphrase: <value of string>
           pmf: <value in [disable, enable, optional]>
           pmf-assoc-comeback-timeout: <value of integer>
           pmf-sa-query-retry-timeout: <value of integer>
           portal-message-override-group: <value of string>
           portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
           probe-resp-suppression: <value in [disable, enable]>
           probe-resp-threshold: <value of string>
           ptk-rekey: <value in [disable, enable]>
           ptk-rekey-intv: <value of integer>
           qos-profile: <value of string>
           quarantine: <value in [disable, enable]>
           radio-2g-threshold: <value of string>
           radio-5g-threshold: <value of string>
           radio-sensitivity: <value in [disable, enable]>
           radius-mac-auth: <value in [disable, enable]>
           radius-mac-auth-server: <value of string>
           radius-mac-auth-usergroups: <value of string>
           radius-server: <value of string>
           rates-11a:
             - 1
             - 1-basic
             - 2
             - 2-basic
             - 5.5
             - 5.5-basic
             - 6
             - 6-basic
             - 9
             - 9-basic
             - 12
             - 12-basic
             - 18
             - 18-basic
             - 24
             - 24-basic
             - 36
             - 36-basic
             - 48
             - 48-basic
             - 54
             - 54-basic
             - 11
             - 11-basic
           rates-11ac-ss12:
             - mcs0/1
             - mcs1/1
             - mcs2/1
             - mcs3/1
             - mcs4/1
             - mcs5/1
             - mcs6/1
             - mcs7/1
             - mcs8/1
             - mcs9/1
             - mcs0/2
             - mcs1/2
             - mcs2/2
             - mcs3/2
             - mcs4/2
             - mcs5/2
             - mcs6/2
             - mcs7/2
             - mcs8/2
             - mcs9/2
             - mcs10/1
             - mcs11/1
             - mcs10/2
             - mcs11/2
           rates-11ac-ss34:
             - mcs0/3
             - mcs1/3
             - mcs2/3
             - mcs3/3
             - mcs4/3
             - mcs5/3
             - mcs6/3
             - mcs7/3
             - mcs8/3
             - mcs9/3
             - mcs0/4
             - mcs1/4
             - mcs2/4
             - mcs3/4
             - mcs4/4
             - mcs5/4
             - mcs6/4
             - mcs7/4
             - mcs8/4
             - mcs9/4
             - mcs10/3
             - mcs11/3
             - mcs10/4
             - mcs11/4
           rates-11bg:
             - 1
             - 1-basic
             - 2
             - 2-basic
             - 5.5
             - 5.5-basic
             - 6
             - 6-basic
             - 9
             - 9-basic
             - 12
             - 12-basic
             - 18
             - 18-basic
             - 24
             - 24-basic
             - 36
             - 36-basic
             - 48
             - 48-basic
             - 54
             - 54-basic
             - 11
             - 11-basic
           rates-11n-ss12:
             - mcs0/1
             - mcs1/1
             - mcs2/1
             - mcs3/1
             - mcs4/1
             - mcs5/1
             - mcs6/1
             - mcs7/1
             - mcs8/2
             - mcs9/2
             - mcs10/2
             - mcs11/2
             - mcs12/2
             - mcs13/2
             - mcs14/2
             - mcs15/2
           rates-11n-ss34:
             - mcs16/3
             - mcs17/3
             - mcs18/3
             - mcs19/3
             - mcs20/3
             - mcs21/3
             - mcs22/3
             - mcs23/3
             - mcs24/4
             - mcs25/4
             - mcs26/4
             - mcs27/4
             - mcs28/4
             - mcs29/4
             - mcs30/4
             - mcs31/4
           schedule: <value of string>
           security: <value in [None, WEP64, wep64, ...]>
           security-exempt-list: <value of string>
           security-obsolete-option: <value in [disable, enable]>
           security-redirect-url: <value of string>
           selected-usergroups: <value of string>
           split-tunneling: <value in [disable, enable]>
           ssid: <value of string>
           tkip-counter-measure: <value in [disable, enable]>
           usergroup: <value of string>
           utm-profile: <value of string>
           vdom: <value of string>
           vlan-auto: <value in [disable, enable]>
           vlan-pool:
             -
                 _wtp-group: <value of string>
                 id: <value of integer>
                 wtp-group: <value of string>
           vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
           vlanid: <value of integer>
           voice-enterprise: <value in [disable, enable]>
           address-group: <value of string>
           atf-weight: <value of integer>
           mu-mimo: <value in [disable, enable]>
           owe-groups:
             - 19
             - 20
             - 21
           owe-transition: <value in [disable, enable]>
           owe-transition-ssid: <value of string>
           sae-groups:
             - 1
             - 2
             - 5
             - 14
             - 15
             - 16
             - 17
             - 18
             - 19
             - 20
             - 21
             - 27
             - 28
             - 29
             - 30
             - 31
           sae-password: <value of string>
           _intf_device-access-list: <value of string>
           external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
           high-efficiency: <value in [disable, enable]>
           primary-wag-profile: <value of string>
           secondary-wag-profile: <value of string>
           target-wake-time: <value in [disable, enable]>
           tunnel-echo-interval: <value of integer>
           tunnel-fallback-interval: <value of integer>
           access-control-list: <value of string>
           captive-portal-auth-timeout: <value of integer>
           ipv6-rules:
             - drop-icmp6ra
             - drop-icmp6rs
             - drop-llmnr6
             - drop-icmp6mld2
             - drop-dhcp6s
             - drop-dhcp6c
             - ndp-proxy
             - drop-ns-dad
             - drop-ns-nondad
           sticky-client-remove: <value in [disable, enable]>
           sticky-client-threshold-2g: <value of string>
           sticky-client-threshold-5g: <value of string>
           bss-color-partial: <value in [disable, enable]>
           dhcp-option43-insertion: <value in [disable, enable]>
           mpsk-profile: <value of string>
           igmp-snooping: <value in [disable, enable]>
           port-macauth: <value in [disable, radius, address-group]>
           port-macauth-reauth-timeout: <value of integer>
           port-macauth-timeout: <value of integer>
           portal-message-overrides:
              auth-disclaimer-page: <value of string>
              auth-login-failed-page: <value of string>
              auth-login-page: <value of string>
              auth-reject-page: <value of string>
           additional-akms:
             - akm6
           bstm-disassociation-imminent: <value in [disable, enable]>
           bstm-load-balancing-disassoc-timer: <value of integer>
           bstm-rssi-disassoc-timer: <value of integer>
           dhcp-address-enforcement: <value in [disable, enable]>
           gas-comeback-delay: <value of integer>
           gas-fragmentation-limit: <value of integer>
           mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mac-case: <value in [uppercase, lowercase]>
           mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
           mbo: <value in [disable, enable]>
           mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
           nac: <value in [disable, enable]>
           nac-profile: <value of string>
           neighbor-report-dual-band: <value in [disable, enable]>
           address-group-policy: <value in [disable, allow, deny]>
           antivirus-profile: <value of string>
           application-detection-engine: <value in [disable, enable]>
           application-list: <value of string>
           application-report-intv: <value of integer>
           auth-cert: <value of string>
           auth-portal-addr: <value of string>
           beacon-advertising:
             - name
             - model
             - serial-number
           ips-sensor: <value of string>
           l3-roaming: <value in [disable, enable]>
           local-standalone-dns: <value in [disable, enable]>
           local-standalone-dns-ip: <value of string>
           osen: <value in [disable, enable]>
           radius-mac-mpsk-auth: <value in [disable, enable]>
           radius-mac-mpsk-timeout: <value of integer>
           rates-11ax-ss12:
             - mcs0/1
             - mcs1/1
             - mcs2/1
             - mcs3/1
             - mcs4/1
             - mcs5/1
             - mcs6/1
             - mcs7/1
             - mcs8/1
             - mcs9/1
             - mcs10/1
             - mcs11/1
             - mcs0/2
             - mcs1/2
             - mcs2/2
             - mcs3/2
             - mcs4/2
             - mcs5/2
             - mcs6/2
             - mcs7/2
             - mcs8/2
             - mcs9/2
             - mcs10/2
             - mcs11/2
           rates-11ax-ss34:
             - mcs0/3
             - mcs1/3
             - mcs2/3
             - mcs3/3
             - mcs4/3
             - mcs5/3
             - mcs6/3
             - mcs7/3
             - mcs8/3
             - mcs9/3
             - mcs10/3
             - mcs11/3
             - mcs0/4
             - mcs1/4
             - mcs2/4
             - mcs3/4
             - mcs4/4
             - mcs5/4
             - mcs6/4
             - mcs7/4
             - mcs8/4
             - mcs9/4
             - mcs10/4
             - mcs11/4
           scan-botnet-connections: <value in [disable, block, monitor]>
           utm-log: <value in [disable, enable]>
           utm-status: <value in [disable, enable]>
           vlan-name:
             -
                 name: <value of string>
                 vlan-id: <value of integer>
           webfilter-profile: <value of string>

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

request_url - The full url requested returned: always type: str sample: /sys/login/user
response_code - The status of api request returned: always type: int sample: 0
response_message - The descriptive message of the api response returned: always type: str sample: OK
response_data - The data body of the api response returned: optional type: list or dict

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.