fmgr_vpnmgr_node – VPN node for VPN Manager.

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

• Argument name before 3.0.0: var-name, var name, var.name

• New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values need to be adjusted to data sources before usage.

• Tested with FortiManager v6.x and v7.x.

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

• access_token -The token to access FortiManager without using username and password. type: str required: false
• bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
• enable_log - Enable/Disable logging for task. type: bool required: false default: False
• forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
• proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
• rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
• rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
• state - The directive to create, update or delete an object type: str required: true choices: present, absent
• workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
• workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
• adom - The parameter in requested url type: str required: true
• vpnmgr_node - VPN node for VPN Manager. type: dict
• add_route (Alias name: add-route) Add-route. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• assign_ip (Alias name: assign-ip) Assign-ip. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• assign_ip_from (Alias name: assign-ip-from) Assign-ip-from. type: str choices: [range, usrgrp, dhcp, name] more...

  Supported Version Ranges: v6.0.0 -> latest

• authpasswd Authpasswd. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

• authusr Authusr. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• authusrgrp Authusrgrp. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• auto_configuration (Alias name: auto-configuration) Auto-configuration. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• automatic_routing Automatic_routing. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• banner Banner. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• default_gateway (Alias name: default-gateway) Default-gateway. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• dhcp_server (Alias name: dhcp-server) Dhcp-server. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• dns_mode (Alias name: dns-mode) Dns-mode. type: str choices: [auto, manual] more...

  Supported Version Ranges: v6.0.0 -> latest

• dns_service (Alias name: dns-service) Dns-service. type: str choices: [default, specify, local] more...

  Supported Version Ranges: v6.0.0 -> latest

• domain Domain. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• extgw Extgw. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• extgw_hubip Extgw_hubip. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• extgw_p2_per_net Extgw_p2_per_net. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• extgwip Extgwip. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• hub_iface Hub_iface. type: list or str more...

  Supported Version Ranges: v6.0.0 -> latest

• id Id. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• iface Iface. type: list or str more...

  Supported Version Ranges: v6.0.0 -> latest

• ip_range (Alias name: ip-range) Ip-range. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • end_ip (Alias name: end-ip) End-ip. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • id Id. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • start_ip (Alias name: start-ip) Start-ip. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

• ipsec_lease_hold (Alias name: ipsec-lease-hold) Ipsec-lease-hold. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_dns_server1 (Alias name: ipv4-dns-server1) Ipv4-dns-server1. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_dns_server2 (Alias name: ipv4-dns-server2) Ipv4-dns-server2. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_dns_server3 (Alias name: ipv4-dns-server3) Ipv4-dns-server3. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_end_ip (Alias name: ipv4-end-ip) Ipv4-end-ip. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_exclude_range (Alias name: ipv4-exclude-range) Ipv4-exclude-range. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • end_ip (Alias name: end-ip) End-ip. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • id Id. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • start_ip (Alias name: start-ip) Start-ip. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

• ipv4_netmask (Alias name: ipv4-netmask) Ipv4-netmask. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_split_include (Alias name: ipv4-split-include) Ipv4-split-include. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_start_ip (Alias name: ipv4-start-ip) Ipv4-start-ip. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_wins_server1 (Alias name: ipv4-wins-server1) Ipv4-wins-server1. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• ipv4_wins_server2 (Alias name: ipv4-wins-server2) Ipv4-wins-server2. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• local_gw (Alias name: local-gw) Local-gw. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• localid Localid. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• mode_cfg (Alias name: mode-cfg) Mode-cfg. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• mode_cfg_ip_version (Alias name: mode-cfg-ip-version) Mode-cfg-ip-version. type: str choices: [4, 6] more...

  Supported Version Ranges: v6.0.0 -> latest

• net_device (Alias name: net-device) Net-device. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• peer Peer. type: list or str more...

  Supported Version Ranges: v6.0.0 -> latest

• peergrp Peergrp. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• peerid Peerid. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• peertype Peertype. type: str choices: [any, one, dialup, peer, peergrp] more...

  Supported Version Ranges: v6.0.0 -> latest

• protected_subnet Protected_subnet. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • addr Addr. type: list or str more...

    Supported Version Ranges: v6.0.0 -> latest

  • seq Seq. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

• public_ip (Alias name: public-ip) Public-ip. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• role Role. type: str choices: [hub, spoke] more...

  Supported Version Ranges: v6.0.0 -> latest

• route_overlap (Alias name: route-overlap) Route-overlap. type: str choices: [use-old, use-new, allow] more...

  Supported Version Ranges: v6.0.0 -> latest

• spoke_zone (Alias name: spoke-zone) Spoke-zone. type: list or str more...

  Supported Version Ranges: v6.0.0 -> latest

• summary_addr Summary_addr. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • addr Addr. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • priority Priority. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • seq Seq. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

• tunnel_search (Alias name: tunnel-search) Tunnel-search. type: str choices: [selectors, nexthop] more...

  Supported Version Ranges: v6.0.0 -> latest

• unity_support (Alias name: unity-support) Unity-support. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• usrgrp Usrgrp. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• vpn_interface_priority (Alias name: vpn-interface-priority) Vpn-interface-priority. type: int more...

  Supported Version Ranges: v6.0.0 -> latest

• vpn_zone (Alias name: vpn-zone) Vpn-zone. type: list or str more...

  Supported Version Ranges: v6.0.0 -> latest

• vpntable Vpntable. type: list or str more...

  Supported Version Ranges: v6.0.0 -> latest

• xauthtype Xauthtype. type: str choices: [disable, client, pap, chap, auto] more...

  Supported Version Ranges: v6.0.0 -> latest

• exchange_interface_ip (Alias name: exchange-interface-ip) Exchange-interface-ip. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.2.1 -> latest

• hub_public_ip (Alias name: hub-public-ip) Hub-public-ip. type: str more...

  Supported Version Ranges: v6.2.2 -> latest

• ipv4_split_exclude (Alias name: ipv4-split-exclude) Ipv4-split-exclude. type: str more...

  Supported Version Ranges: v6.4.6 -> latest

• scope_member (Alias name: scope member) type: list more...

  Supported Version Ranges: v6.4.7 -> v6.4.14, v7.0.1 -> latest

  • name type: str more...

    Supported Version Ranges: v6.4.7 -> v6.4.14, v7.0.1 -> latest

  • vdom type: str more...

    Supported Version Ranges: v6.4.7 -> v6.4.14, v7.0.1 -> latest

• dhcp_ra_giaddr (Alias name: dhcp-ra-giaddr) type: str more...

  Supported Version Ranges: v6.4.8 -> v6.4.14, v7.0.4 -> latest

• encapsulation type: str choices: [tunnel-mode, transport-mode] more...

  Supported Version Ranges: v7.0.2 -> latest

• ipv4_name (Alias name: ipv4-name) type: str more...

  Supported Version Ranges: v6.4.8 -> v6.4.14, v7.0.4 -> latest

• l2tp type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.2 -> latest

• auto_discovery_receiver (Alias name: auto-discovery-receiver) type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.8 -> v7.0.12, v7.2.3 -> latest

• auto_discovery_sender (Alias name: auto-discovery-sender) type: str choices: [disable, enable] more...

  Supported Version Ranges: v7.0.8 -> v7.0.12, v7.2.3 -> latest

• network_id (Alias name: network-id) type: int more...

  Supported Version Ranges: v7.0.8 -> v7.0.12, v7.2.3 -> latest

• network_overlay (Alias name: network-overlay) type: str choices: [enable, disable] more...

  Supported Version Ranges: v7.0.8 -> v7.0.12, v7.2.3 -> latest

• protocol type: int more...

  Supported Version Ranges: v7.2.5 -> v7.2.5, v7.4.1 -> latest

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state: present directive.

• To delete an object, use state: absent directive

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: VPN node for VPN Manager.
      fortinet.fortimanager.fmgr_vpnmgr_node:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        vpnmgr_node:
          add_route: <value in [disable, enable]>
          assign_ip: <value in [disable, enable]>
          assign_ip_from: <value in [range, usrgrp, dhcp, ...]>
          authpasswd: <list or string>
          authusr: <string>
          authusrgrp: <string>
          auto_configuration: <value in [disable, enable]>
          automatic_routing: <value in [disable, enable]>
          banner: <string>
          default_gateway: <string>
          dhcp_server: <value in [disable, enable]>
          dns_mode: <value in [auto, manual]>
          dns_service: <value in [default, specify, local]>
          domain: <string>
          extgw: <string>
          extgw_hubip: <string>
          extgw_p2_per_net: <value in [disable, enable]>
          extgwip: <string>
          hub_iface: <list or string>
          id: <integer>
          iface: <list or string>
          ip_range:
            -
              end_ip: <string>
              id: <integer>
              start_ip: <string>
          ipsec_lease_hold: <integer>
          ipv4_dns_server1: <string>
          ipv4_dns_server2: <string>
          ipv4_dns_server3: <string>
          ipv4_end_ip: <string>
          ipv4_exclude_range:
            -
              end_ip: <string>
              id: <integer>
              start_ip: <string>
          ipv4_netmask: <string>
          ipv4_split_include: <string>
          ipv4_start_ip: <string>
          ipv4_wins_server1: <string>
          ipv4_wins_server2: <string>
          local_gw: <string>
          localid: <string>
          mode_cfg: <value in [disable, enable]>
          mode_cfg_ip_version: <value in [4, 6]>
          net_device: <value in [disable, enable]>
          peer: <list or string>
          peergrp: <string>
          peerid: <string>
          peertype: <value in [any, one, dialup, ...]>
          protected_subnet:
            -
              addr: <list or string>
              seq: <integer>
          public_ip: <string>
          role: <value in [hub, spoke]>
          route_overlap: <value in [use-old, use-new, allow]>
          spoke_zone: <list or string>
          summary_addr:
            -
              addr: <string>
              priority: <integer>
              seq: <integer>
          tunnel_search: <value in [selectors, nexthop]>
          unity_support: <value in [disable, enable]>
          usrgrp: <string>
          vpn_interface_priority: <integer>
          vpn_zone: <list or string>
          vpntable: <list or string>
          xauthtype: <value in [disable, client, pap, ...]>
          exchange_interface_ip: <value in [disable, enable]>
          hub_public_ip: <string>
          ipv4_split_exclude: <string>
          scope_member:
            -
              name: <string>
              vdom: <string>
          dhcp_ra_giaddr: <string>
          encapsulation: <value in [tunnel-mode, transport-mode]>
          ipv4_name: <string>
          l2tp: <value in [disable, enable]>
          auto_discovery_receiver: <value in [disable, enable]>
          auto_discovery_sender: <value in [disable, enable]>
          network_id: <integer>
          network_overlay: <value in [enable, disable]>
          protocol: <integer>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• meta - The result of the request.returned: always type: dict
• request_url - The full url requested. returned: always type: str sample: /sys/login/user
• response_code - The status of api request. returned: always type: int sample: 0
• response_data - The data body of the api response. returned: optional type: list or dict
• response_message - The descriptive message of the api response. returned: always type: str sample: OK
• system_information - The information of the target system. returned: always type: dict
• rc - The status the request. returned: always type: int sample: 0
• version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)