fmgr_vap – Configure Virtual Access Points (VAPs).
Added in version 2.0.0.
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
Argument name before 3.0.0:
var-name,var name,var.nameNew argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v6.x and v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiManager Version Compatibility
Supported Version Ranges: v6.0.0 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- vap - Configure Virtual Access Points type: dict
- _centmgmt _centmgmt. type: str choices: [disable, enable] default: disable more...
- _dhcp_svr_id _dhcp_svr_id. type: str more...
- _intf_allowaccess _intf_allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- _intf_device_identification (Alias name: _intf_device-identification) _intf_device-identification. type: str choices: [disable, enable] default: disable more...
- _intf_device_netscan (Alias name: _intf_device-netscan) _intf_device-netscan. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_ip (Alias name: _intf_dhcp-relay-ip) _intf_dhcp-relay-ip. type: list more...
- _intf_dhcp_relay_service (Alias name: _intf_dhcp-relay-service) _intf_dhcp-relay-service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_type (Alias name: _intf_dhcp-relay-type) _intf_dhcp-relay-type. type: str choices: [regular, ipsec] default: regular more...
- _intf_dhcp6_relay_ip (Alias name: _intf_dhcp6-relay-ip) _intf_dhcp6-relay-ip. type: str more...
- _intf_dhcp6_relay_service (Alias name: _intf_dhcp6-relay-service) _intf_dhcp6-relay-service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp6_relay_type (Alias name: _intf_dhcp6-relay-type) _intf_dhcp6-relay-type. type: str choices: [regular] default: regular more...
- _intf_ip _intf_ip. type: str more...
- _intf_ip6_address (Alias name: _intf_ip6-address) _intf_ip6-address. type: str more...
- _intf_ip6_allowaccess (Alias name: _intf_ip6-allowaccess) _intf_ip6-allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
- _intf_listen_forticlient_connection (Alias name: _intf_listen-forticlient-connection) _intf_listen-forticlient-connection. type: str choices: [disable, enable] default: disable more...
- acct_interim_interval (Alias name: acct-interim-interval) Wifi radius accounting interim interval (60 - 86400 sec, default = 0). type: int more...
- alias Alias. type: str more...
- auth Authentication protocol. type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
- broadcast_ssid (Alias name: broadcast-ssid) Enable/disable broadcasting the ssid (default = enable). type: str choices: [disable, enable] more...
- broadcast_suppression (Alias name: broadcast-suppression) Optional suppression of broadcast messages. type: list choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
- captive_portal_ac_name (Alias name: captive-portal-ac-name) Local-bridging captive portal ac-name. type: str more...
- captive_portal_macauth_radius_secret (Alias name: captive-portal-macauth-radius-secret) Secret key to access the macauth radius server. type: list more...
- captive_portal_macauth_radius_server (Alias name: captive-portal-macauth-radius-server) Captive portal external radius server domain name or ip address. type: str more...
- captive_portal_radius_secret (Alias name: captive-portal-radius-secret) Secret key to access the radius server. type: list more...
- captive_portal_radius_server (Alias name: captive-portal-radius-server) Captive portal radius server domain name or ip address. type: str more...
- captive_portal_session_timeout_interval (Alias name: captive-portal-session-timeout-interval) Session timeout interval (0 - 864000 sec, default = 0). type: int more...
- dhcp_lease_time (Alias name: dhcp-lease-time) Dhcp lease time in seconds for nat ip address. type: int more...
- dhcp_option82_circuit_id_insertion (Alias name: dhcp-option82-circuit-id-insertion) Enable/disable dhcp option 82 circuit-id insert (default = disable). type: str choices: [disable, style-1, style-2, style-3] more...
- dhcp_option82_insertion (Alias name: dhcp-option82-insertion) Enable/disable dhcp option 82 insert (default = disable). type: str choices: [disable, enable] more...
- dhcp_option82_remote_id_insertion (Alias name: dhcp-option82-remote-id-insertion) Enable/disable dhcp option 82 remote-id insert (default = disable). type: str choices: [disable, style-1] more...
- dynamic_vlan (Alias name: dynamic-vlan) Enable/disable dynamic vlan assignment. type: str choices: [disable, enable] more...
- dynamic_mapping Dynamic_mapping. type: list
more...
- _centmgmt _centmgmt. type: str choices: [disable, enable] default: disable more...
- _dhcp_svr_id _dhcp_svr_id. type: str more...
- _intf_allowaccess _intf_allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- _intf_device_identification (Alias name: _intf_device-identification) _intf_device-identification. type: str choices: [disable, enable] default: disable more...
- _intf_device_netscan (Alias name: _intf_device-netscan) _intf_device-netscan. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_ip (Alias name: _intf_dhcp-relay-ip) _intf_dhcp-relay-ip. type: list more...
- _intf_dhcp_relay_service (Alias name: _intf_dhcp-relay-service) _intf_dhcp-relay-service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_type (Alias name: _intf_dhcp-relay-type) _intf_dhcp-relay-type. type: str choices: [regular, ipsec] default: regular more...
- _intf_dhcp6_relay_ip (Alias name: _intf_dhcp6-relay-ip) _intf_dhcp6-relay-ip. type: str more...
- _intf_dhcp6_relay_service (Alias name: _intf_dhcp6-relay-service) _intf_dhcp6-relay-service. type: str choices: [disable, enable] default: disable more...
- _intf_dhcp6_relay_type (Alias name: _intf_dhcp6-relay-type) _intf_dhcp6-relay-type. type: str choices: [regular] default: regular more...
- _intf_ip _intf_ip. type: str more...
- _intf_ip6_address (Alias name: _intf_ip6-address) _intf_ip6-address. type: str more...
- _intf_ip6_allowaccess (Alias name: _intf_ip6-allowaccess) _intf_ip6-allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
- _intf_listen_forticlient_connection (Alias name: _intf_listen-forticlient-connection) _intf_listen-forticlient-connection. type: str choices: [disable, enable] default: disable more...
- _scope _scope. type: list more...
- acct_interim_interval (Alias name: acct-interim-interval) Wifi radius accounting interim interval (60 - 86400 sec, default = 0). type: int more...
- address_group (Alias name: address-group) Address group id. type: str more...
- alias Alias. type: str more...
- atf_weight (Alias name: atf-weight) Airtime weight in percentage (default = 20). type: int more...
- auth Authentication protocol. type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
- broadcast_ssid (Alias name: broadcast-ssid) Enable/disable broadcasting the ssid (default = enable). type: str choices: [disable, enable] more...
- broadcast_suppression (Alias name: broadcast-suppression) Optional suppression of broadcast messages. type: list choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
- captive_portal_ac_name (Alias name: captive-portal-ac-name) Local-bridging captive portal ac-name. type: str more...
- captive_portal_macauth_radius_secret (Alias name: captive-portal-macauth-radius-secret) Secret key to access the macauth radius server. type: list more...
- captive_portal_macauth_radius_server (Alias name: captive-portal-macauth-radius-server) Captive portal external radius server domain name or ip address. type: str more...
- captive_portal_radius_secret (Alias name: captive-portal-radius-secret) Secret key to access the radius server. type: list more...
- captive_portal_radius_server (Alias name: captive-portal-radius-server) Captive portal radius server domain name or ip address. type: str more...
- captive_portal_session_timeout_interval (Alias name: captive-portal-session-timeout-interval) Session timeout interval (0 - 864000 sec, default = 0). type: int more...
- client_count (Alias name: client-count) Client-count. type: int more...
- dhcp_lease_time (Alias name: dhcp-lease-time) Dhcp lease time in seconds for nat ip address. type: int more...
- dhcp_option82_circuit_id_insertion (Alias name: dhcp-option82-circuit-id-insertion) Enable/disable dhcp option 82 circuit-id insert (default = disable). type: str choices: [disable, style-1, style-2, style-3] more...
- dhcp_option82_insertion (Alias name: dhcp-option82-insertion) Enable/disable dhcp option 82 insert (default = disable). type: str choices: [disable, enable] more...
- dhcp_option82_remote_id_insertion (Alias name: dhcp-option82-remote-id-insertion) Enable/disable dhcp option 82 remote-id insert (default = disable). type: str choices: [disable, style-1] more...
- dynamic_vlan (Alias name: dynamic-vlan) Enable/disable dynamic vlan assignment. type: str choices: [disable, enable] more...
- eap_reauth (Alias name: eap-reauth) Enable/disable eap re-authentication for wpa-enterprise security. type: str choices: [disable, enable] more...
- eap_reauth_intv (Alias name: eap-reauth-intv) Eap re-authentication interval (1800 - 864000 sec, default = 86400). type: int more...
- eapol_key_retries (Alias name: eapol-key-retries) Enable/disable retransmission of eapol-key frames (message 3/4 and group message 1/2) (default = enable). type: str choices: [disable, enable] more...
- encrypt Encryption protocol to use (only available when security is set to a wpa type). type: str choices: [TKIP, AES, TKIP-AES] more...
- external_fast_roaming (Alias name: external-fast-roaming) Enable/disable fast roaming or pre-authentication with external aps not managed by the fortigate (default = disable). type: str choices: [disable, enable] more...
- external_logout (Alias name: external-logout) Url of external authentication logout server. type: str more...
- external_web (Alias name: external-web) Url of external authentication web server. type: str more...
- fast_bss_transition (Alias name: fast-bss-transition) Enable/disable 802. type: str choices: [disable, enable] more...
- fast_roaming (Alias name: fast-roaming) Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). type: str choices: [disable, enable] more...
- ft_mobility_domain (Alias name: ft-mobility-domain) Mobility domain identifier in ft (1 - 65535, default = 1000). type: int more...
- ft_over_ds (Alias name: ft-over-ds) Enable/disable ft over the distribution system (ds). type: str choices: [disable, enable] more...
- ft_r0_key_lifetime (Alias name: ft-r0-key-lifetime) Lifetime of the pmk-r0 key in ft, 1-65535 minutes. type: int more...
- gtk_rekey (Alias name: gtk-rekey) Enable/disable gtk rekey for wpa security. type: str choices: [disable, enable] more...
- gtk_rekey_intv (Alias name: gtk-rekey-intv) Gtk rekey interval (1800 - 864000 sec, default = 86400). type: int more...
- hotspot20_profile (Alias name: hotspot20-profile) Hotspot 2. type: str more...
- intra_vap_privacy (Alias name: intra-vap-privacy) Enable/disable blocking communication between clients on the same ssid (called intra-ssid privacy) (default = disable). type: str choices: [disable, enable] more...
- ip Ip address and subnet mask for the local standalone nat subnet. type: str more...
- key Wep key. type: list more...
- keyindex Wep key index (1 - 4). type: int more...
- ldpc Vap low-density parity-check (ldpc) coding configuration. type: str choices: [disable, tx, rx, rxtx] more...
- local_authentication (Alias name: local-authentication) Enable/disable ap local authentication. type: str choices: [disable, enable] more...
- local_bridging (Alias name: local-bridging) Enable/disable bridging of wireless and ethernet interfaces on the fortiap (default = disable). type: str choices: [disable, enable] more...
- local_lan (Alias name: local-lan) Allow/deny traffic destined for a class a, b, or c private ip address (default = allow). type: str choices: [deny, allow] more...
- local_standalone (Alias name: local-standalone) Enable/disable ap local standalone (default = disable). type: str choices: [disable, enable] more...
- local_standalone_nat (Alias name: local-standalone-nat) Enable/disable ap local standalone nat mode. type: str choices: [disable, enable] more...
- local_switching (Alias name: local-switching) Local-switching. type: str choices: [disable, enable] more...
- mac_auth_bypass (Alias name: mac-auth-bypass) Enable/disable mac authentication bypass. type: str choices: [disable, enable] more...
- mac_filter (Alias name: mac-filter) Enable/disable mac filtering to block wireless clients by mac address. type: str choices: [disable, enable] more...
- mac_filter_policy_other (Alias name: mac-filter-policy-other) Allow or block clients with mac addresses that are not in the filter list. type: str choices: [deny, allow] more...
- max_clients (Alias name: max-clients) Maximum number of clients that can connect simultaneously to the vap (default = 0, meaning no limitation). type: int more...
- max_clients_ap (Alias name: max-clients-ap) Maximum number of clients that can connect simultaneously to the vap per ap radio (default = 0, meaning no limitation). type: int more...
- me_disable_thresh (Alias name: me-disable-thresh) Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
- mesh_backhaul (Alias name: mesh-backhaul) Enable/disable using this vap as a wifi mesh backhaul (default = disable). type: str choices: [disable, enable] more...
- mpsk Enable/disable multiple psk authentication. type: str choices: [disable, enable] more...
- mpsk_concurrent_clients (Alias name: mpsk-concurrent-clients) Maximum number of concurrent clients that connect using the same passphrase in multiple psk authentication (0 - 65535, default = 0, meaning no limitation). type: int more...
- multicast_enhance (Alias name: multicast-enhance) Enable/disable converting multicast to unicast to improve performance (default = disable). type: str choices: [disable, enable] more...
- multicast_rate (Alias name: multicast-rate) Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). type: str choices: [0, 6000, 12000, 24000] more...
- okc Enable/disable opportunistic key caching (okc) (default = enable). type: str choices: [disable, enable] more...
- owe_groups (Alias name: owe-groups) Owe-groups. type: list choices: [19, 20, 21] more...
- owe_transition (Alias name: owe-transition) Enable/disable owe transition mode support. type: str choices: [disable, enable] more...
- owe_transition_ssid (Alias name: owe-transition-ssid) Owe transition mode peer ssid. type: str more...
- passphrase Wpa pre-shared key (psk) to be used to authenticate wifi users. type: list more...
- pmf Protected management frames (pmf) support (default = disable). type: str choices: [disable, enable, optional] more...
- pmf_assoc_comeback_timeout (Alias name: pmf-assoc-comeback-timeout) Protected management frames (pmf) comeback maximum timeout (1-20 sec). type: int more...
- pmf_sa_query_retry_timeout (Alias name: pmf-sa-query-retry-timeout) Protected management frames (pmf) sa query retry timeout interval (1 - 5 100s of msec). type: int more...
- portal_message_override_group (Alias name: portal-message-override-group) Replacement message group for this vap (only available when security is set to a captive portal type). type: str more...
- portal_type (Alias name: portal-type) Captive portal functionality. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
- probe_resp_suppression (Alias name: probe-resp-suppression) Enable/disable probe response suppression (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
- probe_resp_threshold (Alias name: probe-resp-threshold) Minimum signal level/threshold in dbm required for the ap response to probe requests (-95 to -20, default = -80). type: str more...
- ptk_rekey (Alias name: ptk-rekey) Enable/disable ptk rekey for wpa-enterprise security. type: str choices: [disable, enable] more...
- ptk_rekey_intv (Alias name: ptk-rekey-intv) Ptk rekey interval (1800 - 864000 sec, default = 86400). type: int more...
- qos_profile (Alias name: qos-profile) Quality of service profile name. type: str more...
- quarantine Enable/disable station quarantine (default = enable). type: str choices: [disable, enable] more...
- radio_2g_threshold (Alias name: radio-2g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 2. type: str more...
- radio_5g_threshold (Alias name: radio-5g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 5g band(-95 to -20, default = -76). type: str more...
- radio_sensitivity (Alias name: radio-sensitivity) Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
- radius_mac_auth (Alias name: radius-mac-auth) Enable/disable radius-based mac authentication of clients (default = disable). type: str choices: [disable, enable] more...
- radius_mac_auth_server (Alias name: radius-mac-auth-server) Radius-based mac authentication server. type: str more...
- radius_mac_auth_usergroups (Alias name: radius-mac-auth-usergroups) Selective user groups that are permitted for radius mac authentication. type: list more...
- radius_server (Alias name: radius-server) Radius server to be used to authenticate wifi users. type: str more...
- rates_11a (Alias name: rates-11a) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11ac_ss12 (Alias name: rates-11ac-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
- rates_11ac_ss34 (Alias name: rates-11ac-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
- rates_11bg (Alias name: rates-11bg) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11n_ss12 (Alias name: rates-11n-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
- rates_11n_ss34 (Alias name: rates-11n-ss34) Allowed data rates for 802. type: list choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
- sae_groups (Alias name: sae-groups) Sae-groups. type: list choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
- sae_password (Alias name: sae-password) Wpa3 sae password to be used to authenticate wifi users. type: list more...
- schedule Firewall schedules for enabling this vap on the fortiap. type: list or str more...
- security Security mode for the wireless interface (default = wpa2-only-personal). type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
- security_exempt_list (Alias name: security-exempt-list) Optional security exempt list for captive portal authentication. type: str more...
- security_obsolete_option (Alias name: security-obsolete-option) Enable/disable obsolete security options. type: str choices: [disable, enable] more...
- security_redirect_url (Alias name: security-redirect-url) Optional url for redirecting users after they pass captive portal authentication. type: str more...
- selected_usergroups (Alias name: selected-usergroups) Selective user groups that are permitted to authenticate. type: list or str more...
- split_tunneling (Alias name: split-tunneling) Enable/disable split tunneling (default = disable). type: str choices: [disable, enable] more...
- ssid Ieee 802. type: str more...
- tkip_counter_measure (Alias name: tkip-counter-measure) Enable/disable tkip counter measure. type: str choices: [disable, enable] more...
- usergroup Firewall user group to be used to authenticate wifi users. type: list or str more...
- utm_profile (Alias name: utm-profile) Utm profile name. type: str more...
- vdom Vdom. type: list or str more...
- vlan_auto (Alias name: vlan-auto) Enable/disable automatic management of ssid vlan interface. type: str choices: [disable, enable] more...
- vlan_pooling (Alias name: vlan-pooling) Enable/disable vlan pooling, to allow grouping of multiple wireless controller vlans into vlan pools (default = disable). type: str choices: [wtp-group, round-robin, hash, disable] more...
- vlanid Optional vlan id. type: int more...
- voice_enterprise (Alias name: voice-enterprise) Enable/disable 802. type: str choices: [disable, enable] more...
- mu_mimo (Alias name: mu-mimo) Enable/disable multi-user mimo (default = enable). type: str choices: [disable, enable] more...
- _intf_device_access_list (Alias name: _intf_device-access-list) _intf_device-access-list. type: str more...
- external_web_format (Alias name: external-web-format) Url query parameter detection (default = auto-detect). type: str choices: [auto-detect, no-query-string, partial-query-string] more...
- high_efficiency (Alias name: high-efficiency) Enable/disable 802. type: str choices: [disable, enable] more...
- primary_wag_profile (Alias name: primary-wag-profile) Primary wireless access gateway profile name. type: str more...
- secondary_wag_profile (Alias name: secondary-wag-profile) Secondary wireless access gateway profile name. type: str more...
- target_wake_time (Alias name: target-wake-time) Enable/disable 802. type: str choices: [disable, enable] more...
- tunnel_echo_interval (Alias name: tunnel-echo-interval) The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). type: int more...
- tunnel_fallback_interval (Alias name: tunnel-fallback-interval) The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). type: int more...
- access_control_list (Alias name: access-control-list) Access-control-list. type: str more...
- captive_portal_auth_timeout (Alias name: captive-portal-auth-timeout) Captive-portal-auth-timeout. type: int more...
- ipv6_rules (Alias name: ipv6-rules) Ipv6-rules. type: list choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
- sticky_client_remove (Alias name: sticky-client-remove) Sticky-client-remove. type: str choices: [disable, enable] more...
- sticky_client_threshold_2g (Alias name: sticky-client-threshold-2g) Sticky-client-threshold-2g. type: str more...
- sticky_client_threshold_5g (Alias name: sticky-client-threshold-5g) Sticky-client-threshold-5g. type: str more...
- bss_color_partial (Alias name: bss-color-partial) Bss-color-partial. type: str choices: [disable, enable] more...
- dhcp_option43_insertion (Alias name: dhcp-option43-insertion) Dhcp-option43-insertion. type: str choices: [disable, enable] more...
- mpsk_profile (Alias name: mpsk-profile) Mpsk-profile. type: str more...
- igmp_snooping (Alias name: igmp-snooping) Enable/disable igmp snooping. type: str choices: [disable, enable] more...
- port_macauth (Alias name: port-macauth) Enable/disable lan port mac authentication (default = disable). type: str choices: [disable, radius, address-group] more...
- port_macauth_reauth_timeout (Alias name: port-macauth-reauth-timeout) Lan port mac authentication re-authentication timeout value (default = 7200 sec). type: int more...
- port_macauth_timeout (Alias name: port-macauth-timeout) Lan port mac authentication idle timeout value (default = 600 sec). type: int more...
- additional_akms (Alias name: additional-akms) Additional-akms. type: list choices: [akm6] more...
- bstm_disassociation_imminent (Alias name: bstm-disassociation-imminent) Enable/disable forcing of disassociation after the bstm request timer has been reached (default = enable). type: str choices: [disable, enable] more...
- bstm_load_balancing_disassoc_timer (Alias name: bstm-load-balancing-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to ap load-balancing (0 to 30, default = 10). type: int more...
- bstm_rssi_disassoc_timer (Alias name: bstm-rssi-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to low rssi (0 to 2000, default = 200). type: int more...
- dhcp_address_enforcement (Alias name: dhcp-address-enforcement) Enable/disable dhcp address enforcement (default = disable). type: str choices: [disable, enable] more...
- gas_comeback_delay (Alias name: gas-comeback-delay) Gas comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
- gas_fragmentation_limit (Alias name: gas-fragmentation-limit) Gas fragmentation limit (512 - 4096, default = 1024). type: int more...
- mac_called_station_delimiter (Alias name: mac-called-station-delimiter) Mac called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_calling_station_delimiter (Alias name: mac-calling-station-delimiter) Mac calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_case (Alias name: mac-case) Mac case (default = uppercase). type: str choices: [uppercase, lowercase] more...
- mac_password_delimiter (Alias name: mac-password-delimiter) Mac authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_username_delimiter (Alias name: mac-username-delimiter) Mac authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mbo Enable/disable multiband operation (default = disable). type: str choices: [disable, enable] more...
- mbo_cell_data_conn_pref (Alias name: mbo-cell-data-conn-pref) Mbo cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
- nac Enable/disable network access control. type: str choices: [disable, enable] more...
- nac_profile (Alias name: nac-profile) Nac profile name. type: str more...
- neighbor_report_dual_band (Alias name: neighbor-report-dual-band) Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
- address_group_policy (Alias name: address-group-policy) Configure mac address filtering policy for mac addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
- antivirus_profile (Alias name: antivirus-profile) Antivirus profile name. type: str more...
- application_detection_engine (Alias name: application-detection-engine) Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
- application_list (Alias name: application-list) Application control list name. type: str more...
- application_report_intv (Alias name: application-report-intv) Application report interval (30 - 864000 sec, default = 120). type: int more...
- auth_cert (Alias name: auth-cert) Https server certificate. type: str more...
- auth_portal_addr (Alias name: auth-portal-addr) Address of captive portal. type: str more...
- beacon_advertising (Alias name: beacon-advertising) type: list choices: [name, model, serial-number] more...
- ips_sensor (Alias name: ips-sensor) Ips sensor name. type: str more...
- l3_roaming (Alias name: l3-roaming) Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
- local_standalone_dns (Alias name: local-standalone-dns) Enable/disable ap local standalone dns. type: str choices: [disable, enable] more...
- local_standalone_dns_ip (Alias name: local-standalone-dns-ip) type: list more...
- osen Enable/disable osen as part of key management (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_auth (Alias name: radius-mac-mpsk-auth) Enable/disable radius-based mac authentication of clients for mpsk authentication (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_timeout (Alias name: radius-mac-mpsk-timeout) Radius mac mpsk cache timeout interval (1800 - 864000, default = 86400). type: int more...
- rates_11ax_ss12 (Alias name: rates-11ax-ss12) type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
- rates_11ax_ss34 (Alias name: rates-11ax-ss34) type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
- scan_botnet_connections (Alias name: scan-botnet-connections) Block or monitor connections to botnet servers or disable botnet scanning. type: str choices: [disable, block, monitor] more...
- utm_log (Alias name: utm-log) Enable/disable utm logging. type: str choices: [disable, enable] more...
- utm_status (Alias name: utm-status) Enable to add one or more security profiles (av, ips, etc. type: str choices: [disable, enable] more...
- webfilter_profile (Alias name: webfilter-profile) Webfilter profile name. type: str more...
- sae_h2e_only (Alias name: sae-h2e-only) Use hash-to-element-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
- sae_pk (Alias name: sae-pk) Enable/disable wpa3 sae-pk (default = disable). type: str choices: [disable, enable] more...
- sae_private_key (Alias name: sae-private-key) Private key used for wpa3 sae-pk authentication. type: str more...
- sticky_client_threshold_6g (Alias name: sticky-client-threshold-6g) Minimum signal level/threshold in dbm required for the 6g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
- application_dscp_marking (Alias name: application-dscp-marking) Enable/disable application attribute based dscp marking (default = disable). type: str choices: [disable, enable] more...
- l3_roaming_mode (Alias name: l3-roaming-mode) Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
- rates_11ac_mcs_map (Alias name: rates-11ac-mcs-map) Comma separated list of max supported vht mcs for spatial streams 1 through 8. type: str more...
- rates_11ax_mcs_map (Alias name: rates-11ax-mcs-map) Comma separated list of max supported he mcs for spatial streams 1 through 8. type: str more...
- captive_portal_fw_accounting (Alias name: captive-portal-fw-accounting) Enable/disable radius accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
- radius_mac_auth_block_interval (Alias name: radius-mac-auth-block-interval) Dont send radius mac auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
- _is_factory_setting type: str choices: [disable, enable, ext] default: disable more...
- d80211k (Alias name: 80211k) Enable/disable 802. type: str choices: [disable, enable] more...
- d80211v (Alias name: 80211v) Enable/disable 802. type: str choices: [disable, enable] more...
- roaming_acct_interim_update (Alias name: roaming-acct-interim-update) Enable/disable using accounting interim update instead of accounting start/stop on roaming for wpa-enterprise security. type: str choices: [disable, enable] more...
- sae_hnp_only (Alias name: sae-hnp-only) Use hunting-and-pecking-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
- eap_reauth (Alias name: eap-reauth) Enable/disable eap re-authentication for wpa-enterprise security. type: str choices: [disable, enable] more...
- eap_reauth_intv (Alias name: eap-reauth-intv) Eap re-authentication interval (1800 - 864000 sec, default = 86400). type: int more...
- eapol_key_retries (Alias name: eapol-key-retries) Enable/disable retransmission of eapol-key frames (message 3/4 and group message 1/2) (default = enable). type: str choices: [disable, enable] more...
- encrypt Encryption protocol to use (only available when security is set to a wpa type). type: str choices: [TKIP, AES, TKIP-AES] more...
- external_fast_roaming (Alias name: external-fast-roaming) Enable/disable fast roaming or pre-authentication with external aps not managed by the fortigate (default = disable). type: str choices: [disable, enable] more...
- external_logout (Alias name: external-logout) Url of external authentication logout server. type: str more...
- external_web (Alias name: external-web) Url of external authentication web server. type: str more...
- fast_bss_transition (Alias name: fast-bss-transition) Enable/disable 802. type: str choices: [disable, enable] more...
- fast_roaming (Alias name: fast-roaming) Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). type: str choices: [disable, enable] more...
- ft_mobility_domain (Alias name: ft-mobility-domain) Mobility domain identifier in ft (1 - 65535, default = 1000). type: int more...
- ft_over_ds (Alias name: ft-over-ds) Enable/disable ft over the distribution system (ds). type: str choices: [disable, enable] more...
- ft_r0_key_lifetime (Alias name: ft-r0-key-lifetime) Lifetime of the pmk-r0 key in ft, 1-65535 minutes. type: int more...
- gtk_rekey (Alias name: gtk-rekey) Enable/disable gtk rekey for wpa security. type: str choices: [disable, enable] more...
- gtk_rekey_intv (Alias name: gtk-rekey-intv) Gtk rekey interval (1800 - 864000 sec, default = 86400). type: int more...
- hotspot20_profile (Alias name: hotspot20-profile) Hotspot 2. type: str more...
- intra_vap_privacy (Alias name: intra-vap-privacy) Enable/disable blocking communication between clients on the same ssid (called intra-ssid privacy) (default = disable). type: str choices: [disable, enable] more...
- ip Ip address and subnet mask for the local standalone nat subnet. type: str more...
- key Wep key. type: list more...
- keyindex Wep key index (1 - 4). type: int more...
- ldpc Vap low-density parity-check (ldpc) coding configuration. type: str choices: [disable, tx, rx, rxtx] more...
- local_authentication (Alias name: local-authentication) Enable/disable ap local authentication. type: str choices: [disable, enable] more...
- local_bridging (Alias name: local-bridging) Enable/disable bridging of wireless and ethernet interfaces on the fortiap (default = disable). type: str choices: [disable, enable] more...
- local_lan (Alias name: local-lan) Allow/deny traffic destined for a class a, b, or c private ip address (default = allow). type: str choices: [deny, allow] more...
- local_standalone (Alias name: local-standalone) Enable/disable ap local standalone (default = disable). type: str choices: [disable, enable] more...
- local_standalone_nat (Alias name: local-standalone-nat) Enable/disable ap local standalone nat mode. type: str choices: [disable, enable] more...
- mac_auth_bypass (Alias name: mac-auth-bypass) Enable/disable mac authentication bypass. type: str choices: [disable, enable] more...
- mac_filter (Alias name: mac-filter) Enable/disable mac filtering to block wireless clients by mac address. type: str choices: [disable, enable] more...
- mac_filter_list (Alias name: mac-filter-list) Mac-filter-list. type: list more...
- mac_filter_policy_other (Alias name: mac-filter-policy-other) Allow or block clients with mac addresses that are not in the filter list. type: str choices: [deny, allow] more...
- max_clients (Alias name: max-clients) Maximum number of clients that can connect simultaneously to the vap (default = 0, meaning no limitation). type: int more...
- max_clients_ap (Alias name: max-clients-ap) Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation). type: int more...
- me_disable_thresh (Alias name: me-disable-thresh) Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
- mesh_backhaul (Alias name: mesh-backhaul) Enable/disable using this vap as a wifi mesh backhaul (default = disable). type: str choices: [disable, enable] more...
- mpsk Enable/disable multiple pre-shared keys (psks. type: str choices: [disable, enable] more...
- mpsk_concurrent_clients (Alias name: mpsk-concurrent-clients) Number of pre-shared keys (psks) to allow if multiple pre-shared keys are enabled. type: int more...
- mpsk_key (Alias name: mpsk-key) Mpsk-key. type: list
more...
- comment Comment. type: str more...
- concurrent_clients (Alias name: concurrent-clients) Number of clients that can connect using this pre-shared key. type: str more...
- key_name (Alias name: key-name) Pre-shared key name. type: str more...
- passphrase Wpa pre-shared key. type: list more...
- mpsk_schedules (Alias name: mpsk-schedules) Firewall schedule for mpsk passphrase. type: list or str more...
- multicast_enhance (Alias name: multicast-enhance) Enable/disable converting multicast to unicast to improve performance (default = disable). type: str choices: [disable, enable] more...
- multicast_rate (Alias name: multicast-rate) Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). type: str choices: [0, 6000, 12000, 24000] more...
- name Virtual ap name. type: str more...
- okc Enable/disable opportunistic key caching (okc) (default = enable). type: str choices: [disable, enable] more...
- passphrase Wpa pre-shared key (psk) to be used to authenticate wifi users. type: list more...
- pmf Protected management frames (pmf) support (default = disable). type: str choices: [disable, enable, optional] more...
- pmf_assoc_comeback_timeout (Alias name: pmf-assoc-comeback-timeout) Protected management frames (pmf) comeback maximum timeout (1-20 sec). type: int more...
- pmf_sa_query_retry_timeout (Alias name: pmf-sa-query-retry-timeout) Protected management frames (pmf) sa query retry timeout interval (1 - 5 100s of msec). type: int more...
- portal_message_override_group (Alias name: portal-message-override-group) Replacement message group for this vap (only available when security is set to a captive portal type). type: str more...
- portal_type (Alias name: portal-type) Captive portal functionality. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
- probe_resp_suppression (Alias name: probe-resp-suppression) Enable/disable probe response suppression (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
- probe_resp_threshold (Alias name: probe-resp-threshold) Minimum signal level/threshold in dbm required for the ap response to probe requests (-95 to -20, default = -80). type: str more...
- ptk_rekey (Alias name: ptk-rekey) Enable/disable ptk rekey for wpa-enterprise security. type: str choices: [disable, enable] more...
- ptk_rekey_intv (Alias name: ptk-rekey-intv) Ptk rekey interval (1800 - 864000 sec, default = 86400). type: int more...
- qos_profile (Alias name: qos-profile) Quality of service profile name. type: str more...
- quarantine Enable/disable station quarantine (default = enable). type: str choices: [disable, enable] more...
- radio_2g_threshold (Alias name: radio-2g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 2. type: str more...
- radio_5g_threshold (Alias name: radio-5g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 5g band(-95 to -20, default = -76). type: str more...
- radio_sensitivity (Alias name: radio-sensitivity) Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
- radius_mac_auth (Alias name: radius-mac-auth) Enable/disable radius-based mac authentication of clients (default = disable). type: str choices: [disable, enable] more...
- radius_mac_auth_server (Alias name: radius-mac-auth-server) Radius-based mac authentication server. type: str more...
- radius_mac_auth_usergroups (Alias name: radius-mac-auth-usergroups) Selective user groups that are permitted for radius mac authentication. type: list more...
- radius_server (Alias name: radius-server) Radius server to be used to authenticate wifi users. type: str more...
- rates_11a (Alias name: rates-11a) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11ac_ss12 (Alias name: rates-11ac-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
- rates_11ac_ss34 (Alias name: rates-11ac-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
- rates_11bg (Alias name: rates-11bg) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11n_ss12 (Alias name: rates-11n-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
- rates_11n_ss34 (Alias name: rates-11n-ss34) Allowed data rates for 802. type: list choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
- schedule Vap schedule name. type: list or str more...
- security Security mode for the wireless interface (default = wpa2-only-personal). type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
- security_exempt_list (Alias name: security-exempt-list) Optional security exempt list for captive portal authentication. type: str more...
- security_obsolete_option (Alias name: security-obsolete-option) Enable/disable obsolete security options. type: str choices: [disable, enable] more...
- security_redirect_url (Alias name: security-redirect-url) Optional url for redirecting users after they pass captive portal authentication. type: str more...
- selected_usergroups (Alias name: selected-usergroups) Selective user groups that are permitted to authenticate. type: list or str more...
- split_tunneling (Alias name: split-tunneling) Enable/disable split tunneling (default = disable). type: str choices: [disable, enable] more...
- ssid Ieee 802. type: str more...
- tkip_counter_measure (Alias name: tkip-counter-measure) Enable/disable tkip counter measure. type: str choices: [disable, enable] more...
- usergroup Firewall user group to be used to authenticate wifi users. type: list or str more...
- utm_profile (Alias name: utm-profile) Utm profile name. type: str more...
- vdom Name of the vdom that the virtual ap has been added to. type: str more...
- vlan_auto (Alias name: vlan-auto) Enable/disable automatic management of ssid vlan interface. type: str choices: [disable, enable] more...
- vlan_pool (Alias name: vlan-pool) Vlan-pool. type: list more...
- vlan_pooling (Alias name: vlan-pooling) Enable/disable vlan pooling, to allow grouping of multiple wireless controller vlans into vlan pools (default = disable). type: str choices: [wtp-group, round-robin, hash, disable] more...
- vlanid Optional vlan id. type: int more...
- voice_enterprise (Alias name: voice-enterprise) Enable/disable 802. type: str choices: [disable, enable] more...
- address_group (Alias name: address-group) Address group id. type: str more...
- atf_weight (Alias name: atf-weight) Airtime weight in percentage (default = 20). type: int more...
- mu_mimo (Alias name: mu-mimo) Enable/disable multi-user mimo (default = enable). type: str choices: [disable, enable] more...
- owe_groups (Alias name: owe-groups) Owe-groups. type: list choices: [19, 20, 21] more...
- owe_transition (Alias name: owe-transition) Enable/disable owe transition mode support. type: str choices: [disable, enable] more...
- owe_transition_ssid (Alias name: owe-transition-ssid) Owe transition mode peer ssid. type: str more...
- sae_groups (Alias name: sae-groups) Sae-groups. type: list choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
- sae_password (Alias name: sae-password) Wpa3 sae password to be used to authenticate wifi users. type: list more...
- _intf_device_access_list (Alias name: _intf_device-access-list) _intf_device-access-list. type: str more...
- external_web_format (Alias name: external-web-format) Url query parameter detection (default = auto-detect). type: str choices: [auto-detect, no-query-string, partial-query-string] more...
- high_efficiency (Alias name: high-efficiency) Enable/disable 802. type: str choices: [disable, enable] more...
- primary_wag_profile (Alias name: primary-wag-profile) Primary wireless access gateway profile name. type: str more...
- secondary_wag_profile (Alias name: secondary-wag-profile) Secondary wireless access gateway profile name. type: str more...
- target_wake_time (Alias name: target-wake-time) Enable/disable 802. type: str choices: [disable, enable] more...
- tunnel_echo_interval (Alias name: tunnel-echo-interval) The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). type: int more...
- tunnel_fallback_interval (Alias name: tunnel-fallback-interval) The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). type: int more...
- access_control_list (Alias name: access-control-list) Access-control-list profile name. type: str more...
- captive_portal_auth_timeout (Alias name: captive-portal-auth-timeout) Hard timeout - ap will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0). type: int more...
- ipv6_rules (Alias name: ipv6-rules) Optional rules of ipv6 packets. type: list choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
- sticky_client_remove (Alias name: sticky-client-remove) Enable/disable sticky client remove to maintain good signal level clients in ssid. type: str choices: [disable, enable] more...
- sticky_client_threshold_2g (Alias name: sticky-client-threshold-2g) Minimum signal level/threshold in dbm required for the 2g client to be serviced by the ap (-95 to -20, default = -79). type: str more...
- sticky_client_threshold_5g (Alias name: sticky-client-threshold-5g) Minimum signal level/threshold in dbm required for the 5g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
- bss_color_partial (Alias name: bss-color-partial) Enable/disable 802. type: str choices: [disable, enable] more...
- dhcp_option43_insertion (Alias name: dhcp-option43-insertion) Enable/disable insertion of dhcp option 43 (default = enable). type: str choices: [disable, enable] more...
- mpsk_profile (Alias name: mpsk-profile) Mpsk profile name. type: str more...
- igmp_snooping (Alias name: igmp-snooping) Enable/disable igmp snooping. type: str choices: [disable, enable] more...
- port_macauth (Alias name: port-macauth) Enable/disable lan port mac authentication (default = disable). type: str choices: [disable, radius, address-group] more...
- port_macauth_reauth_timeout (Alias name: port-macauth-reauth-timeout) Lan port mac authentication re-authentication timeout value (default = 7200 sec). type: int more...
- port_macauth_timeout (Alias name: port-macauth-timeout) Lan port mac authentication idle timeout value (default = 600 sec). type: int more...
- portal_message_overrides (Alias name: portal-message-overrides) type: dict
- auth_disclaimer_page (Alias name: auth-disclaimer-page) Override auth-disclaimer-page message with message from portal-message-overrides group. type: str more...
- auth_login_failed_page (Alias name: auth-login-failed-page) Override auth-login-failed-page message with message from portal-message-overrides group. type: str more...
- auth_login_page (Alias name: auth-login-page) Override auth-login-page message with message from portal-message-overrides group. type: str more...
- auth_reject_page (Alias name: auth-reject-page) Override auth-reject-page message with message from portal-message-overrides group. type: str more...
- additional_akms (Alias name: additional-akms) Additional akms. type: list choices: [akm6] more...
- bstm_disassociation_imminent (Alias name: bstm-disassociation-imminent) Enable/disable forcing of disassociation after the bstm request timer has been reached (default = enable). type: str choices: [disable, enable] more...
- bstm_load_balancing_disassoc_timer (Alias name: bstm-load-balancing-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to ap load-balancing (0 to 30, default = 10). type: int more...
- bstm_rssi_disassoc_timer (Alias name: bstm-rssi-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to low rssi (0 to 2000, default = 200). type: int more...
- dhcp_address_enforcement (Alias name: dhcp-address-enforcement) Enable/disable dhcp address enforcement (default = disable). type: str choices: [disable, enable] more...
- gas_comeback_delay (Alias name: gas-comeback-delay) Gas comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
- gas_fragmentation_limit (Alias name: gas-fragmentation-limit) Gas fragmentation limit (512 - 4096, default = 1024). type: int more...
- mac_called_station_delimiter (Alias name: mac-called-station-delimiter) Mac called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_calling_station_delimiter (Alias name: mac-calling-station-delimiter) Mac calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_case (Alias name: mac-case) Mac case (default = uppercase). type: str choices: [uppercase, lowercase] more...
- mac_password_delimiter (Alias name: mac-password-delimiter) Mac authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_username_delimiter (Alias name: mac-username-delimiter) Mac authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mbo Enable/disable multiband operation (default = disable). type: str choices: [disable, enable] more...
- mbo_cell_data_conn_pref (Alias name: mbo-cell-data-conn-pref) Mbo cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
- nac Enable/disable network access control. type: str choices: [disable, enable] more...
- nac_profile (Alias name: nac-profile) Nac profile name. type: str more...
- neighbor_report_dual_band (Alias name: neighbor-report-dual-band) Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
- address_group_policy (Alias name: address-group-policy) Configure mac address filtering policy for mac addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
- antivirus_profile (Alias name: antivirus-profile) Antivirus profile name. type: str more...
- application_detection_engine (Alias name: application-detection-engine) Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
- application_list (Alias name: application-list) Application control list name. type: str more...
- application_report_intv (Alias name: application-report-intv) Application report interval (30 - 864000 sec, default = 120). type: int more...
- auth_cert (Alias name: auth-cert) Https server certificate. type: str more...
- auth_portal_addr (Alias name: auth-portal-addr) Address of captive portal. type: str more...
- beacon_advertising (Alias name: beacon-advertising) type: list choices: [name, model, serial-number] more...
- ips_sensor (Alias name: ips-sensor) Ips sensor name. type: str more...
- l3_roaming (Alias name: l3-roaming) Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
- local_standalone_dns (Alias name: local-standalone-dns) Enable/disable ap local standalone dns. type: str choices: [disable, enable] more...
- local_standalone_dns_ip (Alias name: local-standalone-dns-ip) type: list more...
- osen Enable/disable osen as part of key management (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_auth (Alias name: radius-mac-mpsk-auth) Enable/disable radius-based mac authentication of clients for mpsk authentication (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_timeout (Alias name: radius-mac-mpsk-timeout) Radius mac mpsk cache timeout interval (1800 - 864000, default = 86400). type: int more...
- rates_11ax_ss12 (Alias name: rates-11ax-ss12) type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
- rates_11ax_ss34 (Alias name: rates-11ax-ss34) type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
- scan_botnet_connections (Alias name: scan-botnet-connections) Block or monitor connections to botnet servers or disable botnet scanning. type: str choices: [disable, block, monitor] more...
- utm_log (Alias name: utm-log) Enable/disable utm logging. type: str choices: [disable, enable] more...
- utm_status (Alias name: utm-status) Enable to add one or more security profiles (av, ips, etc. type: str choices: [disable, enable] more...
- vlan_name (Alias name: vlan-name) type: list more...
- webfilter_profile (Alias name: webfilter-profile) Webfilter profile name. type: str more...
- sae_h2e_only (Alias name: sae-h2e-only) Use hash-to-element-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
- sae_pk (Alias name: sae-pk) Enable/disable wpa3 sae-pk (default = disable). type: str choices: [disable, enable] more...
- sae_private_key (Alias name: sae-private-key) Private key used for wpa3 sae-pk authentication. type: str more...
- sticky_client_threshold_6g (Alias name: sticky-client-threshold-6g) Minimum signal level/threshold in dbm required for the 6g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
- application_dscp_marking (Alias name: application-dscp-marking) Enable/disable application attribute based dscp marking (default = disable). type: str choices: [disable, enable] more...
- l3_roaming_mode (Alias name: l3-roaming-mode) Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
- rates_11ac_mcs_map (Alias name: rates-11ac-mcs-map) Comma separated list of max supported vht mcs for spatial streams 1 through 8. type: str more...
- rates_11ax_mcs_map (Alias name: rates-11ax-mcs-map) Comma separated list of max supported he mcs for spatial streams 1 through 8. type: str more...
- captive_portal_fw_accounting (Alias name: captive-portal-fw-accounting) Enable/disable radius accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
- radius_mac_auth_block_interval (Alias name: radius-mac-auth-block-interval) Dont send radius mac auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
- _is_factory_setting type: str choices: [disable, enable, ext] default: disable more...
- d80211k (Alias name: 80211k) Enable/disable 802. type: str choices: [disable, enable] more...
- d80211v (Alias name: 80211v) Enable/disable 802. type: str choices: [disable, enable] more...
- roaming_acct_interim_update (Alias name: roaming-acct-interim-update) Enable/disable using accounting interim update instead of accounting start/stop on roaming for wpa-enterprise security. type: str choices: [disable, enable] more...
- sae_hnp_only (Alias name: sae-hnp-only) Use hunting-and-pecking-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fortinet.fortimanager.fmgr_vap:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen_forticlient_connection: <value in [disable, enable]>
acct_interim_interval: <integer>
alias: <string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen_forticlient_connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct_interim_interval: <integer>
address_group: <string>
alias: <string>
atf_weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
client_count: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
local_switching: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe_groups:
- 19
- 20
- 21
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11ac_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates_11ac_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates_11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11n_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates_11n_ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae_groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae_password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <list or string>
vlan_auto: <value in [disable, enable]>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
mu_mimo: <value in [disable, enable]>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
additional_akms:
- akm6
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- name
- model
- serial-number
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates_11ax_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_list:
-
id: <integer>
mac: <string>
mac_filter_policy: <value in [deny, allow]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
mpsk_key:
-
comment: <string>
concurrent_clients: <string>
key_name: <string>
passphrase: <list or string>
mpsk_schedules: <list or string>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
name: <string>
okc: <value in [disable, enable]>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11ac_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates_11ac_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates_11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11n_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates_11n_ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <string>
vlan_auto: <value in [disable, enable]>
vlan_pool:
-
_wtp_group: <string>
id: <integer>
wtp_group: <string>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
address_group: <string>
atf_weight: <integer>
mu_mimo: <value in [disable, enable]>
owe_groups:
- 19
- 20
- 21
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
sae_groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae_password: <list or string>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
portal_message_overrides:
auth_disclaimer_page: <string>
auth_login_failed_page: <string>
auth_login_page: <string>
auth_reject_page: <string>
additional_akms:
- akm6
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- name
- model
- serial-number
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates_11ax_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
vlan_name:
-
name: <string>
vlan_id: <integer>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.