fmgr_vap_dynamicmapping – Configure Virtual Access Points (VAPs).
Added in version 2.0.0.
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
Argument name before 3.0.0:
var-name
,var name
,var.name
New argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v6.x and v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiManager Version Compatibility
Supported Version Ranges: v6.0.0 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- vap - The parameter in requested url type: str required: true
- vap_dynamicmapping - Configure Virtual Access Points type: dict
- _centmgmt type: str choices: [disable, enable] default: disable more...
- _dhcp_svr_id type: str more...
- _intf_allowaccess type: list choices: [https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
- _intf_device_identification (Alias name: _intf_device-identification) type: str choices: [disable, enable] default: disable more...
- _intf_device_netscan (Alias name: _intf_device-netscan) type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_ip (Alias name: _intf_dhcp-relay-ip) type: list more...
- _intf_dhcp_relay_service (Alias name: _intf_dhcp-relay-service) type: str choices: [disable, enable] default: disable more...
- _intf_dhcp_relay_type (Alias name: _intf_dhcp-relay-type) type: str choices: [regular, ipsec] default: regular more...
- _intf_dhcp6_relay_ip (Alias name: _intf_dhcp6-relay-ip) type: str more...
- _intf_dhcp6_relay_service (Alias name: _intf_dhcp6-relay-service) type: str choices: [disable, enable] default: disable more...
- _intf_dhcp6_relay_type (Alias name: _intf_dhcp6-relay-type) type: str choices: [regular] default: regular more...
- _intf_ip type: str more...
- _intf_ip6_address (Alias name: _intf_ip6-address) type: str more...
- _intf_ip6_allowaccess (Alias name: _intf_ip6-allowaccess) type: list choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
- _intf_listen_forticlient_connection (Alias name: _intf_listen-forticlient-connection) type: str choices: [disable, enable] default: disable more...
- _scope type: list more...
- acct_interim_interval (Alias name: acct-interim-interval) type: int more...
- address_group (Alias name: address-group) type: str more...
- alias type: str more...
- atf_weight (Alias name: atf-weight) type: int more...
- auth type: str choices: [PSK, psk, RADIUS, radius, usergroup] more...
- broadcast_ssid (Alias name: broadcast-ssid) type: str choices: [disable, enable] more...
- broadcast_suppression (Alias name: broadcast-suppression) type: list choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
- captive_portal_ac_name (Alias name: captive-portal-ac-name) type: str more...
- captive_portal_macauth_radius_secret (Alias name: captive-portal-macauth-radius-secret) type: list more...
- captive_portal_macauth_radius_server (Alias name: captive-portal-macauth-radius-server) type: str more...
- captive_portal_radius_secret (Alias name: captive-portal-radius-secret) type: list more...
- captive_portal_radius_server (Alias name: captive-portal-radius-server) type: str more...
- captive_portal_session_timeout_interval (Alias name: captive-portal-session-timeout-interval) type: int more...
- client_count (Alias name: client-count) type: int more...
- dhcp_lease_time (Alias name: dhcp-lease-time) type: int more...
- dhcp_option82_circuit_id_insertion (Alias name: dhcp-option82-circuit-id-insertion) type: str choices: [disable, style-1, style-2, style-3] more...
- dhcp_option82_insertion (Alias name: dhcp-option82-insertion) type: str choices: [disable, enable] more...
- dhcp_option82_remote_id_insertion (Alias name: dhcp-option82-remote-id-insertion) type: str choices: [disable, style-1] more...
- dynamic_vlan (Alias name: dynamic-vlan) type: str choices: [disable, enable] more...
- eap_reauth (Alias name: eap-reauth) type: str choices: [disable, enable] more...
- eap_reauth_intv (Alias name: eap-reauth-intv) type: int more...
- eapol_key_retries (Alias name: eapol-key-retries) type: str choices: [disable, enable] more...
- encrypt type: str choices: [TKIP, AES, TKIP-AES] more...
- external_fast_roaming (Alias name: external-fast-roaming) type: str choices: [disable, enable] more...
- external_logout (Alias name: external-logout) type: str more...
- external_web (Alias name: external-web) type: str more...
- fast_bss_transition (Alias name: fast-bss-transition) type: str choices: [disable, enable] more...
- fast_roaming (Alias name: fast-roaming) type: str choices: [disable, enable] more...
- ft_mobility_domain (Alias name: ft-mobility-domain) type: int more...
- ft_over_ds (Alias name: ft-over-ds) type: str choices: [disable, enable] more...
- ft_r0_key_lifetime (Alias name: ft-r0-key-lifetime) type: int more...
- gtk_rekey (Alias name: gtk-rekey) type: str choices: [disable, enable] more...
- gtk_rekey_intv (Alias name: gtk-rekey-intv) type: int more...
- hotspot20_profile (Alias name: hotspot20-profile) type: str more...
- intra_vap_privacy (Alias name: intra-vap-privacy) type: str choices: [disable, enable] more...
- ip type: str more...
- key type: list more...
- keyindex type: int more...
- ldpc type: str choices: [disable, tx, rx, rxtx] more...
- local_authentication (Alias name: local-authentication) type: str choices: [disable, enable] more...
- local_bridging (Alias name: local-bridging) type: str choices: [disable, enable] more...
- local_lan (Alias name: local-lan) type: str choices: [deny, allow] more...
- local_standalone (Alias name: local-standalone) type: str choices: [disable, enable] more...
- local_standalone_nat (Alias name: local-standalone-nat) type: str choices: [disable, enable] more...
- local_switching (Alias name: local-switching) type: str choices: [disable, enable] more...
- mac_auth_bypass (Alias name: mac-auth-bypass) type: str choices: [disable, enable] more...
- mac_filter (Alias name: mac-filter) type: str choices: [disable, enable] more...
- mac_filter_policy_other (Alias name: mac-filter-policy-other) type: str choices: [deny, allow] more...
- max_clients (Alias name: max-clients) type: int more...
- max_clients_ap (Alias name: max-clients-ap) type: int more...
- me_disable_thresh (Alias name: me-disable-thresh) type: int more...
- mesh_backhaul (Alias name: mesh-backhaul) type: str choices: [disable, enable] more...
- mpsk type: str choices: [disable, enable] more...
- mpsk_concurrent_clients (Alias name: mpsk-concurrent-clients) type: int more...
- multicast_enhance (Alias name: multicast-enhance) type: str choices: [disable, enable] more...
- multicast_rate (Alias name: multicast-rate) type: str choices: [0, 6000, 12000, 24000] more...
- okc type: str choices: [disable, enable] more...
- owe_groups (Alias name: owe-groups) type: list choices: [19, 20, 21] more...
- owe_transition (Alias name: owe-transition) type: str choices: [disable, enable] more...
- owe_transition_ssid (Alias name: owe-transition-ssid) type: str more...
- passphrase type: list more...
- pmf type: str choices: [disable, enable, optional] more...
- pmf_assoc_comeback_timeout (Alias name: pmf-assoc-comeback-timeout) type: int more...
- pmf_sa_query_retry_timeout (Alias name: pmf-sa-query-retry-timeout) type: int more...
- portal_message_override_group (Alias name: portal-message-override-group) type: str more...
- portal_type (Alias name: portal-type) type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
- probe_resp_suppression (Alias name: probe-resp-suppression) type: str choices: [disable, enable] more...
- probe_resp_threshold (Alias name: probe-resp-threshold) type: str more...
- ptk_rekey (Alias name: ptk-rekey) type: str choices: [disable, enable] more...
- ptk_rekey_intv (Alias name: ptk-rekey-intv) type: int more...
- qos_profile (Alias name: qos-profile) type: str more...
- quarantine type: str choices: [disable, enable] more...
- radio_2g_threshold (Alias name: radio-2g-threshold) type: str more...
- radio_5g_threshold (Alias name: radio-5g-threshold) type: str more...
- radio_sensitivity (Alias name: radio-sensitivity) type: str choices: [disable, enable] more...
- radius_mac_auth (Alias name: radius-mac-auth) type: str choices: [disable, enable] more...
- radius_mac_auth_server (Alias name: radius-mac-auth-server) type: str more...
- radius_mac_auth_usergroups (Alias name: radius-mac-auth-usergroups) type: list more...
- radius_server (Alias name: radius-server) type: str more...
- rates_11a (Alias name: rates-11a) type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11ac_ss12 (Alias name: rates-11ac-ss12) type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
- rates_11ac_ss34 (Alias name: rates-11ac-ss34) type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
- rates_11bg (Alias name: rates-11bg) type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
- rates_11n_ss12 (Alias name: rates-11n-ss12) type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
- rates_11n_ss34 (Alias name: rates-11n-ss34) type: list choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
- sae_groups (Alias name: sae-groups) type: list choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
- sae_password (Alias name: sae-password) type: list more...
- schedule type: list or str more...
- security type: str choices: [None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
- security_exempt_list (Alias name: security-exempt-list) type: str more...
- security_obsolete_option (Alias name: security-obsolete-option) type: str choices: [disable, enable] more...
- security_redirect_url (Alias name: security-redirect-url) type: str more...
- selected_usergroups (Alias name: selected-usergroups) type: list or str more...
- split_tunneling (Alias name: split-tunneling) type: str choices: [disable, enable] more...
- ssid type: str more...
- tkip_counter_measure (Alias name: tkip-counter-measure) type: str choices: [disable, enable] more...
- usergroup type: list or str more...
- utm_profile (Alias name: utm-profile) type: str more...
- vdom type: list or str more...
- vlan_auto (Alias name: vlan-auto) type: str choices: [disable, enable] more...
- vlan_pooling (Alias name: vlan-pooling) type: str choices: [wtp-group, round-robin, hash, disable] more...
- vlanid type: int more...
- voice_enterprise (Alias name: voice-enterprise) type: str choices: [disable, enable] more...
- mu_mimo (Alias name: mu-mimo) type: str choices: [disable, enable] more...
- _intf_device_access_list (Alias name: _intf_device-access-list) type: str more...
- external_web_format (Alias name: external-web-format) type: str choices: [auto-detect, no-query-string, partial-query-string] more...
- high_efficiency (Alias name: high-efficiency) type: str choices: [disable, enable] more...
- primary_wag_profile (Alias name: primary-wag-profile) type: str more...
- secondary_wag_profile (Alias name: secondary-wag-profile) type: str more...
- target_wake_time (Alias name: target-wake-time) type: str choices: [disable, enable] more...
- tunnel_echo_interval (Alias name: tunnel-echo-interval) type: int more...
- tunnel_fallback_interval (Alias name: tunnel-fallback-interval) type: int more...
- access_control_list (Alias name: access-control-list) type: str more...
- captive_portal_auth_timeout (Alias name: captive-portal-auth-timeout) type: int more...
- ipv6_rules (Alias name: ipv6-rules) type: list choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
- sticky_client_remove (Alias name: sticky-client-remove) type: str choices: [disable, enable] more...
- sticky_client_threshold_2g (Alias name: sticky-client-threshold-2g) type: str more...
- sticky_client_threshold_5g (Alias name: sticky-client-threshold-5g) type: str more...
- bss_color_partial (Alias name: bss-color-partial) type: str choices: [disable, enable] more...
- dhcp_option43_insertion (Alias name: dhcp-option43-insertion) type: str choices: [disable, enable] more...
- mpsk_profile (Alias name: mpsk-profile) type: str more...
- igmp_snooping (Alias name: igmp-snooping) Enable/disable igmp snooping. type: str choices: [disable, enable] more...
- port_macauth (Alias name: port-macauth) Enable/disable lan port mac authentication (default = disable). type: str choices: [disable, radius, address-group] more...
- port_macauth_reauth_timeout (Alias name: port-macauth-reauth-timeout) Lan port mac authentication re-authentication timeout value (default = 7200 sec). type: int more...
- port_macauth_timeout (Alias name: port-macauth-timeout) Lan port mac authentication idle timeout value (default = 600 sec). type: int more...
- additional_akms (Alias name: additional-akms) type: list choices: [akm6] more...
- bstm_disassociation_imminent (Alias name: bstm-disassociation-imminent) Enable/disable forcing of disassociation after the bstm request timer has been reached (default = enable). type: str choices: [disable, enable] more...
- bstm_load_balancing_disassoc_timer (Alias name: bstm-load-balancing-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to ap load-balancing (0 to 30, default = 10). type: int more...
- bstm_rssi_disassoc_timer (Alias name: bstm-rssi-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to low rssi (0 to 2000, default = 200). type: int more...
- dhcp_address_enforcement (Alias name: dhcp-address-enforcement) Enable/disable dhcp address enforcement (default = disable). type: str choices: [disable, enable] more...
- gas_comeback_delay (Alias name: gas-comeback-delay) Gas comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
- gas_fragmentation_limit (Alias name: gas-fragmentation-limit) Gas fragmentation limit (512 - 4096, default = 1024). type: int more...
- mac_called_station_delimiter (Alias name: mac-called-station-delimiter) Mac called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_calling_station_delimiter (Alias name: mac-calling-station-delimiter) Mac calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_case (Alias name: mac-case) Mac case (default = uppercase). type: str choices: [uppercase, lowercase] more...
- mac_password_delimiter (Alias name: mac-password-delimiter) Mac authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mac_username_delimiter (Alias name: mac-username-delimiter) Mac authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
- mbo Enable/disable multiband operation (default = disable). type: str choices: [disable, enable] more...
- mbo_cell_data_conn_pref (Alias name: mbo-cell-data-conn-pref) Mbo cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
- nac Enable/disable network access control. type: str choices: [disable, enable] more...
- nac_profile (Alias name: nac-profile) Nac profile name. type: str more...
- neighbor_report_dual_band (Alias name: neighbor-report-dual-band) Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
- address_group_policy (Alias name: address-group-policy) Configure mac address filtering policy for mac addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
- antivirus_profile (Alias name: antivirus-profile) Antivirus profile name. type: str more...
- application_detection_engine (Alias name: application-detection-engine) Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
- application_list (Alias name: application-list) Application control list name. type: str more...
- application_report_intv (Alias name: application-report-intv) Application report interval (30 - 864000 sec, default = 120). type: int more...
- auth_cert (Alias name: auth-cert) Https server certificate. type: str more...
- auth_portal_addr (Alias name: auth-portal-addr) Address of captive portal. type: str more...
- beacon_advertising (Alias name: beacon-advertising) type: list choices: [name, model, serial-number] more...
- ips_sensor (Alias name: ips-sensor) Ips sensor name. type: str more...
- l3_roaming (Alias name: l3-roaming) Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
- local_standalone_dns (Alias name: local-standalone-dns) Enable/disable ap local standalone dns. type: str choices: [disable, enable] more...
- local_standalone_dns_ip (Alias name: local-standalone-dns-ip) type: list more...
- osen Enable/disable osen as part of key management (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_auth (Alias name: radius-mac-mpsk-auth) Enable/disable radius-based mac authentication of clients for mpsk authentication (default = disable). type: str choices: [disable, enable] more...
- radius_mac_mpsk_timeout (Alias name: radius-mac-mpsk-timeout) Radius mac mpsk cache timeout interval (1800 - 864000, default = 86400). type: int more...
- rates_11ax_ss12 (Alias name: rates-11ax-ss12) type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
- rates_11ax_ss34 (Alias name: rates-11ax-ss34) type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
- scan_botnet_connections (Alias name: scan-botnet-connections) Block or monitor connections to botnet servers or disable botnet scanning. type: str choices: [disable, block, monitor] more...
- utm_log (Alias name: utm-log) Enable/disable utm logging. type: str choices: [disable, enable] more...
- utm_status (Alias name: utm-status) Enable to add one or more security profiles (av, ips, etc. type: str choices: [disable, enable] more...
- webfilter_profile (Alias name: webfilter-profile) Webfilter profile name. type: str more...
- sae_h2e_only (Alias name: sae-h2e-only) Use hash-to-element-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
- sae_pk (Alias name: sae-pk) Enable/disable wpa3 sae-pk (default = disable). type: str choices: [disable, enable] more...
- sae_private_key (Alias name: sae-private-key) Private key used for wpa3 sae-pk authentication. type: str more...
- sticky_client_threshold_6g (Alias name: sticky-client-threshold-6g) Minimum signal level/threshold in dbm required for the 6g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
- application_dscp_marking (Alias name: application-dscp-marking) Enable/disable application attribute based dscp marking (default = disable). type: str choices: [disable, enable] more...
- l3_roaming_mode (Alias name: l3-roaming-mode) Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
- rates_11ac_mcs_map (Alias name: rates-11ac-mcs-map) Comma separated list of max supported vht mcs for spatial streams 1 through 8. type: str more...
- rates_11ax_mcs_map (Alias name: rates-11ax-mcs-map) Comma separated list of max supported he mcs for spatial streams 1 through 8. type: str more...
- captive_portal_fw_accounting (Alias name: captive-portal-fw-accounting) Enable/disable radius accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
- radius_mac_auth_block_interval (Alias name: radius-mac-auth-block-interval) Dont send radius mac auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
- _is_factory_setting type: str choices: [disable, enable, ext] default: disable more...
- d80211k (Alias name: 80211k) Enable/disable 802. type: str choices: [disable, enable] more...
- d80211v (Alias name: 80211v) Enable/disable 802. type: str choices: [disable, enable] more...
- roaming_acct_interim_update (Alias name: roaming-acct-interim-update) Enable/disable using accounting interim update instead of accounting start/stop on roaming for wpa-enterprise security. type: str choices: [disable, enable] more...
- sae_hnp_only (Alias name: sae-hnp-only) Use hunting-and-pecking-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fortinet.fortimanager.fmgr_vap_dynamicmapping:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
vap: <your own value>
state: present # <value in [present, absent]>
vap_dynamicmapping:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen_forticlient_connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct_interim_interval: <integer>
address_group: <string>
alias: <string>
atf_weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
client_count: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
local_switching: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe_groups:
- 19
- 20
- 21
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11ac_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates_11ac_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates_11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11n_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates_11n_ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae_groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae_password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <list or string>
vlan_auto: <value in [disable, enable]>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
mu_mimo: <value in [disable, enable]>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
additional_akms:
- akm6
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- name
- model
- serial-number
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates_11ax_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.