fmgr_vap_dynamicmapping – Configure Virtual Access Points (VAPs).¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device.
- Examples include all parameters and values need to be adjusted to data sources before usage.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
FortiManager Version Compatibility¶
6.0.0 |
6.2.1 |
6.2.3 |
6.2.5 |
6.4.0 |
6.4.2 |
6.4.5 |
7.0.0 |
7.2.0 |
|
| vap_dynamicmapping | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- enable_log - Enable/Disable logging for task type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0 type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters type: bool required: false default: False
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- adom - The parameter in requested url type: str required: true
- vap - The parameter in requested url type: str required: true
- vap_dynamicmapping - no description type: dict
- _centmgmt - _Centmgmt. type: str choices: [disable, enable] default: disable more...
- _dhcp_svr_id - _Dhcp_Svr_Id. type: str more...
- _intf_allowaccess - No description for the parameter type: array choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- _intf_device-identification - _Intf_Device-Identification. type: str choices: [disable, enable] default: disable more...
- _intf_device-netscan - _Intf_Device-Netscan. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp-relay-ip - No description for the parameter type: str more...
- _intf_dhcp-relay-service - _Intf_Dhcp-Relay-Service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp-relay-type - _Intf_Dhcp-Relay-Type. type: str choices: [regular, ipsec] default: regular more...
- _intf_dhcp6-relay-ip - _Intf_Dhcp6-Relay-Ip. type: str more...
- _intf_dhcp6-relay-service - _Intf_Dhcp6-Relay-Service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp6-relay-type - _Intf_Dhcp6-Relay-Type. type: str choices: [regular] default: regular more...
- _intf_ip - _Intf_Ip. type: str more...
- _intf_ip6-address - _Intf_Ip6-Address. type: str more...
- _intf_ip6-allowaccess - No description for the parameter type: array choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
- _intf_listen-forticlient-connection - _Intf_Listen-Forticlient-Connection. type: str choices: [disable, enable] default: disable more...
- _scope - No description for the parameter type: array more...
- acct-interim-interval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). type: int more...
- address-group - Address group ID. type: str more...
- alias - Alias. type: str more...
- atf-weight - Airtime weight in percentage (default = 20). type: int more...
- auth - Authentication protocol. type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
- broadcast-ssid - Enable/disable broadcasting the SSID (default = enable). type: str choices: [disable, enable] more...
- broadcast-suppression - No description for the parameter type: array choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
- captive-portal-ac-name - Local-bridging captive portal ac-name. type: str more...
- captive-portal-macauth-radius-secret - No description for the parameter type: str more...
- captive-portal-macauth-radius-server - Captive portal external RADIUS server domain name or IP address. type: str more...
- captive-portal-radius-secret - No description for the parameter type: str more...
- captive-portal-radius-server - Captive portal RADIUS server domain name or IP address. type: str more...
- captive-portal-session-timeout-interval - Session timeout interval (0 - 864000 sec, default = 0). type: int more...
- client-count - Client-Count. type: int more...
- dhcp-lease-time - DHCP lease time in seconds for NAT IP address. type: int more...
- dhcp-option82-circuit-id-insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). type: str choices: [disable, style-1, style-2, style-3] more...
- dhcp-option82-insertion - Enable/disable DHCP option 82 insert (default = disable). type: str choices: [disable, enable] more...
- dhcp-option82-remote-id-insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). type: str choices: [disable, style-1] more...
- dynamic-vlan - Enable/disable dynamic VLAN assignment. type: str choices: [disable, enable] more...
- eap-reauth - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str choices: [disable, enable] more...
- eap-reauth-intv - EAP re-authentication interval (1800 - 864000 sec, default = 86400). type: int more...
- eapol-key-retries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). type: str choices: [disable, enable] more...
- encrypt - Encryption protocol to use (only available when security is set to a WPA type). type: str choices: [TKIP, AES, TKIP-AES] more...
- external-fast-roaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). type: str choices: [disable, enable] more...
- external-logout - URL of external authentication logout server. type: str more...
- external-web - URL of external authentication web server. type: str more...
- fast-bss-transition - Enable/disable 802. type: str choices: [disable, enable] more...
- fast-roaming - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). type: str choices: [disable, enable] more...
- ft-mobility-domain - Mobility domain identifier in FT (1 - 65535, default = 1000). type: int more...
- ft-over-ds - Enable/disable FT over the Distribution System (DS). type: str choices: [disable, enable] more...
- ft-r0-key-lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int more...
- gtk-rekey - Enable/disable GTK rekey for WPA security. type: str choices: [disable, enable] more...
- gtk-rekey-intv - GTK rekey interval (1800 - 864000 sec, default = 86400). type: int more...
- hotspot20-profile - Hotspot 2. type: str more...
- intra-vap-privacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). type: str choices: [disable, enable] more...
- ip - IP address and subnet mask for the local standalone NAT subnet. type: str more...
- key - No description for the parameter type: str more...
- keyindex - WEP key index (1 - 4). type: int more...
- ldpc - VAP low-density parity-check (LDPC) coding configuration. type: str choices: [disable, tx, rx, rxtx] more...
- local-authentication - Enable/disable AP local authentication. type: str choices: [disable, enable] more...
- local-bridging - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). type: str choices: [disable, enable] more...
- local-lan - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). type: str choices: [deny, allow] more...
- local-standalone - Enable/disable AP local standalone (default = disable). type: str choices: [disable, enable] more...
- local-standalone-nat - Enable/disable AP local standalone NAT mode. type: str choices: [disable, enable] more...
- local-switching - Local-Switching. type: str choices: [disable, enable] more...
- mac-auth-bypass - Enable/disable MAC authentication bypass. type: str choices: [disable, enable] more...
- mac-filter - Enable/disable MAC filtering to block wireless clients by mac address. type: str choices: [disable, enable] more...
- mac-filter-policy-other - Allow or block clients with MAC addresses that are not in the filter list. type: str choices: [deny, allow] more...
- max-clients - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). type: int more...
- max-clients-ap - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation). type: int more...
- me-disable-thresh - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
- mesh-backhaul - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). type: str choices: [disable, enable] more...
- mpsk - Enable/disable multiple PSK authentication. type: str choices: [disable, enable] more...
- mpsk-concurrent-clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation). type: int more...
- multicast-enhance - Enable/disable converting multicast to unicast to improve performance (default = disable). type: str choices: [disable, enable] more...
- multicast-rate - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). type: str choices: [0, 6000, 12000, 24000] more...
- okc - Enable/disable Opportunistic Key Caching (OKC) (default = enable). type: str choices: [disable, enable] more...
- owe-groups - No description for the parameter type: array choices: [19, 20, 21] more...
- owe-transition - Enable/disable OWE transition mode support. type: str choices: [disable, enable] more...
- owe-transition-ssid - OWE transition mode peer SSID. type: str more...
- passphrase - No description for the parameter type: str more...
- pmf - Protected Management Frames (PMF) support (default = disable). type: str choices: [disable, enable, optional] more...
- pmf-assoc-comeback-timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int more...
- pmf-sa-query-retry-timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int more...
- portal-message-override-group - Replacement message group for this VAP (only available when security is set to a captive portal type). type: str more...
- portal-type - Captive portal functionality. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
- probe-resp-suppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
- probe-resp-threshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80). type: str more...
- ptk-rekey - Enable/disable PTK rekey for WPA-Enterprise security. type: str choices: [disable, enable] more...
- ptk-rekey-intv - PTK rekey interval (1800 - 864000 sec, default = 86400). type: int more...
- qos-profile - Quality of service profile name. type: str more...
- quarantine - Enable/disable station quarantine (default = enable). type: str choices: [disable, enable] more...
- radio-2g-threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. type: str more...
- radio-5g-threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76). type: str more...
- radio-sensitivity - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
- radius-mac-auth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). type: str choices: [disable, enable] more...
- radius-mac-auth-server - RADIUS-based MAC authentication server. type: str more...
- radius-mac-auth-usergroups - No description for the parameter type: str more...
- radius-server - RADIUS server to be used to authenticate WiFi users. type: str more...
- rates-11a - No description for the parameter type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates-11ac-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
- rates-11ac-ss34 - No description for the parameter type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
- rates-11bg - No description for the parameter type: array choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates-11n-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
- rates-11n-ss34 - No description for the parameter type: array choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
- sae-groups - No description for the parameter type: array choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
- sae-password - No description for the parameter type: str more...
- schedule - Firewall schedules for enabling this VAP on the FortiAP. type: str more...
- security - Security mode for the wireless interface (default = wpa2-only-personal). type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
- security-exempt-list - Optional security exempt list for captive portal authentication. type: str more...
- security-obsolete-option - Enable/disable obsolete security options. type: str choices: [disable, enable] more...
- security-redirect-url - Optional URL for redirecting users after they pass captive portal authentication. type: str more...
- selected-usergroups - Selective user groups that are permitted to authenticate. type: str more...
- split-tunneling - Enable/disable split tunneling (default = disable). type: str choices: [disable, enable] more...
- ssid - IEEE 802. type: str more...
- tkip-counter-measure - Enable/disable TKIP counter measure. type: str choices: [disable, enable] more...
- usergroup - Firewall user group to be used to authenticate WiFi users. type: str more...
- utm-profile - UTM profile name. type: str more...
- vdom - Vdom. type: str more...
- vlan-auto - Enable/disable automatic management of SSID VLAN interface. type: str choices: [disable, enable] more...
- vlan-pooling - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). type: str choices: [wtp-group, round-robin, hash, disable] more...
- vlanid - Optional VLAN ID. type: int more...
- voice-enterprise - Enable/disable 802. type: str choices: [disable, enable] more...
- mu-mimo - Enable/disable Multi-user MIMO (default = enable). type: str choices: [disable, enable] more...
- _intf_device-access-list - _Intf_Device-Access-List. type: str more...
- external-web-format - URL query parameter detection (default = auto-detect). type: str choices: [auto-detect, no-query-string, partial-query-string] more...
- high-efficiency - Enable/disable 802. type: str choices: [disable, enable] more...
- primary-wag-profile - Primary wireless access gateway profile name. type: str more...
- secondary-wag-profile - Secondary wireless access gateway profile name. type: str more...
- target-wake-time - Enable/disable 802. type: str choices: [disable, enable] more...
- tunnel-echo-interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). type: int more...
- tunnel-fallback-interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). type: int more...
- access-control-list - Access-Control-List. type: str more...
- captive-portal-auth-timeout - Captive-Portal-Auth-Timeout. type: int more...
- ipv6-rules - No description for the parameter type: array choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
- sticky-client-remove - Sticky-Client-Remove. type: str choices: [disable, enable] more...
- sticky-client-threshold-2g - Sticky-Client-Threshold-2G. type: str more...
- sticky-client-threshold-5g - Sticky-Client-Threshold-5G. type: str more...
- bss-color-partial - Bss-Color-Partial. type: str choices: [disable, enable] more...
- dhcp-option43-insertion - Dhcp-Option43-Insertion. type: str choices: [disable, enable] more...
- mpsk-profile - Mpsk-Profile. type: str more...
- igmp-snooping - Enable/disable IGMP snooping. type: str choices: [disable, enable] more...
- port-macauth - Enable/disable LAN port MAC authentication (default = disable). type: str choices: [disable, radius, address-group] more...
- port-macauth-reauth-timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec). type: int more...
- port-macauth-timeout - LAN port MAC authentication idle timeout value (default = 600 sec). type: int more...
- additional-akms - No description for the parameter type: array choices: [akm6] more...
- bstm-disassociation-imminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). type: str choices: [disable, enable] more...
- bstm-load-balancing-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10). type: int more...
- bstm-rssi-disassoc-timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200). type: int more...
- dhcp-address-enforcement - Enable/disable DHCP address enforcement (default = disable). type: str choices: [disable, enable] more...
- gas-comeback-delay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
- gas-fragmentation-limit - GAS fragmentation limit (512 - 4096, default = 1024). type: int more...
- mac-called-station-delimiter - MAC called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac-calling-station-delimiter - MAC calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac-case - MAC case (default = uppercase). type: str choices: [uppercase, lowercase] more...
- mac-password-delimiter - MAC authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac-username-delimiter - MAC authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mbo - Enable/disable Multiband Operation (default = disable). type: str choices: [disable, enable] more...
- mbo-cell-data-conn-pref - MBO cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
- nac - Enable/disable network access control. type: str choices: [disable, enable] more...
- nac-profile - NAC profile name. type: str more...
- neighbor-report-dual-band - Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
- address-group-policy - Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
- antivirus-profile - AntiVirus profile name. type: str more...
- application-detection-engine - Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
- application-list - Application control list name. type: str more...
- application-report-intv - Application report interval (30 - 864000 sec, default = 120). type: int more...
- auth-cert - HTTPS server certificate. type: str more...
- auth-portal-addr - Address of captive portal. type: str more...
- beacon-advertising - No description for the parameter type: array choices: [name, model, serial-number] more...
- ips-sensor - IPS sensor name. type: str more...
- l3-roaming - Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
- local-standalone-dns - Enable/disable AP local standalone DNS. type: str choices: [disable, enable] more...
- local-standalone-dns-ip - No description for the parameter type: str more...
- osen - Enable/disable OSEN as part of key management (default = disable). type: str choices: [disable, enable] more...
- radius-mac-mpsk-auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). type: str choices: [disable, enable] more...
- radius-mac-mpsk-timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400). type: int more...
- rates-11ax-ss12 - No description for the parameter type: array choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
- rates-11ax-ss34 - No description for the parameter type: array choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: [disable, block, monitor] more...
- utm-log - Enable/disable UTM logging. type: str choices: [disable, enable] more...
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str choices: [disable, enable] more...
- webfilter-profile - WebFilter profile name. type: str more...
Notes¶
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state: present directive.
- To delete an object, use state: absent directive
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: no description
fmgr_vap_dynamicmapping:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
vap: <your own value>
state: <value in [present, absent]>
vap_dynamicmapping:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
acct-interim-interval: <value of integer>
address-group: <value of string>
alias: <value of string>
atf-weight: <value of integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
client-count: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
mu-mimo: <value in [disable, enable]>
_intf_device-access-list: <value of string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <value of string>
secondary-wag-profile: <value of string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <value of integer>
tunnel-fallback-interval: <value of integer>
access-control-list: <value of string>
captive-portal-auth-timeout: <value of integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <value of string>
sticky-client-threshold-5g: <value of string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <value of string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <value of integer>
port-macauth-timeout: <value of integer>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <value of integer>
bstm-rssi-disassoc-timer: <value of integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <value of integer>
gas-fragmentation-limit: <value of integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <value of string>
neighbor-report-dual-band: <value in [disable, enable]>
address-group-policy: <value in [disable, allow, deny]>
antivirus-profile: <value of string>
application-detection-engine: <value in [disable, enable]>
application-list: <value of string>
application-report-intv: <value of integer>
auth-cert: <value of string>
auth-portal-addr: <value of string>
beacon-advertising:
- name
- model
- serial-number
ips-sensor: <value of string>
l3-roaming: <value in [disable, enable]>
local-standalone-dns: <value in [disable, enable]>
local-standalone-dns-ip: <value of string>
osen: <value in [disable, enable]>
radius-mac-mpsk-auth: <value in [disable, enable]>
radius-mac-mpsk-timeout: <value of integer>
rates-11ax-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates-11ax-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan-botnet-connections: <value in [disable, block, monitor]>
utm-log: <value in [disable, enable]>
utm-status: <value in [disable, enable]>
webfilter-profile: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- request_url - The full url requested returned: always type: str sample: /sys/login/user
- response_code - The status of api request returned: always type: int sample: 0
- response_message - The descriptive message of the api response returned: always type: str sample: OK
- response_data - The data body of the api response returned: optional type: list or dict