Fortinet FortiManager Ansible Collection
galaxy/2.1.7

FortiManager/Galaxy Multi-versions Guide

  • FortiManager Galaxy Versions Mapping
  • Version Mismatch Notes

User's Guide

  • Install FortiManager Ansible Galaxy
  • Run Your First Playbook
  • Migrate Legacy Playbooks
  • Error Handling
  • FortiManager Best Practices
  • Frequently Asked Questions (FAQ)
  • Get Help

Playbook Examples

  • Search Playbooks

Modules Digest

  • Modules Digest

Modules Index

  • Object Oriented Modules
    • fmgr_adom_options
    • fmgr_antivirus_mmschecksum – Configure MMS content checksum list.
    • fmgr_antivirus_mmschecksum_entries – modify this MMS content checksum list
    • fmgr_antivirus_notification – Configure AntiVirus notification lists.
    • fmgr_antivirus_notification_entries – modify this antivirus notification list
    • fmgr_antivirus_profile – Configure AntiVirus profiles.
    • fmgr_antivirus_profile_cifs – Configure CIFS AntiVirus options.
    • fmgr_antivirus_profile_contentdisarm – AV Content Disarm and Reconstruction settings.
    • fmgr_antivirus_profile_ftp – Configure FTP AntiVirus options.
    • fmgr_antivirus_profile_http – Configure HTTP AntiVirus options.
    • fmgr_antivirus_profile_imap – Configure IMAP AntiVirus options.
    • fmgr_antivirus_profile_mapi – Configure MAPI AntiVirus options.
    • fmgr_antivirus_profile_nacquar – Configure AntiVirus quarantine settings.
    • fmgr_antivirus_profile_nntp – Configure NNTP AntiVirus options.
    • fmgr_antivirus_profile_outbreakprevention – Configure Virus Outbreak Prevention settings.
    • fmgr_antivirus_profile_pop3 – Configure POP3 AntiVirus options.
    • fmgr_antivirus_profile_smb – Configure SMB AntiVirus options.
    • fmgr_antivirus_profile_smtp – Configure SMTP AntiVirus options.
    • fmgr_antivirus_profile_ssh – Configure SFTP and SCP AntiVirus options.
    • fmgr_apcfgprofile – Configure AP local configuration profiles.
    • fmgr_apcfgprofile_commandlist – AP local configuration command list.
    • fmgr_application_categories
    • fmgr_application_custom – Configure custom application signatures.
    • fmgr_application_group – Configure firewall application groups.
    • fmgr_application_list – Configure application control lists.
    • fmgr_application_list_defaultnetworkservices – Default network service entries.
    • fmgr_application_list_entries – Application list entries.
    • fmgr_application_list_entries_parameters – Application parameters.
    • fmgr_application_list_entries_parameters_members – Parameter tuple members.
    • fmgr_arrpprofile – Configure WiFi Automatic Radio Resource Provisioning (ARRP) profiles.
    • fmgr_authentication_scheme – Configure Authentication Schemes.
    • fmgr_bleprofile – Configure Bluetooth Low Energy profile.
    • fmgr_bonjourprofile – Configure Bonjour profiles.
    • fmgr_bonjourprofile_policylist – Bonjour policy list.
    • fmgr_certificate_template
    • fmgr_cifs_domaincontroller – Define known domain controller servers.
    • fmgr_cifs_profile – Configure CIFS profile.
    • fmgr_cifs_profile_filefilter – File filter.
    • fmgr_cifs_profile_filefilter_entries – File filter entries.
    • fmgr_cifs_profile_serverkeytab – Server keytab.
    • fmgr_credentialstore_domaincontroller – Define known domain controller servers.
    • fmgr_devprof_device_profile_fortianalyzer
    • fmgr_devprof_device_profile_fortiguard
    • fmgr_devprof_log_fortianalyzer_setting – Global FortiAnalyzer settings.
    • fmgr_devprof_log_fortianalyzercloud_setting – Global FortiAnalyzer Cloud settings.
    • fmgr_devprof_log_syslogd_filter – Filters for remote system server.
    • fmgr_devprof_log_syslogd_setting – Global settings for remote syslog server.
    • fmgr_devprof_system_centralmanagement – Configure central management.
    • fmgr_devprof_system_centralmanagement_serverlist – Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
    • fmgr_devprof_system_dns – Configure DNS.
    • fmgr_devprof_system_emailserver – Configure the email server used by the FortiGate various things.
    • fmgr_devprof_system_global – Configure global attributes.
    • fmgr_devprof_system_ntp – Configure system NTP information.
    • fmgr_devprof_system_ntp_ntpserver – Configure the FortiGate to connect to any available third-party NTP server.
    • fmgr_devprof_system_replacemsg_admin – Replacement messages.
    • fmgr_devprof_system_replacemsg_alertmail – Replacement messages.
    • fmgr_devprof_system_replacemsg_auth – Replacement messages.
    • fmgr_devprof_system_replacemsg_devicedetectionportal – Replacement messages.
    • fmgr_devprof_system_replacemsg_ec – Replacement messages.
    • fmgr_devprof_system_replacemsg_fortiguardwf – Replacement messages.
    • fmgr_devprof_system_replacemsg_ftp – Replacement messages.
    • fmgr_devprof_system_replacemsg_http – Replacement messages.
    • fmgr_devprof_system_replacemsg_mail – Replacement messages.
    • fmgr_devprof_system_replacemsg_mms – Replacement messages.
    • fmgr_devprof_system_replacemsg_nacquar – Replacement messages.
    • fmgr_devprof_system_replacemsg_nntp – Replacement messages.
    • fmgr_devprof_system_replacemsg_spam – Replacement messages.
    • fmgr_devprof_system_replacemsg_sslvpn – Replacement messages.
    • fmgr_devprof_system_replacemsg_trafficquota – Replacement messages.
    • fmgr_devprof_system_replacemsg_utm – Replacement messages.
    • fmgr_devprof_system_replacemsg_webproxy – Replacement messages.
    • fmgr_devprof_system_snmp_community – SNMP community configuration.
    • fmgr_devprof_system_snmp_community_hosts – Configure IPv4 SNMP managers (hosts).
    • fmgr_devprof_system_snmp_community_hosts6 – Configure IPv6 SNMP managers.
    • fmgr_devprof_system_snmp_sysinfo – SNMP system info configuration.
    • fmgr_devprof_system_snmp_user – SNMP user configuration.
    • fmgr_dlp_datatype – Configure predefined data type used by DLP blocking.
    • fmgr_dlp_dictionary – Configure dictionaries used by DLP blocking.
    • fmgr_dlp_dictionary_entries – DLP dictionary entries.
    • fmgr_dlp_filepattern – Configure file patterns used by DLP blocking.
    • fmgr_dlp_filepattern_entries – Configure file patterns used by DLP blocking.
    • fmgr_dlp_fpsensitivity – Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source.
    • fmgr_dlp_profile – Configure DLP profiles.
    • fmgr_dlp_profile_rule – Set up DLP rules for this profile.
    • fmgr_dlp_sensitivity – Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source.
    • fmgr_dlp_sensor – Configure DLP sensors.
    • fmgr_dlp_sensor_entries – DLP sensor entries.
    • fmgr_dlp_sensor_filter – Set up DLP filters for this sensor.
    • fmgr_dnsfilter_domainfilter – Configure DNS domain filters.
    • fmgr_dnsfilter_domainfilter_entries – DNS domain filter entries.
    • fmgr_dnsfilter_profile – Configure DNS domain filter profiles.
    • fmgr_dnsfilter_profile_dnstranslation – DNS translation settings.
    • fmgr_dnsfilter_profile_domainfilter – Domain filter settings.
    • fmgr_dnsfilter_profile_ftgddns – FortiGuard DNS Filter settings.
    • fmgr_dnsfilter_profile_ftgddns_filters – FortiGuard DNS domain filters.
    • fmgr_dvmdb_adom – ADOM table, most attributes are read-only and can only be changed internally.
    • fmgr_dvmdb_adom_objectmember – ADOM table, most attributes are read-only and can only be changed internally.
    • fmgr_dvmdb_device – Device table, most attributes are read-only and can only be changed internally.
    • fmgr_dvmdb_device_vdom – Device VDOM table.
    • fmgr_dvmdb_folder
    • fmgr_dvmdb_group – Device group table.
    • fmgr_dvmdb_group_objectmember – Device group table.
    • fmgr_dvmdb_metafields_adom
    • fmgr_dvmdb_metafields_device
    • fmgr_dvmdb_metafields_group
    • fmgr_dvmdb_revision – ADOM revision table.
    • fmgr_dvmdb_script – Script table.
    • fmgr_dvmdb_script_objectmember – Script table.
    • fmgr_dvmdb_script_scriptschedule – Script schedule table.
    • fmgr_dynamic_address
    • fmgr_dynamic_address_dynamicaddrmapping
    • fmgr_dynamic_certificate_local
    • fmgr_dynamic_certificate_local_dynamicmapping
    • fmgr_dynamic_input_interface
    • fmgr_dynamic_input_interface_dynamicmapping
    • fmgr_dynamic_interface
    • fmgr_dynamic_interface_dynamicmapping
    • fmgr_dynamic_interface_platformmapping
    • fmgr_dynamic_ippool
    • fmgr_dynamic_multicast_interface
    • fmgr_dynamic_multicast_interface_dynamicmapping
    • fmgr_dynamic_vip
    • fmgr_dynamic_virtualwanlink_members
    • fmgr_dynamic_virtualwanlink_members_dynamicmapping
    • fmgr_dynamic_virtualwanlink_neighbor
    • fmgr_dynamic_virtualwanlink_neighbor_dynamicmapping
    • fmgr_dynamic_virtualwanlink_server
    • fmgr_dynamic_virtualwanlink_server_dynamicmapping
    • fmgr_dynamic_vpntunnel
    • fmgr_dynamic_vpntunnel_dynamicmapping
    • fmgr_emailfilter_blockallowlist – Configure anti-spam block/allow list.
    • fmgr_emailfilter_blockallowlist_entries – Anti-spam block/allow entries.
    • fmgr_emailfilter_bwl – Configure anti-spam black/white list.
    • fmgr_emailfilter_bwl_entries – Anti-spam black/white list entries.
    • fmgr_emailfilter_bword – Configure AntiSpam banned word list.
    • fmgr_emailfilter_bword_entries – Spam filter banned word.
    • fmgr_emailfilter_dnsbl – Configure AntiSpam DNSBL/ORBL.
    • fmgr_emailfilter_dnsbl_entries – Spam filter DNSBL and ORBL server.
    • fmgr_emailfilter_fortishield – Configure FortiGuard - AntiSpam.
    • fmgr_emailfilter_iptrust – Configure AntiSpam IP trust.
    • fmgr_emailfilter_iptrust_entries – Spam filter trusted IP addresses.
    • fmgr_emailfilter_mheader – Configure AntiSpam MIME header.
    • fmgr_emailfilter_mheader_entries – Spam filter mime header content.
    • fmgr_emailfilter_options – Configure AntiSpam options.
    • fmgr_emailfilter_profile – Configure Email Filter profiles.
    • fmgr_emailfilter_profile_filefilter – File filter.
    • fmgr_emailfilter_profile_filefilter_entries – File filter entries.
    • fmgr_emailfilter_profile_gmail – Gmail.
    • fmgr_emailfilter_profile_imap – IMAP.
    • fmgr_emailfilter_profile_mapi – MAPI.
    • fmgr_emailfilter_profile_msnhotmail – MSN Hotmail.
    • fmgr_emailfilter_profile_otherwebmails – Other supported webmails.
    • fmgr_emailfilter_profile_pop3 – POP3.
    • fmgr_emailfilter_profile_smtp – SMTP.
    • fmgr_endpointcontrol_fctems – Configure FortiClient Enterprise Management Server (EMS) entries.
    • fmgr_extendercontroller_dataplan – FortiExtender dataplan configuration.
    • fmgr_extendercontroller_extenderprofile – FortiExtender extender profile configuration.
    • fmgr_extendercontroller_extenderprofile_cellular – FortiExtender cellular configuration.
    • fmgr_extendercontroller_extenderprofile_cellular_controllerreport – FortiExtender controller report configuration.
    • fmgr_extendercontroller_extenderprofile_cellular_modem1 – Configuration options for modem 1.
    • fmgr_extendercontroller_extenderprofile_cellular_modem1_autoswitch – FortiExtender auto switch configuration.
    • fmgr_extendercontroller_extenderprofile_cellular_modem2 – Configuration options for modem 2.
    • fmgr_extendercontroller_extenderprofile_cellular_modem2_autoswitch – FortiExtender auto switch configuration.
    • fmgr_extendercontroller_extenderprofile_cellular_smsnotification – FortiExtender cellular SMS notification configuration.
    • fmgr_extendercontroller_extenderprofile_cellular_smsnotification_alert – SMS alert list.
    • fmgr_extendercontroller_extenderprofile_cellular_smsnotification_receiver – SMS notification receiver list.
    • fmgr_extendercontroller_extenderprofile_lanextension – FortiExtender lan extension configuration.
    • fmgr_extendercontroller_extenderprofile_lanextension_backhaul – LAN extension backhaul tunnel configuration.
    • fmgr_extendercontroller_simprofile
    • fmgr_extendercontroller_simprofile_autoswitchprofile
    • fmgr_extendercontroller_template
    • fmgr_filefilter_profile – Configure file-filter profiles.
    • fmgr_filefilter_profile_rules – File filter rules.
    • fmgr_firewall_accessproxy – Configure Access Proxy.
    • fmgr_firewall_accessproxy_apigateway – Set API Gateway.
    • fmgr_firewall_accessproxy_apigateway6 – Set IPv6 API Gateway.
    • fmgr_firewall_accessproxy_apigateway6_realservers – Select the real servers that this Access Proxy will distribute traffic to.
    • fmgr_firewall_accessproxy_apigateway6_sslciphersuites – SSL/TLS cipher suites to offer to a server, ordered by priority.
    • fmgr_firewall_accessproxy_apigateway_realservers – Select the real servers that this Access Proxy will distribute traffic to.
    • fmgr_firewall_accessproxy_apigateway_sslciphersuites – SSL/TLS cipher suites to offer to a server, ordered by priority.
    • fmgr_firewall_accessproxy_realservers – Select the SSL real servers that this Access Proxy will distribute traffic to.
    • fmgr_firewall_accessproxy_serverpubkeyauthsettings – Server SSH public key authentication settings.
    • fmgr_firewall_accessproxy_serverpubkeyauthsettings_certextension – Configure certificate extension for user certificate.
    • fmgr_firewall_accessproxyvirtualhost – Configure Access Proxy virtual hosts.
    • fmgr_firewall_address – Configure IPv4 addresses.
    • fmgr_firewall_address6 – Configure IPv6 firewall addresses.
    • fmgr_firewall_address6_dynamicmapping – Configure IPv6 firewall addresses.
    • fmgr_firewall_address6_dynamicmapping_subnetsegment – IPv6 subnet segments.
    • fmgr_firewall_address6_list – IP address list.
    • fmgr_firewall_address6_subnetsegment – IPv6 subnet segments.
    • fmgr_firewall_address6_tagging – Config object tagging
    • fmgr_firewall_address6template – Configure IPv6 address templates.
    • fmgr_firewall_address6template_subnetsegment – IPv6 subnet segments.
    • fmgr_firewall_address6template_subnetsegment_values – Subnet segment values.
    • fmgr_firewall_address_dynamicmapping – Configure IPv4 addresses.
    • fmgr_firewall_address_list – IP address list.
    • fmgr_firewall_address_tagging – Config object tagging.
    • fmgr_firewall_addrgrp – Configure IPv4 address groups.
    • fmgr_firewall_addrgrp6 – Configure IPv6 address groups.
    • fmgr_firewall_addrgrp6_dynamicmapping – Configure IPv6 address groups.
    • fmgr_firewall_addrgrp6_tagging – Config object tagging.
    • fmgr_firewall_addrgrp_dynamicmapping – Configure IPv4 address groups.
    • fmgr_firewall_addrgrp_tagging – Config object tagging.
    • fmgr_firewall_carrierendpointbwl – Carrier end point black/white list tables.
    • fmgr_firewall_carrierendpointbwl_entries – Carrier end point black/white list.
    • fmgr_firewall_decryptedtrafficmirror – Configure decrypted traffic mirror.
    • fmgr_firewall_gtp – Configure GTP.
    • fmgr_firewall_gtp_apn – APN.
    • fmgr_firewall_gtp_ieremovepolicy – IE remove policy.
    • fmgr_firewall_gtp_ievalidation – IE validation.
    • fmgr_firewall_gtp_imsi – IMSI.
    • fmgr_firewall_gtp_ippolicy – IP policy.
    • fmgr_firewall_gtp_messageratelimit – Message rate limiting.
    • fmgr_firewall_gtp_messageratelimitv0 – Message rate limiting for GTP version 0.
    • fmgr_firewall_gtp_messageratelimitv1 – Message rate limiting for GTP version 1.
    • fmgr_firewall_gtp_messageratelimitv2 – Message rate limiting for GTP version 2.
    • fmgr_firewall_gtp_noippolicy – No IP policy.
    • fmgr_firewall_gtp_perapnshaper – Per APN shaper.
    • fmgr_firewall_gtp_policy – Policy.
    • fmgr_firewall_gtp_policyv2 – Apply allow or deny action to each GTPv2-c packet.
    • fmgr_firewall_identitybasedroute – Configure identity based routing.
    • fmgr_firewall_identitybasedroute_rule – Rule.
    • fmgr_firewall_internetservice – Show Internet Service application.
    • fmgr_firewall_internetservice_entry – Entries in the Internet Service database.
    • fmgr_firewall_internetserviceaddition – Configure Internet Services Addition.
    • fmgr_firewall_internetserviceaddition_entry – Entries added to the Internet Service addition database.
    • fmgr_firewall_internetserviceaddition_entry_portrange – Port ranges in the custom entry.
    • fmgr_firewall_internetservicecustom – Configure custom Internet Services.
    • fmgr_firewall_internetservicecustom_disableentry – Disable entries in the Internet Service database.
    • fmgr_firewall_internetservicecustom_disableentry_iprange – IP ranges in the disable entry.
    • fmgr_firewall_internetservicecustom_entry – Entries added to the Internet Service database and custom database.
    • fmgr_firewall_internetservicecustom_entry_portrange – Port ranges in the custom entry.
    • fmgr_firewall_internetservicecustomgroup – Configure custom Internet Service group.
    • fmgr_firewall_internetservicegroup – Configure group of Internet Service.
    • fmgr_firewall_internetservicename – Define internet service names.
    • fmgr_firewall_ippool – Configure IPv4 IP pools.
    • fmgr_firewall_ippool6 – Configure IPv6 IP pools.
    • fmgr_firewall_ippool6_dynamicmapping – Configure IPv6 IP pools.
    • fmgr_firewall_ippool_dynamicmapping – Configure IPv4 IP pools.
    • fmgr_firewall_ldbmonitor – Configure server load balancing health monitors.
    • fmgr_firewall_mmsprofile – Configure MMS profiles.
    • fmgr_firewall_mmsprofile_dupe – Duplicate configuration.
    • fmgr_firewall_mmsprofile_flood – Flood configuration.
    • fmgr_firewall_mmsprofile_notification – Notification configuration.
    • fmgr_firewall_mmsprofile_notifmsisdn – Notification for MSISDNs.
    • fmgr_firewall_mmsprofile_outbreakprevention – Configure Virus Outbreak Prevention settings.
    • fmgr_firewall_multicastaddress – Configure multicast addresses.
    • fmgr_firewall_multicastaddress6 – Configure IPv6 multicast address.
    • fmgr_firewall_multicastaddress6_tagging – Config object tagging.
    • fmgr_firewall_multicastaddress_tagging – Config object tagging.
    • fmgr_firewall_profilegroup – Configure profile groups.
    • fmgr_firewall_profileprotocoloptions – Configure protocol options.
    • fmgr_firewall_profileprotocoloptions_cifs – Configure CIFS protocol options.
    • fmgr_firewall_profileprotocoloptions_cifs_filefilter – File filter.
    • fmgr_firewall_profileprotocoloptions_cifs_filefilter_entries – File filter entries.
    • fmgr_firewall_profileprotocoloptions_cifs_serverkeytab – Server keytab.
    • fmgr_firewall_profileprotocoloptions_dns – Configure DNS protocol options.
    • fmgr_firewall_profileprotocoloptions_ftp – Configure FTP protocol options.
    • fmgr_firewall_profileprotocoloptions_http – Configure HTTP protocol options.
    • fmgr_firewall_profileprotocoloptions_imap – Configure IMAP protocol options.
    • fmgr_firewall_profileprotocoloptions_mailsignature – Configure Mail signature.
    • fmgr_firewall_profileprotocoloptions_mapi – Configure MAPI protocol options.
    • fmgr_firewall_profileprotocoloptions_nntp – Configure NNTP protocol options.
    • fmgr_firewall_profileprotocoloptions_pop3 – Configure POP3 protocol options.
    • fmgr_firewall_profileprotocoloptions_smtp – Configure SMTP protocol options.
    • fmgr_firewall_profileprotocoloptions_ssh – Configure SFTP and SCP protocol options.
    • fmgr_firewall_proxyaddress – Web proxy address configuration.
    • fmgr_firewall_proxyaddress_headergroup – HTTP header group.
    • fmgr_firewall_proxyaddress_tagging – Config object tagging.
    • fmgr_firewall_proxyaddrgrp – Web proxy address group configuration.
    • fmgr_firewall_proxyaddrgrp_tagging – Config object tagging.
    • fmgr_firewall_schedule_group – Schedule group configuration.
    • fmgr_firewall_schedule_onetime – Onetime schedule configuration.
    • fmgr_firewall_schedule_recurring – Recurring schedule configuration.
    • fmgr_firewall_service_category – Configure service categories.
    • fmgr_firewall_service_custom – Configure custom services.
    • fmgr_firewall_service_group – Configure service groups.
    • fmgr_firewall_shaper_peripshaper – Configure per-IP traffic shaper.
    • fmgr_firewall_shaper_trafficshaper – Configure shared traffic shaper.
    • fmgr_firewall_shapingprofile – Configure shaping profiles.
    • fmgr_firewall_shapingprofile_shapingentries – Define shaping entries of this shaping profile.
    • fmgr_firewall_ssh_localca – SSH proxy local CA.
    • fmgr_firewall_sslsshprofile – Configure SSL/SSH protocol options.
    • fmgr_firewall_sslsshprofile_dot – Configure DNS over TLS options.
    • fmgr_firewall_sslsshprofile_ftps – Configure FTPS options.
    • fmgr_firewall_sslsshprofile_https – Configure HTTPS options.
    • fmgr_firewall_sslsshprofile_imaps – Configure IMAPS options.
    • fmgr_firewall_sslsshprofile_pop3s – Configure POP3S options.
    • fmgr_firewall_sslsshprofile_smtps – Configure SMTPS options.
    • fmgr_firewall_sslsshprofile_ssh – Configure SSH options.
    • fmgr_firewall_sslsshprofile_ssl – Configure SSL options.
    • fmgr_firewall_sslsshprofile_sslexempt – Servers to exempt from SSL inspection.
    • fmgr_firewall_sslsshprofile_sslserver – SSL servers.
    • fmgr_firewall_trafficclass – Configure names for shaping classes.
    • fmgr_firewall_vip – Configure virtual IP for IPv4.
    • fmgr_firewall_vip46 – Configure IPv4 to IPv6 virtual IPs.
    • fmgr_firewall_vip46_dynamicmapping – Configure IPv4 to IPv6 virtual IPs.
    • fmgr_firewall_vip46_realservers – Real servers.
    • fmgr_firewall_vip6 – Configure virtual IP for IPv6.
    • fmgr_firewall_vip64 – Configure IPv6 to IPv4 virtual IPs.
    • fmgr_firewall_vip64_dynamicmapping – Configure IPv6 to IPv4 virtual IPs.
    • fmgr_firewall_vip64_realservers – Real servers.
    • fmgr_firewall_vip6_dynamicmapping – Configure virtual IP for IPv6.
    • fmgr_firewall_vip6_dynamicmapping_realservers – Select the real servers that this server load balancing VIP will distribute traffic to.
    • fmgr_firewall_vip6_dynamicmapping_sslciphersuites – SSL/TLS cipher suites acceptable from a client, ordered by priority.
    • fmgr_firewall_vip6_realservers – Select the real servers that this server load balancing VIP will distribute traffic to.
    • fmgr_firewall_vip6_sslciphersuites – SSL/TLS cipher suites acceptable from a client, ordered by priority.
    • fmgr_firewall_vip6_sslserverciphersuites – SSL/TLS cipher suites to offer to a server, ordered by priority.
    • fmgr_firewall_vip_dynamicmapping – Configure virtual IP for IPv4.
    • fmgr_firewall_vip_dynamicmapping_realservers – Select the real servers that this server load balancing VIP will distribute traffic to.
    • fmgr_firewall_vip_dynamicmapping_sslciphersuites – SSL/TLS cipher suites acceptable from a client, ordered by priority.
    • fmgr_firewall_vip_realservers – Select the real servers that this server load balancing VIP will distribute traffic to.
    • fmgr_firewall_vip_sslciphersuites – SSL/TLS cipher suites acceptable from a client, ordered by priority.
    • fmgr_firewall_vip_sslserverciphersuites – SSL/TLS cipher suites to offer to a server, ordered by priority.
    • fmgr_firewall_vipgrp – Configure IPv4 virtual IP groups.
    • fmgr_firewall_vipgrp46 – Configure IPv4 to IPv6 virtual IP groups.
    • fmgr_firewall_vipgrp6 – Configure IPv6 virtual IP groups.
    • fmgr_firewall_vipgrp64 – Configure IPv6 to IPv4 virtual IP groups.
    • fmgr_firewall_vipgrp_dynamicmapping – Configure IPv4 virtual IP groups.
    • fmgr_firewall_wildcardfqdn_custom – Config global/VDOM Wildcard FQDN address.
    • fmgr_firewall_wildcardfqdn_group – Config global Wildcard FQDN address groups.
    • fmgr_fmg_device_blueprint
    • fmgr_fmg_variable
    • fmgr_fmg_variable_dynamicmapping
    • fmgr_fmupdate_analyzer_virusreport – Send virus detection notification to FortiGuard.
    • fmgr_fmupdate_avips_advancedlog – Enable/disable logging of FortiGuard antivirus and IPS update packages received by FortiManager’s built-in FortiGuard.
    • fmgr_fmupdate_avips_webproxy – Configure the web proxy for use with FortiGuard antivirus and IPS updates.
    • fmgr_fmupdate_customurllist – Configure the URL database for rating and filtering.
    • fmgr_fmupdate_diskquota – Configure disk space available for use by the Upgrade Manager.
    • fmgr_fmupdate_fctservices – Configure FortiGuard to provide services to FortiClient installations.
    • fmgr_fmupdate_fdssetting – Configure FortiGuard settings.
    • fmgr_fmupdate_fdssetting_pushoverride – Enable/disable push updates, and override the default IP address and port used by FortiGuard to send antivirus and IPS push messages for clients.
    • fmgr_fmupdate_fdssetting_pushoverridetoclient – Enable/disable push updates, and override the default IP address and port used by FortiGuard to send antivirus and IPS push messages for clients.
    • fmgr_fmupdate_fdssetting_pushoverridetoclient_announceip – Announce IP addresses for the device.
    • fmgr_fmupdate_fdssetting_serveroverride – Server override configure.
    • fmgr_fmupdate_fdssetting_serveroverride_servlist – Override server.
    • fmgr_fmupdate_fdssetting_updateschedule – Configure the schedule when built-in FortiGuard retrieves antivirus and IPS updates.
    • fmgr_fmupdate_fwmsetting – Configure firmware management settings.
    • fmgr_fmupdate_multilayer – Configure multilayer mode.
    • fmgr_fmupdate_publicnetwork – Enable/disable access to the public FortiGuard.
    • fmgr_fmupdate_serveraccesspriorities – Configure priorities for FortiGate units accessing antivirus updates and web filtering services.
    • fmgr_fmupdate_serveraccesspriorities_privateserver – Configure multiple FortiManager units and private servers.
    • fmgr_fmupdate_serveroverridestatus – Configure strict/loose server override.
    • fmgr_fmupdate_service – Enable/disable services provided by the built-in FortiGuard.
    • fmgr_fmupdate_webspam_fgdsetting – Configure the FortiGuard run parameters.
    • fmgr_fmupdate_webspam_fgdsetting_serveroverride – Server override configure.
    • fmgr_fmupdate_webspam_fgdsetting_serveroverride_servlist – Override server.
    • fmgr_fmupdate_webspam_webproxy – Configure the web proxy for use with FortiGuard antivirus and IPS updates.
    • fmgr_fsp_vlan
    • fmgr_fsp_vlan_dhcpserver – Configure DHCP servers.
    • fmgr_fsp_vlan_dhcpserver_excluderange – Exclude one or more ranges of IP addresses from being assigned to clients.
    • fmgr_fsp_vlan_dhcpserver_iprange – DHCP IP range configuration.
    • fmgr_fsp_vlan_dhcpserver_options – DHCP options.
    • fmgr_fsp_vlan_dhcpserver_reservedaddress – Options for the DHCP server to assign IP settings to specific MAC addresses.
    • fmgr_fsp_vlan_dynamicmapping
    • fmgr_fsp_vlan_dynamicmapping_dhcpserver – Configure DHCP servers.
    • fmgr_fsp_vlan_dynamicmapping_dhcpserver_excluderange – Exclude one or more ranges of IP addresses from being assigned to clients.
    • fmgr_fsp_vlan_dynamicmapping_dhcpserver_iprange – DHCP IP range configuration.
    • fmgr_fsp_vlan_dynamicmapping_dhcpserver_options – DHCP options.
    • fmgr_fsp_vlan_dynamicmapping_dhcpserver_reservedaddress – Options for the DHCP server to assign IP settings to specific MAC addresses.
    • fmgr_fsp_vlan_dynamicmapping_interface
    • fmgr_fsp_vlan_dynamicmapping_interface_ipv6 – IPv6 of interface.
    • fmgr_fsp_vlan_dynamicmapping_interface_ipv6_ip6delegatedprefixlist – Advertised IPv6 delegated prefix list.
    • fmgr_fsp_vlan_dynamicmapping_interface_ipv6_ip6extraaddr – Extra IPv6 address prefixes of interface.
    • fmgr_fsp_vlan_dynamicmapping_interface_ipv6_ip6prefixlist – Advertised prefix list.
    • fmgr_fsp_vlan_dynamicmapping_interface_ipv6_vrrp6 – IPv6 VRRP configuration.
    • fmgr_fsp_vlan_dynamicmapping_interface_secondaryip – Second IP address of interface.
    • fmgr_fsp_vlan_interface – Configure interfaces.
    • fmgr_fsp_vlan_interface_ipv6 – IPv6 of interface.
    • fmgr_fsp_vlan_interface_ipv6_ip6delegatedprefixlist – Advertised IPv6 delegated prefix list.
    • fmgr_fsp_vlan_interface_ipv6_ip6extraaddr – Extra IPv6 address prefixes of interface.
    • fmgr_fsp_vlan_interface_ipv6_ip6prefixlist – Advertised prefix list.
    • fmgr_fsp_vlan_interface_ipv6_vrrp6 – IPv6 VRRP configuration.
    • fmgr_fsp_vlan_interface_secondaryip – Second IP address of interface.
    • fmgr_fsp_vlan_interface_vrrp – VRRP configuration.
    • fmgr_gtp_apn – Configure APN for GTP.
    • fmgr_gtp_apngrp – Configure APN groups for GTP.
    • fmgr_gtp_iewhitelist – IE white list.
    • fmgr_gtp_iewhitelist_entries – Entries of white list (to allow) for unknown or out-of-state IEs.
    • fmgr_gtp_messagefilterv0v1 – Message filter for GTPv0/v1 messages.
    • fmgr_gtp_messagefilterv2 – Message filter for GTPv2 messages.
    • fmgr_gtp_tunnellimit – GTP tunnel limiter.
    • fmgr_hotspot20_anqp3gppcellular – Configure 3GPP public land mobile network (PLMN).
    • fmgr_hotspot20_anqp3gppcellular_mccmnclist – Mobile Country Code and Mobile Network Code configuration.
    • fmgr_hotspot20_anqpipaddresstype – Configure IP address type availability.
    • fmgr_hotspot20_anqpnairealm – Configure network access identifier (NAI) realm.
    • fmgr_hotspot20_anqpnairealm_nailist – NAI list.
    • fmgr_hotspot20_anqpnairealm_nailist_eapmethod – EAP Methods.
    • fmgr_hotspot20_anqpnairealm_nailist_eapmethod_authparam – EAP auth param.
    • fmgr_hotspot20_anqpnetworkauthtype – Configure network authentication type.
    • fmgr_hotspot20_anqproamingconsortium – Configure roaming consortium.
    • fmgr_hotspot20_anqproamingconsortium_oilist – Organization identifier list.
    • fmgr_hotspot20_anqpvenuename – Configure venue name duple.
    • fmgr_hotspot20_anqpvenuename_valuelist – Name list.
    • fmgr_hotspot20_anqpvenueurl – Configure venue URL.
    • fmgr_hotspot20_anqpvenueurl_valuelist – URL list.
    • fmgr_hotspot20_h2qpadviceofcharge – Configure advice of charge.
    • fmgr_hotspot20_h2qpadviceofcharge_aoclist – AOC list.
    • fmgr_hotspot20_h2qpadviceofcharge_aoclist_planinfo – Plan info.
    • fmgr_hotspot20_h2qpconncapability – Configure connection capability.
    • fmgr_hotspot20_h2qpoperatorname – Configure operator friendly name.
    • fmgr_hotspot20_h2qpoperatorname_valuelist – Name list.
    • fmgr_hotspot20_h2qposuprovider – Configure online sign up (OSU) provider list.
    • fmgr_hotspot20_h2qposuprovider_friendlyname – OSU provider friendly name.
    • fmgr_hotspot20_h2qposuprovider_servicedescription – OSU service name.
    • fmgr_hotspot20_h2qposuprovidernai – Configure online sign up (OSU) provider NAI list.
    • fmgr_hotspot20_h2qposuprovidernai_nailist – OSU NAI list.
    • fmgr_hotspot20_h2qptermsandconditions – Configure terms and conditions.
    • fmgr_hotspot20_h2qpwanmetric – Configure WAN metrics.
    • fmgr_hotspot20_hsprofile – Configure hotspot profile.
    • fmgr_hotspot20_icon – Configure OSU provider icon.
    • fmgr_hotspot20_icon_iconlist – Icon list.
    • fmgr_hotspot20_qosmap – Configure QoS map set.
    • fmgr_hotspot20_qosmap_dscpexcept – Differentiated Services Code Point (DSCP) exceptions.
    • fmgr_hotspot20_qosmap_dscprange – Differentiated Services Code Point (DSCP) ranges.
    • fmgr_icap_profile – Configure ICAP profiles.
    • fmgr_icap_profile_icapheaders – Configure ICAP forwarded request headers.
    • fmgr_icap_profile_respmodforwardrules – ICAP response mode forward rules.
    • fmgr_icap_profile_respmodforwardrules_headergroup – HTTP header group.
    • fmgr_icap_server – Configure ICAP servers.
    • fmgr_ips_custom – Configure IPS custom signature.
    • fmgr_ips_sensor – Configure IPS sensor.
    • fmgr_ips_sensor_entries – IPS sensor filter.
    • fmgr_ips_sensor_entries_exemptip – Traffic from selected source or destination IP addresses is exempt from this signature.
    • fmgr_log_customfield – Configure custom log fields.
    • fmgr_metafields_system_admin_user
    • fmgr_mpskprofile – Configure MPSK profile.
    • fmgr_mpskprofile_mpskgroup – List of multiple PSK groups.
    • fmgr_mpskprofile_mpskgroup_mpskkey – List of multiple PSK entries.
    • fmgr_nacprofile – Configure WiFi network access control (NAC) profiles.
    • fmgr_pkg_authentication_rule – Configure Authentication Rules.
    • fmgr_pkg_authentication_setting – Configure authentication setting.
    • fmgr_pkg_central_dnat
    • fmgr_pkg_central_dnat6
    • fmgr_pkg_firewall_acl – Configure IPv4 access control list.
    • fmgr_pkg_firewall_acl6 – Configure IPv6 access control list.
    • fmgr_pkg_firewall_centralsnatmap – Configure central SNAT policies.
    • fmgr_pkg_firewall_consolidated_policy – Configure consolidated IPv4/IPv6 policies.
    • fmgr_pkg_firewall_consolidated_policy_sectionvalue – Configure consolidated IPv4/IPv6 policies.
    • fmgr_pkg_firewall_dospolicy – Configure IPv4 DoS policies.
    • fmgr_pkg_firewall_dospolicy6 – Configure IPv6 DoS policies.
    • fmgr_pkg_firewall_dospolicy6_anomaly – Anomaly name.
    • fmgr_pkg_firewall_dospolicy_anomaly – Anomaly name.
    • fmgr_pkg_firewall_interfacepolicy – Configure IPv4 interface policies.
    • fmgr_pkg_firewall_interfacepolicy6 – Configure IPv6 interface policies.
    • fmgr_pkg_firewall_interfacepolicy6_sectionvalue – Configure IPv6 interface policies.
    • fmgr_pkg_firewall_interfacepolicy_sectionvalue – Configure IPv4 interface policies.
    • fmgr_pkg_firewall_localinpolicy – Configure user defined IPv4 local-in policies.
    • fmgr_pkg_firewall_localinpolicy6 – Configure user defined IPv6 local-in policies.
    • fmgr_pkg_firewall_multicastpolicy – Configure multicast NAT policies.
    • fmgr_pkg_firewall_multicastpolicy6 – Configure IPv6 multicast NAT policies.
    • fmgr_pkg_firewall_policy – Configure IPv4 policies.
    • fmgr_pkg_firewall_policy46 – Configure IPv4 to IPv6 policies.
    • fmgr_pkg_firewall_policy6 – Configure IPv6 policies.
    • fmgr_pkg_firewall_policy64 – Configure IPv6 to IPv4 policies.
    • fmgr_pkg_firewall_policy6_sectionvalue – Configure IPv6 policies.
    • fmgr_pkg_firewall_policy_sectionvalue – Configure IPv4 policies.
    • fmgr_pkg_firewall_policy_vpndstnode
    • fmgr_pkg_firewall_policy_vpnsrcnode
    • fmgr_pkg_firewall_proxypolicy – Configure proxy policies.
    • fmgr_pkg_firewall_proxypolicy_sectionvalue – Configure proxy policies.
    • fmgr_pkg_firewall_securitypolicy – Configure NGFW IPv4/IPv6 application policies.
    • fmgr_pkg_firewall_securitypolicy_sectionvalue – Configure NGFW IPv4/IPv6 application policies.
    • fmgr_pkg_firewall_shapingpolicy – Configure shaping policies.
    • fmgr_pkg_footer_policy – Configure IPv4/IPv6 policies.
    • fmgr_pkg_footer_policy6 – Configure IPv6 policies.
    • fmgr_pkg_footer_shapingpolicy – Configure shaping policies.
    • fmgr_pkg_header_policy – Configure IPv4/IPv6 policies.
    • fmgr_pkg_header_policy6 – Configure IPv6 policies.
    • fmgr_pkg_header_shapingpolicy – Configure shaping policies.
    • fmgr_pm_config_metafields_firewall_address
    • fmgr_pm_config_metafields_firewall_addrgrp
    • fmgr_pm_config_metafields_firewall_centralsnatmap
    • fmgr_pm_config_metafields_firewall_policy
    • fmgr_pm_config_metafields_firewall_service_custom
    • fmgr_pm_config_metafields_firewall_service_group
    • fmgr_pm_config_pblock_firewall_policy – Configure IPv4/IPv6 policies.
    • fmgr_pm_config_pblock_firewall_policy_sectionvalue – Configure IPv4/IPv6 policies.
    • fmgr_pm_config_pblock_firewall_securitypolicy – Configure NGFW IPv4/IPv6 application policies.
    • fmgr_pm_config_pblock_firewall_securitypolicy_sectionvalue – Configure NGFW IPv4/IPv6 application policies.
    • fmgr_pm_devprof_adom
    • fmgr_pm_devprof_pkg
    • fmgr_pm_pblock_adom
    • fmgr_pm_pblock_obj
    • fmgr_pm_pkg – Policy package or folder.
    • fmgr_pm_pkg_adom – Policy package or folder.
    • fmgr_pm_pkg_global – Policy package or folder.
    • fmgr_pm_wanprof_adom
    • fmgr_pm_wanprof_pkg
    • fmgr_qosprofile – Configure WiFi quality of service (QoS) profiles.
    • fmgr_region – Configure FortiAP regions (for floor plans and maps).
    • fmgr_router_accesslist – Configure access lists.
    • fmgr_router_accesslist6 – Configure IPv6 access lists.
    • fmgr_router_accesslist6_rule – Rule.
    • fmgr_router_accesslist_rule – Rule.
    • fmgr_router_aspathlist – Configure Autonomous System (AS) path lists.
    • fmgr_router_aspathlist_rule – AS path list rule.
    • fmgr_router_communitylist – Configure community lists.
    • fmgr_router_communitylist_rule – Community list rule.
    • fmgr_router_prefixlist – Configure IPv4 prefix lists.
    • fmgr_router_prefixlist6 – Configure IPv6 prefix lists.
    • fmgr_router_prefixlist6_rule – IPv6 prefix list rule.
    • fmgr_router_prefixlist_rule – IPv4 prefix list rule.
    • fmgr_router_routemap – Configure route maps.
    • fmgr_router_routemap_rule – Rule.
    • fmgr_spamfilter_bwl – Configure anti-spam black/white list.
    • fmgr_spamfilter_bwl_entries – Anti-spam black/white list entries.
    • fmgr_spamfilter_bword – Configure AntiSpam banned word list.
    • fmgr_spamfilter_bword_entries – Spam filter banned word.
    • fmgr_spamfilter_dnsbl – Configure AntiSpam DNSBL/ORBL.
    • fmgr_spamfilter_dnsbl_entries – Spam filter DNSBL and ORBL server.
    • fmgr_spamfilter_iptrust – Configure AntiSpam IP trust.
    • fmgr_spamfilter_iptrust_entries – Spam filter trusted IP addresses.
    • fmgr_spamfilter_mheader – Configure AntiSpam MIME header.
    • fmgr_spamfilter_mheader_entries – Spam filter mime header content.
    • fmgr_spamfilter_profile – Configure AntiSpam profiles.
    • fmgr_spamfilter_profile_gmail – Gmail.
    • fmgr_spamfilter_profile_imap – IMAP.
    • fmgr_spamfilter_profile_mapi – MAPI.
    • fmgr_spamfilter_profile_msnhotmail – MSN Hotmail.
    • fmgr_spamfilter_profile_pop3 – POP3.
    • fmgr_spamfilter_profile_smtp – SMTP.
    • fmgr_spamfilter_profile_yahoomail – Yahoo! Mail.
    • fmgr_sshfilter_profile – SSH filter profile.
    • fmgr_sshfilter_profile_filefilter – File filter.
    • fmgr_sshfilter_profile_filefilter_entries – File filter entries.
    • fmgr_sshfilter_profile_shellcommands – SSH command filter.
    • fmgr_switchcontroller_customcommand – Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices.
    • fmgr_switchcontroller_dsl_policy – DSL policy.
    • fmgr_switchcontroller_lldpprofile – Configure FortiSwitch LLDP profiles.
    • fmgr_switchcontroller_lldpprofile_customtlvs – Configuration method to edit custom TLV entries.
    • fmgr_switchcontroller_lldpprofile_medlocationservice – Configuration method to edit Media Endpoint Discovery (MED) location service type-length-value (TLV) categories.
    • fmgr_switchcontroller_lldpprofile_mednetworkpolicy – Configuration method to edit Media Endpoint Discovery (MED) network policy type-length-value (TLV) categories.
    • fmgr_switchcontroller_managedswitch – Configure FortiSwitch devices that are managed by this FortiGate.
    • fmgr_switchcontroller_managedswitch_8021xsettings – Configuration method to edit FortiSwitch 802.
    • fmgr_switchcontroller_managedswitch_customcommand – Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.
    • fmgr_switchcontroller_managedswitch_igmpsnooping – Configure FortiSwitch IGMP snooping global settings.
    • fmgr_switchcontroller_managedswitch_ipsourceguard – IP source guard.
    • fmgr_switchcontroller_managedswitch_ipsourceguard_bindingentry – IP and MAC address configuration.
    • fmgr_switchcontroller_managedswitch_mirror – Configuration method to edit FortiSwitch packet mirror.
    • fmgr_switchcontroller_managedswitch_ports – Managed-switch port list.
    • fmgr_switchcontroller_managedswitch_remotelog – Configure logging by FortiSwitch device to a remote syslog server.
    • fmgr_switchcontroller_managedswitch_snmpcommunity – Configuration method to edit Simple Network Management Protocol (SNMP) communities.
    • fmgr_switchcontroller_managedswitch_snmpcommunity_hosts – Configure IPv4 SNMP managers (hosts).
    • fmgr_switchcontroller_managedswitch_snmpsysinfo – Configuration method to edit Simple Network Management Protocol (SNMP) system info.
    • fmgr_switchcontroller_managedswitch_snmptrapthreshold – Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.
    • fmgr_switchcontroller_managedswitch_snmpuser – Configuration method to edit Simple Network Management Protocol (SNMP) users.
    • fmgr_switchcontroller_managedswitch_stormcontrol – Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.
    • fmgr_switchcontroller_managedswitch_stpsettings – Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.
    • fmgr_switchcontroller_managedswitch_switchlog – Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).
    • fmgr_switchcontroller_managedswitch_switchstpsettings – Configure spanning tree protocol (STP).
    • fmgr_switchcontroller_qos_dot1pmap – Configure FortiSwitch QoS 802.
    • fmgr_switchcontroller_qos_ipdscpmap – Configure FortiSwitch QoS IP precedence/DSCP.
    • fmgr_switchcontroller_qos_ipdscpmap_map – Maps between IP-DSCP value to COS queue.
    • fmgr_switchcontroller_qos_qospolicy – Configure FortiSwitch QoS policy.
    • fmgr_switchcontroller_qos_queuepolicy – Configure FortiSwitch QoS egress queue policy.
    • fmgr_switchcontroller_qos_queuepolicy_cosqueue – COS queue configuration.
    • fmgr_switchcontroller_securitypolicy_8021x – Configure 802.
    • fmgr_switchcontroller_securitypolicy_captiveportal – Names of VLANs that use captive portal authentication.
    • fmgr_system_admin_group – User group.
    • fmgr_system_admin_group_member – Group members.
    • fmgr_system_admin_ldap – LDAP server entry configuration.
    • fmgr_system_admin_ldap_adom – Admin domain.
    • fmgr_system_admin_profile – Admin profile.
    • fmgr_system_admin_profile_datamaskcustomfields – Customized datamask fields.
    • fmgr_system_admin_radius – Configure radius.
    • fmgr_system_admin_setting – Admin setting.
    • fmgr_system_admin_tacacs – TACACS+ server entry configuration.
    • fmgr_system_admin_user – Admin user.
    • fmgr_system_admin_user_adom – Admin domain.
    • fmgr_system_admin_user_adomexclude – Excluding admin domain.
    • fmgr_system_admin_user_appfilter – App filter.
    • fmgr_system_admin_user_dashboard – Custom dashboard widgets.
    • fmgr_system_admin_user_dashboardtabs – Custom dashboard.
    • fmgr_system_admin_user_ipsfilter – IPS filter.
    • fmgr_system_admin_user_metadata – Configure meta data.
    • fmgr_system_admin_user_policypackage – Policy package access.
    • fmgr_system_admin_user_restrictdevvdom – Restricted to these devices/VDOMs.
    • fmgr_system_admin_user_webfilter – Web filter.
    • fmgr_system_alertconsole – Alert console.
    • fmgr_system_alertemail – Configure alertemail.
    • fmgr_system_alertevent – Alert events.
    • fmgr_system_alertevent_alertdestination – Alert destination.
    • fmgr_system_autodelete – Automatic deletion policy for logs, reports, archived, and quarantined files.
    • fmgr_system_autodelete_dlpfilesautodeletion – Automatic deletion policy for DLP archives.
    • fmgr_system_autodelete_logautodeletion – Automatic deletion policy for device logs.
    • fmgr_system_autodelete_quarantinefilesautodeletion – Automatic deletion policy for quarantined files.
    • fmgr_system_autodelete_reportautodeletion – Automatic deletion policy for reports.
    • fmgr_system_backup_allsettings – Scheduled backup settings.
    • fmgr_system_certificate_ca – CA certificate.
    • fmgr_system_certificate_crl – Certificate Revocation List.
    • fmgr_system_certificate_local – Local keys and certificates.
    • fmgr_system_certificate_oftp – OFTP certificates and keys.
    • fmgr_system_certificate_remote – Remote certificate.
    • fmgr_system_certificate_ssh – SSH certificates and keys.
    • fmgr_system_connector – Configure connector.
    • fmgr_system_customlanguage – Configure custom languages.
    • fmgr_system_dhcp_server – Configure DHCP servers.
    • fmgr_system_dhcp_server_excluderange – Exclude one or more ranges of IP addresses from being assigned to clients.
    • fmgr_system_dhcp_server_iprange – DHCP IP range configuration.
    • fmgr_system_dhcp_server_options – DHCP options.
    • fmgr_system_dhcp_server_reservedaddress – Options for the DHCP server to assign IP settings to specific MAC addresses.
    • fmgr_system_dm – Configure dm.
    • fmgr_system_dns – DNS configuration.
    • fmgr_system_docker – Docker host.
    • fmgr_system_externalresource – Configure external resource.
    • fmgr_system_fips – Settings for FIPS-CC mode.
    • fmgr_system_fortiguard – Configure FortiGuard services.
    • fmgr_system_fortiview_autocache – FortiView auto-cache settings.
    • fmgr_system_fortiview_setting – FortiView settings.
    • fmgr_system_geoipcountry
    • fmgr_system_geoipoverride – Configure geographical location mapping for IP address(es) to override mappings from FortiGuard.
    • fmgr_system_geoipoverride_ip6range – Table of IPv6 ranges assigned to country.
    • fmgr_system_geoipoverride_iprange – Table of IP ranges assigned to country.
    • fmgr_system_global – Global range attributes.
    • fmgr_system_guiact – System settings through GUI.
    • fmgr_system_ha – HA configuration.
    • fmgr_system_ha_monitoredinterfaces – Monitored interfaces.
    • fmgr_system_ha_monitoredips – Monitored IP addresses.
    • fmgr_system_ha_peer – Peer.
    • fmgr_system_hascheduledcheck – Scheduled HA integrity check.
    • fmgr_system_interface – Interface configuration.
    • fmgr_system_interface_ipv6 – IPv6 of interface.
    • fmgr_system_interface_member – Physical interfaces that belong to the aggregate or redundant interface.
    • fmgr_system_localinpolicy – IPv4 local in policy configuration.
    • fmgr_system_localinpolicy6 – IPv6 local in policy configuration.
    • fmgr_system_locallog_disk_filter – Filter for disk logging.
    • fmgr_system_locallog_disk_setting – Settings for local disk logging.
    • fmgr_system_locallog_fortianalyzer2_filter – Filter for FortiAnalyzer2 logging.
    • fmgr_system_locallog_fortianalyzer2_setting – Settings for locallog to fortianalyzer.
    • fmgr_system_locallog_fortianalyzer3_filter – Filter for FortiAnalyzer3 logging.
    • fmgr_system_locallog_fortianalyzer3_setting – Settings for locallog to fortianalyzer.
    • fmgr_system_locallog_fortianalyzer_filter – Filter for FortiAnalyzer logging.
    • fmgr_system_locallog_fortianalyzer_setting – Settings for locallog to fortianalyzer.
    • fmgr_system_locallog_memory_filter – Filter for memory logging.
    • fmgr_system_locallog_memory_setting – Settings for memory buffer.
    • fmgr_system_locallog_setting – Settings for locallog logging.
    • fmgr_system_locallog_syslogd2_filter – Filter for syslog logging.
    • fmgr_system_locallog_syslogd2_setting – Settings for remote syslog server.
    • fmgr_system_locallog_syslogd3_filter – Filter for syslog logging.
    • fmgr_system_locallog_syslogd3_setting – Settings for remote syslog server.
    • fmgr_system_locallog_syslogd_filter – Filter for syslog logging.
    • fmgr_system_locallog_syslogd_setting – Settings for remote syslog server.
    • fmgr_system_log_alert – Log based alert settings.
    • fmgr_system_log_devicedisable – Disable client device logging.
    • fmgr_system_log_fospolicystats – FortiOS policy statistics settings.
    • fmgr_system_log_interfacestats – Interface statistics settings.
    • fmgr_system_log_ioc – IoC settings.
    • fmgr_system_log_maildomain – FortiMail domain setting.
    • fmgr_system_log_ratelimit – Logging rate limit.
    • fmgr_system_log_ratelimit_device – Device log rate limit.
    • fmgr_system_log_ratelimit_ratelimits – Per device or ADOM log rate limits.
    • fmgr_system_log_settings – Log settings.
    • fmgr_system_log_settings_rollinganalyzer – Log rolling policy for Network Analyzer logs.
    • fmgr_system_log_settings_rollinglocal – Log rolling policy for local logs.
    • fmgr_system_log_settings_rollingregular – Log rolling policy for device logs.
    • fmgr_system_log_topology – Logging topology settings.
    • fmgr_system_logfetch_clientprofile – Log-fetch client profile settings.
    • fmgr_system_logfetch_clientprofile_devicefilter – List of device filter.
    • fmgr_system_logfetch_clientprofile_logfilter – Log content filters.
    • fmgr_system_logfetch_serversettings – Log-fetch server settings.
    • fmgr_system_mail – Alert emails.
    • fmgr_system_mcpolicydisabledadoms – Multicast policy disabled adoms.
    • fmgr_system_meta
    • fmgr_system_meta_sysmetafields
    • fmgr_system_metadata_admins – Configure admins.
    • fmgr_system_npu – Configure NPU attributes.
    • fmgr_system_npu_fpanomaly – NP6Lite anomaly protection (packet drop or send trap to host).
    • fmgr_system_npu_isfnpqueues – Configure queues of switch port connected to NP6 XAUI on ingress path.
    • fmgr_system_npu_portcpumap – Configure NPU interface to CPU core mapping.
    • fmgr_system_npu_portnpumap – Configure port to NPU group mapping.
    • fmgr_system_npu_priorityprotocol – Configure NPU priority protocol.
    • fmgr_system_npu_swehhash – Configure switch enhanced hashing.
    • fmgr_system_ntp – NTP settings.
    • fmgr_system_ntp_ntpserver – NTP server.
    • fmgr_system_objecttagging – Configure object tagging.
    • fmgr_system_passwordpolicy – Password policy.
    • fmgr_system_replacemsggroup – Configure replacement message groups.
    • fmgr_system_replacemsggroup_admin – Replacement message table entries.
    • fmgr_system_replacemsggroup_alertmail – Replacement message table entries.
    • fmgr_system_replacemsggroup_auth – Replacement message table entries.
    • fmgr_system_replacemsggroup_automation – Replacement message table entries.
    • fmgr_system_replacemsggroup_custommessage – Replacement message table entries.
    • fmgr_system_replacemsggroup_devicedetectionportal – Replacement message table entries.
    • fmgr_system_replacemsggroup_ec – Replacement message table entries.
    • fmgr_system_replacemsggroup_fortiguardwf – Replacement message table entries.
    • fmgr_system_replacemsggroup_ftp – Replacement message table entries.
    • fmgr_system_replacemsggroup_http – Replacement message table entries.
    • fmgr_system_replacemsggroup_icap – Replacement message table entries.
    • fmgr_system_replacemsggroup_mail – Replacement message table entries.
    • fmgr_system_replacemsggroup_mm1 – Replacement message table entries.
    • fmgr_system_replacemsggroup_mm3 – Replacement message table entries.
    • fmgr_system_replacemsggroup_mm4 – Replacement message table entries.
    • fmgr_system_replacemsggroup_mm7 – Replacement message table entries.
    • fmgr_system_replacemsggroup_mms – Replacement message table entries.
    • fmgr_system_replacemsggroup_nacquar – Replacement message table entries.
    • fmgr_system_replacemsggroup_nntp – Replacement message table entries.
    • fmgr_system_replacemsggroup_spam – Replacement message table entries.
    • fmgr_system_replacemsggroup_sslvpn – Replacement message table entries.
    • fmgr_system_replacemsggroup_trafficquota – Replacement message table entries.
    • fmgr_system_replacemsggroup_utm – Replacement message table entries.
    • fmgr_system_replacemsggroup_webproxy – Replacement message table entries.
    • fmgr_system_replacemsgimage – Configure replacement message images.
    • fmgr_system_report_autocache – Report auto-cache settings.
    • fmgr_system_report_estbrowsetime – Report estimated browse time settings
    • fmgr_system_report_group – Report group.
    • fmgr_system_report_group_chartalternative – Chart alternatives.
    • fmgr_system_report_group_groupby – Group-by variables.
    • fmgr_system_report_setting – Report settings.
    • fmgr_system_route – Routing table configuration.
    • fmgr_system_route6 – Routing table configuration.
    • fmgr_system_saml – Global settings for SAML authentication.
    • fmgr_system_saml_fabricidp – Authorized identity providers.
    • fmgr_system_sdnconnector – Configure connection to SDN Connector.
    • fmgr_system_sdnconnector_externalaccountlist – Configure AWS external account list.
    • fmgr_system_sdnconnector_externalip – Configure GCP external IP.
    • fmgr_system_sdnconnector_forwardingrule – Configure GCP forwarding rule.
    • fmgr_system_sdnconnector_gcpprojectlist – Configure GCP project list.
    • fmgr_system_sdnconnector_nic – Configure Azure network interface.
    • fmgr_system_sdnconnector_nic_ip – Configure IP configuration.
    • fmgr_system_sdnconnector_route – Configure GCP route.
    • fmgr_system_sdnconnector_routetable – Configure Azure route table.
    • fmgr_system_sdnconnector_routetable_route – Configure Azure route.
    • fmgr_system_smsserver – Configure SMS server for sending SMS messages to support user authentication.
    • fmgr_system_sniffer – Interface sniffer.
    • fmgr_system_snmp_community – SNMP community configuration.
    • fmgr_system_snmp_community_hosts – Allow hosts configuration.
    • fmgr_system_snmp_community_hosts6 – Allow hosts configuration for IPv6.
    • fmgr_system_snmp_sysinfo – SNMP configuration.
    • fmgr_system_snmp_user – SNMP user configuration.
    • fmgr_system_socfabric – SOC Fabric.
    • fmgr_system_sql – SQL settings.
    • fmgr_system_sql_customindex – List of SQL index fields.
    • fmgr_system_sql_customskipidx – List of aditional SQL skip index fields.
    • fmgr_system_sql_tsindexfield – List of SQL text search index fields.
    • fmgr_system_sslciphersuites – Configure preferred SSL/TLS cipher suites
    • fmgr_system_syslog – Syslog servers.
    • fmgr_system_virtualwirepair – Configure virtual wire pairs.
    • fmgr_system_webproxy – Configure system web proxy.
    • fmgr_system_workflow_approvalmatrix – workflow approval matrix.
    • fmgr_system_workflow_approvalmatrix_approver – Approver.
    • fmgr_template
    • fmgr_templategroup
    • fmgr_user_adgrp – Configure FSSO groups.
    • fmgr_user_clearpass
    • fmgr_user_connector
    • fmgr_user_device – Configure devices.
    • fmgr_user_device_dynamicmapping
    • fmgr_user_device_tagging – Config object tagging.
    • fmgr_user_devicecategory – Configure device categories.
    • fmgr_user_devicegroup – Configure device groups.
    • fmgr_user_devicegroup_dynamicmapping
    • fmgr_user_devicegroup_tagging – Config object tagging.
    • fmgr_user_domaincontroller – Configure domain controller entries.
    • fmgr_user_domaincontroller_extraserver – extra servers.
    • fmgr_user_exchange – Configure MS Exchange server entries.
    • fmgr_user_fortitoken – Configure FortiToken.
    • fmgr_user_fsso – Configure Fortinet Single Sign On (FSSO) agents.
    • fmgr_user_fsso_dynamicmapping – Configure Fortinet Single Sign On (FSSO) agents.
    • fmgr_user_fssopolling – Configure FSSO active directory servers for polling mode.
    • fmgr_user_fssopolling_adgrp – LDAP Group Info.
    • fmgr_user_group – Configure user groups.
    • fmgr_user_group_dynamicmapping – Configure user groups.
    • fmgr_user_group_dynamicmapping_guest – Guest User.
    • fmgr_user_group_dynamicmapping_match – Group matches.
    • fmgr_user_group_dynamicmapping_sslvpnoschecklist
    • fmgr_user_group_guest – Guest User.
    • fmgr_user_group_match – Group matches.
    • fmgr_user_krbkeytab – Configure Kerberos keytab entries.
    • fmgr_user_ldap – Configure LDAP server entries.
    • fmgr_user_ldap_dynamicmapping – Configure LDAP server entries.
    • fmgr_user_local – Configure local users.
    • fmgr_user_nsx
    • fmgr_user_nsx_service
    • fmgr_user_passwordpolicy – Configure user password policy.
    • fmgr_user_peer – Configure peer users.
    • fmgr_user_peergrp – Configure peer groups.
    • fmgr_user_pop3 – POP3 server entry configuration.
    • fmgr_user_pxgrid
    • fmgr_user_radius – Configure RADIUS server entries.
    • fmgr_user_radius_accountingserver – Additional accounting servers.
    • fmgr_user_radius_dynamicmapping – Configure RADIUS server entries.
    • fmgr_user_radius_dynamicmapping_accountingserver – Additional accounting servers.
    • fmgr_user_saml – SAML server entry configuration.
    • fmgr_user_securityexemptlist – Configure security exemption list.
    • fmgr_user_securityexemptlist_rule – Configure rules for exempting users from captive portal authentication.
    • fmgr_user_tacacs – Configure TACACS+ server entries.
    • fmgr_user_tacacs_dynamicmapping – Configure TACACS+ server entries.
    • fmgr_user_vcenter
    • fmgr_user_vcenter_rule
    • fmgr_utmprofile – Configure UTM (Unified Threat Management) profile.
    • fmgr_vap – Configure Virtual Access Points (VAPs).
    • fmgr_vap_dynamicmapping – Configure Virtual Access Points (VAPs).
    • fmgr_vap_macfilterlist – Create a list of MAC addresses for MAC address filtering.
    • fmgr_vap_mpskkey – Pre-shared keys that can be used to connect to this virtual access point.
    • fmgr_vap_portalmessageoverrides – Individual message overrides.
    • fmgr_vap_vlanname – Table for mapping VLAN name to VLAN ID.
    • fmgr_vap_vlanpool – VLAN pool.
    • fmgr_vapgroup – Configure virtual Access Point (VAP) groups.
    • fmgr_videofilter_profile – Configure VideoFilter profile.
    • fmgr_videofilter_profile_fortiguardcategory – Configure FortiGuard categories.
    • fmgr_videofilter_profile_fortiguardcategory_filters – Configure VideoFilter FortiGuard category.
    • fmgr_videofilter_youtubechannelfilter – Configure YouTube channel filter.
    • fmgr_videofilter_youtubechannelfilter_entries – YouTube filter entries.
    • fmgr_voip_profile – Configure VoIP profiles.
    • fmgr_voip_profile_msrp – MSRP.
    • fmgr_voip_profile_sccp – SCCP.
    • fmgr_voip_profile_sip – SIP.
    • fmgr_vpn_certificate_ca – CA certificate.
    • fmgr_vpn_certificate_ocspserver – OCSP server configuration.
    • fmgr_vpn_certificate_remote – Remote certificate as a PEM file.
    • fmgr_vpn_ipsec_fec – Configure Forward Error Correction (FEC) mapping profiles.
    • fmgr_vpn_ipsec_fec_mappings – FEC redundancy mapping table.
    • fmgr_vpn_ssl_settings – Configure SSL VPN.
    • fmgr_vpn_ssl_settings_authenticationrule – Authentication rule for SSL VPN.
    • fmgr_vpnmgr_node – VPN node for VPN Manager.
    • fmgr_vpnmgr_node_iprange
    • fmgr_vpnmgr_node_ipv4excluderange
    • fmgr_vpnmgr_node_protectedsubnet
    • fmgr_vpnmgr_node_summaryaddr
    • fmgr_vpnmgr_vpntable
    • fmgr_vpnsslweb_hostchecksoftware – SSL-VPN host check software.
    • fmgr_vpnsslweb_hostchecksoftware_checkitemlist – Check item list.
    • fmgr_vpnsslweb_portal – Portal.
    • fmgr_vpnsslweb_portal_bookmarkgroup – Portal bookmark group.
    • fmgr_vpnsslweb_portal_bookmarkgroup_bookmarks – Bookmark table.
    • fmgr_vpnsslweb_portal_bookmarkgroup_bookmarks_formdata – Form data.
    • fmgr_vpnsslweb_portal_macaddrcheckrule – Client MAC address check rule.
    • fmgr_vpnsslweb_portal_oschecklist – SSL VPN OS checks.
    • fmgr_vpnsslweb_portal_splitdns – Split DNS for SSL VPN.
    • fmgr_vpnsslweb_realm – Realm.
    • fmgr_waf_mainclass – Hidden table for datasource.
    • fmgr_waf_profile – Web application firewall configuration.
    • fmgr_waf_profile_addresslist – Black address list and white address list.
    • fmgr_waf_profile_constraint – WAF HTTP protocol restrictions.
    • fmgr_waf_profile_constraint_contentlength – HTTP content length in request.
    • fmgr_waf_profile_constraint_exception – HTTP constraint exception.
    • fmgr_waf_profile_constraint_headerlength – HTTP header length in request.
    • fmgr_waf_profile_constraint_hostname – Enable/disable hostname check.
    • fmgr_waf_profile_constraint_linelength – HTTP line length in request.
    • fmgr_waf_profile_constraint_malformed – Enable/disable malformed HTTP request check.
    • fmgr_waf_profile_constraint_maxcookie – Maximum number of cookies in HTTP request.
    • fmgr_waf_profile_constraint_maxheaderline – Maximum number of HTTP header line.
    • fmgr_waf_profile_constraint_maxrangesegment – Maximum number of range segments in HTTP range line.
    • fmgr_waf_profile_constraint_maxurlparam – Maximum number of parameters in URL.
    • fmgr_waf_profile_constraint_method – Enable/disable HTTP method check.
    • fmgr_waf_profile_constraint_paramlength – Maximum length of parameter in URL, HTTP POST request or HTTP body.
    • fmgr_waf_profile_constraint_urlparamlength – Maximum length of parameter in URL.
    • fmgr_waf_profile_constraint_version – Enable/disable HTTP version check.
    • fmgr_waf_profile_method – Method restriction.
    • fmgr_waf_profile_method_methodpolicy – HTTP method policy.
    • fmgr_waf_profile_signature – WAF signatures.
    • fmgr_waf_profile_signature_customsignature – Custom signature.
    • fmgr_waf_profile_signature_mainclass – Main signature class.
    • fmgr_waf_profile_urlaccess – URL access list
    • fmgr_waf_profile_urlaccess_accesspattern – URL access pattern.
    • fmgr_waf_signature – Hidden table for datasource.
    • fmgr_waf_subclass – Hidden table for datasource.
    • fmgr_wagprofile – Configure wireless access gateway (WAG) profiles used for tunnels on AP.
    • fmgr_wanopt_authgroup – Configure WAN optimization authentication groups.
    • fmgr_wanopt_peer – Configure WAN optimization peers.
    • fmgr_wanopt_profile – Configure WAN optimization profiles.
    • fmgr_wanopt_profile_cifs – Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.
    • fmgr_wanopt_profile_ftp – Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
    • fmgr_wanopt_profile_http – Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
    • fmgr_wanopt_profile_mapi – Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.
    • fmgr_wanopt_profile_tcp – Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
    • fmgr_wanprof_system_sdwan – Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
      • Synopsis
      • Requirements
      • FortiManager Version Compatibility
      • Parameters
      • Notes
      • Examples
      • Return Values
      • Status
      • Authors
    • fmgr_wanprof_system_sdwan_duplication – Create SD-WAN duplication rule.
    • fmgr_wanprof_system_sdwan_healthcheck – SD-WAN status checking or health checking.
    • fmgr_wanprof_system_sdwan_healthcheck_sla – Service level agreement (SLA).
    • fmgr_wanprof_system_sdwan_members – FortiGate interfaces added to the SD-WAN.
    • fmgr_wanprof_system_sdwan_neighbor – Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status.
    • fmgr_wanprof_system_sdwan_service – Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN.
    • fmgr_wanprof_system_sdwan_service_sla – Service level agreement (SLA).
    • fmgr_wanprof_system_sdwan_zone – Configure SD-WAN zones.
    • fmgr_wanprof_system_virtualwanlink – Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
    • fmgr_wanprof_system_virtualwanlink_healthcheck – SD-WAN status checking or health checking.
    • fmgr_wanprof_system_virtualwanlink_healthcheck_sla – Service level agreement (SLA).
    • fmgr_wanprof_system_virtualwanlink_members – Physical FortiGate interfaces added to the virtual-wan-link.
    • fmgr_wanprof_system_virtualwanlink_neighbor – SD-WAN neighbor table.
    • fmgr_wanprof_system_virtualwanlink_service – Create SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the SD-WAN.
    • fmgr_wanprof_system_virtualwanlink_service_sla – Service level agreement (SLA).
    • fmgr_webfilter_categories
    • fmgr_webfilter_content – Configure Web filter banned word table.
    • fmgr_webfilter_content_entries – Configure banned word entries.
    • fmgr_webfilter_contentheader – Configure content types used by Web filter.
    • fmgr_webfilter_contentheader_entries – Configure content types used by web filter.
    • fmgr_webfilter_ftgdlocalcat – Configure FortiGuard Web Filter local categories.
    • fmgr_webfilter_ftgdlocalrating – Configure local FortiGuard Web Filter local ratings.
    • fmgr_webfilter_profile – Configure Web filter profiles.
    • fmgr_webfilter_profile_antiphish – AntiPhishing profile.
    • fmgr_webfilter_profile_antiphish_custompatterns – Custom username and password regex patterns.
    • fmgr_webfilter_profile_antiphish_inspectionentries – AntiPhishing entries.
    • fmgr_webfilter_profile_filefilter – File filter.
    • fmgr_webfilter_profile_filefilter_entries – File filter entries.
    • fmgr_webfilter_profile_ftgdwf – FortiGuard Web Filter settings.
    • fmgr_webfilter_profile_ftgdwf_filters – FortiGuard filters.
    • fmgr_webfilter_profile_ftgdwf_quota – FortiGuard traffic quota settings.
    • fmgr_webfilter_profile_override – Web Filter override settings.
    • fmgr_webfilter_profile_urlextraction – Configure URL Extraction
    • fmgr_webfilter_profile_web – Web content filtering settings.
    • fmgr_webfilter_profile_youtubechannelfilter – YouTube channel filter.
    • fmgr_webfilter_urlfilter – Configure URL filter lists.
    • fmgr_webfilter_urlfilter_entries – URL filter entries.
    • fmgr_webproxy_forwardserver – Configure forward-server addresses.
    • fmgr_webproxy_forwardservergroup – Configure a forward server group consisting or multiple forward servers.
    • fmgr_webproxy_forwardservergroup_serverlist – Add web forward servers to a list to form a server group.
    • fmgr_webproxy_profile – Configure web proxy profiles.
    • fmgr_webproxy_profile_headers – Configure HTTP forwarded requests headers.
    • fmgr_webproxy_wisp – Configure Wireless Internet service provider (WISP) servers.
    • fmgr_widsprofile – Configure wireless intrusion detection system (WIDS) profiles.
    • fmgr_wtpprofile – Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
    • fmgr_wtpprofile_denymaclist – List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
    • fmgr_wtpprofile_eslsesdongle – ESL SES-imagotag dongle configuration.
    • fmgr_wtpprofile_lan – WTP LAN port mapping.
    • fmgr_wtpprofile_lbs – Set various location based service (LBS) options.
    • fmgr_wtpprofile_platform – WTP, FortiAP, or AP platform.
    • fmgr_wtpprofile_radio1 – Configuration options for radio 1.
    • fmgr_wtpprofile_radio2 – Configuration options for radio 2.
    • fmgr_wtpprofile_radio3 – Configuration options for radio 3.
    • fmgr_wtpprofile_radio4 – Configuration options for radio 4.
    • fmgr_wtpprofile_splittunnelingacl – Split tunneling ACL filter list.
  • Facts Gathering Modules
  • Object Manipulating Modules
  • Export Playbooks
  • Daemon Modules
  • Generic Modules

APPENDICES

  • Release Notes
Fortinet FortiManager Ansible Collection
  • Docs »
  • Object Oriented Modules »
  • fmgr_wanprof_system_sdwan – Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
  • Edit on GitHub

fmgr_wanprof_system_sdwan – Configure redundant internet connections using SD-WAN (formerly virtual WAN link).¶

New in version 2.10.

  • Synopsis
  • Requirements
  • FortiManager Version Compatibility
  • Parameters
  • Notes
  • Examples
  • Return Values
  • Status
  • Authors

Synopsis¶

  • This module is able to configure a FortiManager device.
  • Examples include all parameters and values need to be adjusted to data sources before usage.

Requirements¶

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

FortiManager Version Compatibility¶


6.4.2 6.4.5 7.0.0 7.2.0
wanprof_system_sdwan yes yes yes yes

Parameters¶

  • enable_log - Enable/Disable logging for task type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0 type: str required: false
  • proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
  • bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters type: bool required: false default: False
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
  • adom - The parameter in requested url type: str required: true
  • wanprof - The parameter in requested url type: str required: true
  • wanprof_system_sdwan - no description type: dict
    • duplication - No description for the parameter type: array more...
      6.4.2 6.4.5 7.0.0 7.2.0
      duplication True True True True
      • dstaddr - Destination address or address group names. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dstaddr True True True True
      • dstaddr6 - Destination address6 or address6 group names. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dstaddr6 True True True True
      • dstintf - Outgoing (egress) interfaces or zones. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dstintf True True True True
      • id - Duplication rule ID (1 - 255). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        id True True True True
      • packet-de-duplication - Enable/disable discarding of packets that have been duplicated. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        packet-de-duplication True True True True
      • packet-duplication - Configure packet duplication method. type: str choices: [disable, force, on-demand] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        packet-duplication True True True True
      • service - Service and service group name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        service True True True True
      • srcaddr - Source address or address group names. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        srcaddr True True True True
      • srcaddr6 - Source address6 or address6 group names. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        srcaddr6 True True True True
      • srcintf - Incoming (ingress) interfaces or zones. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        srcintf True True True True
      • service-id - SD-WAN service rule ID list. type: str more...
        6.4.5 7.0.0 7.2.0
        service-id True True True
      • sla-match-service - Enable/disable packet duplication matching health-check SLAs in service rule. type: str choices: [disable, enable] more...
        7.2.0
        sla-match-service True
    • duplication-max-num - Maximum number of interface members a packet is duplicated in the SD-WAN zone (2 - 4, default = 2; if set to 3, the original packet plus 2 more copies are created). type: int more...
      6.4.2 6.4.5 7.0.0 7.2.0
      duplication-max-num True True True True
    • fail-detect - Enable/disable SD-WAN Internet connection status checking (failure detection). type: str choices: [disable, enable] more...
      6.4.2 6.4.5 7.0.0 7.2.0
      fail-detect True True True True
    • health-check - No description for the parameter type: array more...
      6.4.2 6.4.5 7.0.0 7.2.0
      health-check True True True True
      • _dynamic-server - No description for the parameter type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        _dynamic-server True True False False
      • addr-mode - Address mode (IPv4 or IPv6). type: str choices: [ipv4, ipv6] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        addr-mode True True True True
      • diffservcode - Differentiated services code point (DSCP) in the IP header of the probe packet. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        diffservcode True True True True
      • dns-match-ip - Response IP expected from DNS server if the protocol is DNS. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dns-match-ip True True True True
      • dns-request-domain - Fully qualified domain name to resolve for the DNS probe. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dns-request-domain True True True True
      • failtime - Number of failures before server is considered lost (1 - 3600, default = 5). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        failtime True True True True
      • ftp-file - Full path and file name on the FTP server to download for FTP health-check to probe. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        ftp-file True True True True
      • ftp-mode - FTP mode. type: str choices: [passive, port] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        ftp-mode True True True True
      • ha-priority - HA election priority (1 - 50). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        ha-priority True True True True
      • http-agent - String in the http-agent field in the HTTP header. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        http-agent True True True True
      • http-get - URL used to communicate with the server if the protocol if the protocol is HTTP. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        http-get True True True True
      • http-match - Response string expected from the server if the protocol is HTTP. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        http-match True True True True
      • interval - Status check interval in milliseconds, or the time between attempting to connect to the server (500 - 3600*1000 msec, default = 500). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        interval True True True True
      • members - Member sequence number list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        members True True True True
      • name - Status check or health check name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        name True True True True
      • packet-size - Packet size of a twamp test session, type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        packet-size True True True True
      • password - No description for the parameter type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        password True True True True
      • port - Port number used to communicate with the server over the selected protocol (0-65535, default = 0, auto select. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        port True True True True
      • probe-count - Number of most recent probes that should be used to calculate latency and jitter (5 - 30, default = 30). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        probe-count True True True True
      • probe-packets - Enable/disable transmission of probe packets. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        probe-packets True True True True
      • probe-timeout - Time to wait before a probe packet is considered lost (500 - 3600*1000 msec, default = 500). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        probe-timeout True True True True
      • protocol - Protocol used to determine if the FortiGate can communicate with the server. type: str choices: [ping, tcp-echo, udp-echo, http, twamp, ping6, dns, tcp-connect, ftp] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        protocol True True True True
      • quality-measured-method - Method to measure the quality of tcp-connect. type: str choices: [half-close, half-open] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        quality-measured-method True True True True
      • recoverytime - Number of successful responses received before server is considered recovered (1 - 3600, default = 5). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        recoverytime True True True True
      • security-mode - Twamp controller security mode. type: str choices: [none, authentication] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        security-mode True True True True
      • server - No description for the parameter type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        server True True True True
      • sla - No description for the parameter type: array more...
        6.4.2 6.4.5 7.0.0 7.2.0
        sla True True True True
        • id - SLA ID. type: int more...
          6.4.2 6.4.5 7.0.0 7.2.0
          id True True True True
        • jitter-threshold - Jitter for SLA to make decision in milliseconds. type: int more...
          6.4.2 6.4.5 7.0.0 7.2.0
          jitter-threshold True True True True
        • latency-threshold - Latency for SLA to make decision in milliseconds. type: int more...
          6.4.2 6.4.5 7.0.0 7.2.0
          latency-threshold True True True True
        • link-cost-factor - No description for the parameter type: array choices: [latency, jitter, packet-loss, mos] more...
          6.4.2 6.4.5 7.0.0 7.2.0
          link-cost-factor True True True True
        • packetloss-threshold - Packet loss for SLA to make decision in percentage. type: int more...
          6.4.2 6.4.5 7.0.0 7.2.0
          packetloss-threshold True True True True
        • mos-threshold - Minimum Mean Opinion Score for SLA to be marked as pass. type: str more...
          7.2.0
          mos-threshold True
      • sla-fail-log-period - Time interval in seconds that SLA fail log messages will be generated (0 - 3600, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        sla-fail-log-period True True True True
      • sla-pass-log-period - Time interval in seconds that SLA pass log messages will be generated (0 - 3600, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        sla-pass-log-period True True True True
      • system-dns - Enable/disable system DNS as the probe server. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        system-dns True True True True
      • threshold-alert-jitter - Alert threshold for jitter (ms, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        threshold-alert-jitter True True True True
      • threshold-alert-latency - Alert threshold for latency (ms, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        threshold-alert-latency True True True True
      • threshold-alert-packetloss - Alert threshold for packet loss (percentage, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        threshold-alert-packetloss True True True True
      • threshold-warning-jitter - Warning threshold for jitter (ms, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        threshold-warning-jitter True True True True
      • threshold-warning-latency - Warning threshold for latency (ms, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        threshold-warning-latency True True True True
      • threshold-warning-packetloss - Warning threshold for packet loss (percentage, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        threshold-warning-packetloss True True True True
      • update-cascade-interface - Enable/disable update cascade interface. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        update-cascade-interface True True True True
      • update-static-route - Enable/disable updating the static route. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        update-static-route True True True True
      • user - The user name to access probe server. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        user True True True True
      • detect-mode - The mode determining how to detect the server. type: str choices: [active, passive, prefer-passive] more...
        7.0.0 7.2.0
        detect-mode True True
      • mos-codec - Codec to use for MOS calculation (default = g711). type: str choices: [g711, g722, g729] more...
        7.2.0
        mos-codec True
      • source - Source IP address used in the health-check packet to the server. type: str more...
        7.2.0
        source True
      • vrf - Virtual Routing Forwarding ID. type: int more...
        7.2.0
        vrf True
    • load-balance-mode - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. type: str choices: [source-ip-based, weight-based, usage-based, source-dest-ip-based, measured-volume-based] more...
      6.4.2 6.4.5 7.0.0 7.2.0
      load-balance-mode True True True True
    • members - No description for the parameter type: array more...
      6.4.2 6.4.5 7.0.0 7.2.0
      members True True True True
      • _dynamic-member - No description for the parameter type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        _dynamic-member True True False False
      • comment - Comments. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        comment True True True True
      • cost - Cost of this interface for services in SLA mode (0 - 4294967295, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        cost True True True True
      • gateway - The default gateway for this interface. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        gateway True True True True
      • gateway6 - IPv6 gateway. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        gateway6 True True True True
      • ingress-spillover-threshold - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        ingress-spillover-threshold True True True True
      • interface - Interface name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        interface True True True True
      • priority - Priority of the interface (0 - 65535). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        priority True True True True
      • seq-num - Sequence number(1-512). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        seq-num True True True True
      • source - Source IP address used in the health-check packet to the server. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        source True True True True
      • source6 - Source IPv6 address used in the health-check packet to the server. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        source6 True True True True
      • spillover-threshold - Egress spillover threshold for this interface (0 - 16776000 kbit/s). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        spillover-threshold True True True True
      • status - Enable/disable this interface in the SD-WAN. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        status True True True True
      • volume-ratio - Measured volume ratio (this value / sum of all values = percentage of link volume, 1 - 255). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        volume-ratio True True True True
      • weight - Weight of this interface for weighted load balancing. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        weight True True True True
      • zone - Zone name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        zone True True True True
      • priority6 - Priority of the interface for IPv6 (1 - 65535, default = 1024). type: int more...
        7.0.0 7.2.0
        priority6 True True
    • neighbor - No description for the parameter type: array more...
      6.4.2 6.4.5 7.0.0 7.2.0
      neighbor True True True True
      • health-check - SD-WAN health-check name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        health-check True True True True
      • ip - IP/IPv6 address of neighbor. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        ip True True True True
      • member - Member sequence number. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        member True True True True
      • role - Role of neighbor. type: str choices: [primary, secondary, standalone] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        role True True True True
      • sla-id - SLA ID. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        sla-id True True True True
      • minimum-sla-meet-members - Minimum number of members which meet SLA when the neighbor is preferred. type: int more...
        7.2.0
        minimum-sla-meet-members True
      • mode - What metric to select the neighbor. type: str choices: [sla, speedtest] more...
        7.2.0
        mode True
    • neighbor-hold-boot-time - Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. type: int more...
      6.4.2 6.4.5 7.0.0 7.2.0
      neighbor-hold-boot-time True True True True
    • neighbor-hold-down - Enable/disable hold switching from the secondary neighbor to the primary neighbor. type: str choices: [disable, enable] more...
      6.4.2 6.4.5 7.0.0 7.2.0
      neighbor-hold-down True True True True
    • neighbor-hold-down-time - Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. type: int more...
      6.4.2 6.4.5 7.0.0 7.2.0
      neighbor-hold-down-time True True True True
    • service - No description for the parameter type: array more...
      6.4.2 6.4.5 7.0.0 7.2.0
      service True True True True
      • addr-mode - Address mode (IPv4 or IPv6). type: str choices: [ipv4, ipv6] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        addr-mode True True True True
      • bandwidth-weight - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        bandwidth-weight True True True True
      • default - Enable/disable use of SD-WAN as default service. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        default True True True True
      • dscp-forward - Enable/disable forward traffic DSCP tag. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dscp-forward True True True True
      • dscp-forward-tag - Forward traffic DSCP tag. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dscp-forward-tag True True True True
      • dscp-reverse - Enable/disable reverse traffic DSCP tag. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dscp-reverse True True True True
      • dscp-reverse-tag - Reverse traffic DSCP tag. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dscp-reverse-tag True True True True
      • dst - Destination address name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dst True True True True
      • dst-negate - Enable/disable negation of destination address match. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dst-negate True True True True
      • dst6 - Destination address6 name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        dst6 True True True True
      • end-port - End destination port number. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        end-port True True True True
      • gateway - Enable/disable SD-WAN service gateway. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        gateway True True True True
      • groups - User groups. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        groups True True True True
      • hash-mode - Hash algorithm for selected priority members for load balance mode. type: str choices: [round-robin, source-ip-based, source-dest-ip-based, inbandwidth, outbandwidth, bibandwidth] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        hash-mode True True True True
      • health-check - Health check list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        health-check True True True True
      • hold-down-time - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000, default = 0). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        hold-down-time True True True True
      • id - SD-WAN rule ID (1 - 4000). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        id True True True True
      • input-device - Source interface name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        input-device True True True True
      • input-device-negate - Enable/disable negation of input device match. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        input-device-negate True True True True
      • internet-service - Enable/disable use of Internet service for application-based load balancing. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        internet-service True True True True
      • internet-service-app-ctrl - No description for the parameter type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        internet-service-app-ctrl True True True True
      • internet-service-app-ctrl-group - Application control based Internet Service group list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        internet-service-app-ctrl-group True True True True
      • internet-service-custom - Custom Internet service name list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        internet-service-custom True True True True
      • internet-service-custom-group - Custom Internet Service group list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        internet-service-custom-group True True True True
      • internet-service-group - Internet Service group list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        internet-service-group True True True True
      • internet-service-name - Internet service name list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        internet-service-name True True True True
      • jitter-weight - Coefficient of jitter in the formula of custom-profile-1. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        jitter-weight True True True True
      • latency-weight - Coefficient of latency in the formula of custom-profile-1. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        latency-weight True True True True
      • link-cost-factor - Link cost factor. type: str choices: [latency, jitter, packet-loss, inbandwidth, outbandwidth, bibandwidth, custom-profile-1] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        link-cost-factor True True True True
      • link-cost-threshold - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10). type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        link-cost-threshold True True True True
      • minimum-sla-meet-members - Minimum number of members which meet SLA. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        minimum-sla-meet-members True True True True
      • mode - Control how the SD-WAN rule sets the priority of interfaces in the SD-WAN. type: str choices: [auto, manual, priority, sla, load-balance] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        mode True True True True
      • name - SD-WAN rule name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        name True True True True
      • packet-loss-weight - Coefficient of packet-loss in the formula of custom-profile-1. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        packet-loss-weight True True True True
      • priority-members - Member sequence number list. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        priority-members True True True True
      • protocol - Protocol number. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        protocol True True True True
      • quality-link - Quality grade. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        quality-link True True True True
      • role - Service role to work with neighbor. type: str choices: [primary, secondary, standalone] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        role True True True True
      • route-tag - IPv4 route map route-tag. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        route-tag True True True True
      • sla - No description for the parameter type: array more...
        6.4.2 6.4.5 7.0.0 7.2.0
        sla True True True True
        • health-check - SD-WAN health-check. type: str more...
          6.4.2 6.4.5 7.0.0 7.2.0
          health-check True True True True
        • id - SLA ID. type: int more...
          6.4.2 6.4.5 7.0.0 7.2.0
          id True True True True
      • sla-compare-method - Method to compare SLA value for SLA mode. type: str choices: [order, number] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        sla-compare-method True True True True
      • src - Source address name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        src True True True True
      • src-negate - Enable/disable negation of source address match. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        src-negate True True True True
      • src6 - Source address6 name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        src6 True True True True
      • standalone-action - Enable/disable service when selected neighbor role is standalone while service role is not standalone. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        standalone-action True True True True
      • start-port - Start destination port number. type: int more...
        6.4.2 6.4.5 7.0.0 7.2.0
        start-port True True True True
      • status - Enable/disable SD-WAN service. type: str choices: [disable, enable] more...
        6.4.2 6.4.5 7.0.0 7.2.0
        status True True True True
      • tos - Type of service bit pattern. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        tos True True True True
      • tos-mask - Type of service evaluated bits. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        tos-mask True True True True
      • users - User name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        users True True True True
      • tie-break - Method of selecting member if more than one meets the SLA. type: str choices: [zone, cfg-order, fib-best-match, input-device] more...
        6.4.5 7.0.0 7.2.0
        tie-break True True True
      • use-shortcut-sla - Enable/disable use of ADVPN shortcut for quality comparison. type: str choices: [disable, enable] more...
        6.4.5 7.0.0 7.2.0
        use-shortcut-sla True True True
      • input-zone - No description for the parameter type: str more...
        7.2.0
        input-zone True
      • internet-service-app-ctrl-category - No description for the parameter type: int more...
        7.2.0
        internet-service-app-ctrl-category True
      • passive-measurement - Enable/disable passive measurement based on the service criteria. type: str choices: [disable, enable] more...
        7.2.0
        passive-measurement True
      • priority-zone - No description for the parameter type: str more...
        7.2.0
        priority-zone True
    • status - Enable/disable SD-WAN. type: str choices: [disable, enable] more...
      6.4.2 6.4.5 7.0.0 7.2.0
      status True True True True
    • zone - No description for the parameter type: array more...
      6.4.2 6.4.5 7.0.0 7.2.0
      zone True True True True
      • name - Zone name. type: str more...
        6.4.2 6.4.5 7.0.0 7.2.0
        name True True True True
      • service-sla-tie-break - Method of selecting member if more than one meets the SLA. type: str choices: [cfg-order, fib-best-match, input-device] more...
        6.4.5 7.0.0 7.2.0
        service-sla-tie-break True True True
    • speedtest-bypass-routing - Enable/disable bypass routing when speedtest on a SD-WAN member. type: str choices: [disable, enable] more...
      7.2.0
      speedtest-bypass-routing True

Notes¶

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
  • To create or update an object, use state: present directive.
  • To delete an object, use state: absent directive
  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples¶

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: no description
     fmgr_wanprof_system_sdwan:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        wanprof: <your own value>
        wanprof_system_sdwan:
           duplication:
             -
                 dstaddr: <value of string>
                 dstaddr6: <value of string>
                 dstintf: <value of string>
                 id: <value of integer>
                 packet-de-duplication: <value in [disable, enable]>
                 packet-duplication: <value in [disable, force, on-demand]>
                 service: <value of string>
                 srcaddr: <value of string>
                 srcaddr6: <value of string>
                 srcintf: <value of string>
                 service-id: <value of string>
                 sla-match-service: <value in [disable, enable]>
           duplication-max-num: <value of integer>
           fail-detect: <value in [disable, enable]>
           health-check:
             -
                 _dynamic-server: <value of string>
                 addr-mode: <value in [ipv4, ipv6]>
                 diffservcode: <value of string>
                 dns-match-ip: <value of string>
                 dns-request-domain: <value of string>
                 failtime: <value of integer>
                 ftp-file: <value of string>
                 ftp-mode: <value in [passive, port]>
                 ha-priority: <value of integer>
                 http-agent: <value of string>
                 http-get: <value of string>
                 http-match: <value of string>
                 interval: <value of integer>
                 members: <value of string>
                 name: <value of string>
                 packet-size: <value of integer>
                 password: <value of string>
                 port: <value of integer>
                 probe-count: <value of integer>
                 probe-packets: <value in [disable, enable]>
                 probe-timeout: <value of integer>
                 protocol: <value in [ping, tcp-echo, udp-echo, ...]>
                 quality-measured-method: <value in [half-close, half-open]>
                 recoverytime: <value of integer>
                 security-mode: <value in [none, authentication]>
                 server: <value of string>
                 sla:
                   -
                       id: <value of integer>
                       jitter-threshold: <value of integer>
                       latency-threshold: <value of integer>
                       link-cost-factor:
                         - latency
                         - jitter
                         - packet-loss
                         - mos
                       packetloss-threshold: <value of integer>
                       mos-threshold: <value of string>
                 sla-fail-log-period: <value of integer>
                 sla-pass-log-period: <value of integer>
                 system-dns: <value in [disable, enable]>
                 threshold-alert-jitter: <value of integer>
                 threshold-alert-latency: <value of integer>
                 threshold-alert-packetloss: <value of integer>
                 threshold-warning-jitter: <value of integer>
                 threshold-warning-latency: <value of integer>
                 threshold-warning-packetloss: <value of integer>
                 update-cascade-interface: <value in [disable, enable]>
                 update-static-route: <value in [disable, enable]>
                 user: <value of string>
                 detect-mode: <value in [active, passive, prefer-passive]>
                 mos-codec: <value in [g711, g722, g729]>
                 source: <value of string>
                 vrf: <value of integer>
           load-balance-mode: <value in [source-ip-based, weight-based, usage-based, ...]>
           members:
             -
                 _dynamic-member: <value of string>
                 comment: <value of string>
                 cost: <value of integer>
                 gateway: <value of string>
                 gateway6: <value of string>
                 ingress-spillover-threshold: <value of integer>
                 interface: <value of string>
                 priority: <value of integer>
                 seq-num: <value of integer>
                 source: <value of string>
                 source6: <value of string>
                 spillover-threshold: <value of integer>
                 status: <value in [disable, enable]>
                 volume-ratio: <value of integer>
                 weight: <value of integer>
                 zone: <value of string>
                 priority6: <value of integer>
           neighbor:
             -
                 health-check: <value of string>
                 ip: <value of string>
                 member: <value of string>
                 role: <value in [primary, secondary, standalone]>
                 sla-id: <value of integer>
                 minimum-sla-meet-members: <value of integer>
                 mode: <value in [sla, speedtest]>
           neighbor-hold-boot-time: <value of integer>
           neighbor-hold-down: <value in [disable, enable]>
           neighbor-hold-down-time: <value of integer>
           service:
             -
                 addr-mode: <value in [ipv4, ipv6]>
                 bandwidth-weight: <value of integer>
                 default: <value in [disable, enable]>
                 dscp-forward: <value in [disable, enable]>
                 dscp-forward-tag: <value of string>
                 dscp-reverse: <value in [disable, enable]>
                 dscp-reverse-tag: <value of string>
                 dst: <value of string>
                 dst-negate: <value in [disable, enable]>
                 dst6: <value of string>
                 end-port: <value of integer>
                 gateway: <value in [disable, enable]>
                 groups: <value of string>
                 hash-mode: <value in [round-robin, source-ip-based, source-dest-ip-based, ...]>
                 health-check: <value of string>
                 hold-down-time: <value of integer>
                 id: <value of integer>
                 input-device: <value of string>
                 input-device-negate: <value in [disable, enable]>
                 internet-service: <value in [disable, enable]>
                 internet-service-app-ctrl: <value of integer>
                 internet-service-app-ctrl-group: <value of string>
                 internet-service-custom: <value of string>
                 internet-service-custom-group: <value of string>
                 internet-service-group: <value of string>
                 internet-service-name: <value of string>
                 jitter-weight: <value of integer>
                 latency-weight: <value of integer>
                 link-cost-factor: <value in [latency, jitter, packet-loss, ...]>
                 link-cost-threshold: <value of integer>
                 minimum-sla-meet-members: <value of integer>
                 mode: <value in [auto, manual, priority, ...]>
                 name: <value of string>
                 packet-loss-weight: <value of integer>
                 priority-members: <value of string>
                 protocol: <value of integer>
                 quality-link: <value of integer>
                 role: <value in [primary, secondary, standalone]>
                 route-tag: <value of integer>
                 sla:
                   -
                       health-check: <value of string>
                       id: <value of integer>
                 sla-compare-method: <value in [order, number]>
                 src: <value of string>
                 src-negate: <value in [disable, enable]>
                 src6: <value of string>
                 standalone-action: <value in [disable, enable]>
                 start-port: <value of integer>
                 status: <value in [disable, enable]>
                 tos: <value of string>
                 tos-mask: <value of string>
                 users: <value of string>
                 tie-break: <value in [zone, cfg-order, fib-best-match, ...]>
                 use-shortcut-sla: <value in [disable, enable]>
                 input-zone: <value of string>
                 internet-service-app-ctrl-category: <value of integer>
                 passive-measurement: <value in [disable, enable]>
                 priority-zone: <value of string>
           status: <value in [disable, enable]>
           zone:
             -
                 name: <value of string>
                 service-sla-tie-break: <value in [cfg-order, fib-best-match, input-device]>
           speedtest-bypass-routing: <value in [disable, enable]>

Return Values¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • request_url - The full url requested returned: always type: str sample: /sys/login/user
  • response_code - The status of api request returned: always type: int sample: 0
  • response_message - The descriptive message of the api response returned: always type: str sample: OK
  • response_data - The data body of the api response returned: optional type: list or dict

Status¶

  • This module is not guaranteed to have a backwards compatible interface.

Authors¶

  • Link Zheng (@chillancezen)
  • Jie Xue (@JieX19)
  • Frank Shen (@fshen01)
  • Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.

Next Previous

© Copyright 2020-2021, Fortinet Revision de327372.

Built with Sphinx using a theme provided by Read the Docs.