Try SpotterConfigure interfaces in Fortinet's FortiOS and FortiGate.
| "added in version" 2.8 of ansible.builtin"
Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
pipInstall with pip install ansible==2.8.20
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure interfaces.
fortios_system_interface:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_interface:
state: "present"
ac-name: "<your_own_value>"
aggregate: "<your_own_value>"
algorithm: "L2"
alias: "<your_own_value>"
allowaccess: "ping"
ap-discover: "enable"
arpforward: "enable"
auth-type: "auto"
auto-auth-extension-device: "enable"
bfd: "global"
bfd-desired-min-tx: "13"
bfd-detect-mult: "14"
bfd-required-min-rx: "15"
broadcast-forticlient-discovery: "enable"
broadcast-forward: "enable"
captive-portal: "18"
cli-conn-status: "19"
color: "20"
dedicated-to: "none"
defaultgw: "enable"
description: "<your_own_value>"
detected-peer-mtu: "24"
detectprotocol: "ping"
detectserver: "<your_own_value>"
device-access-list: "<your_own_value>"
device-identification: "enable"
device-identification-active-scan: "enable"
device-netscan: "disable"
device-user-identification: "enable"
devindex: "32"
dhcp-client-identifier: "myId_33"
dhcp-relay-agent-option: "enable"
dhcp-relay-ip: "<your_own_value>"
dhcp-relay-service: "disable"
dhcp-relay-type: "regular"
dhcp-renew-time: "38"
disc-retry-timeout: "39"
disconnect-threshold: "40"
distance: "41"
dns-server-override: "enable"
drop-fragment: "enable"
drop-overlapped-fragment: "enable"
egress-shaping-profile: "<your_own_value>"
endpoint-compliance: "enable"
estimated-downstream-bandwidth: "47"
estimated-upstream-bandwidth: "48"
explicit-ftp-proxy: "enable"
explicit-web-proxy: "enable"
external: "enable"
fail-action-on-extender: "soft-restart"
fail-alert-interfaces:
-
name: "default_name_54 (source system.interface.name)"
fail-alert-method: "link-failed-signal"
fail-detect: "enable"
fail-detect-option: "detectserver"
fortiheartbeat: "enable"
fortilink: "enable"
fortilink-backup-link: "60"
fortilink-split-interface: "enable"
fortilink-stacking: "enable"
forward-domain: "63"
gwdetect: "enable"
ha-priority: "65"
icmp-accept-redirect: "enable"
icmp-send-redirect: "enable"
ident-accept: "enable"
idle-timeout: "69"
inbandwidth: "70"
ingress-spillover-threshold: "71"
interface: "<your_own_value> (source system.interface.name)"
internal: "73"
ip: "<your_own_value>"
ipmac: "enable"
ips-sniffer-mode: "enable"
ipunnumbered: "<your_own_value>"
ipv6:
autoconf: "enable"
dhcp6-client-options: "rapid"
dhcp6-information-request: "enable"
dhcp6-prefix-delegation: "enable"
dhcp6-prefix-hint: "<your_own_value>"
dhcp6-prefix-hint-plt: "84"
dhcp6-prefix-hint-vlt: "85"
dhcp6-relay-ip: "<your_own_value>"
dhcp6-relay-service: "disable"
dhcp6-relay-type: "regular"
ip6-address: "<your_own_value>"
ip6-allowaccess: "ping"
ip6-default-life: "91"
ip6-delegated-prefix-list:
-
autonomous-flag: "enable"
onlink-flag: "enable"
prefix-id: "95"
rdnss: "<your_own_value>"
rdnss-service: "delegated"
subnet: "<your_own_value>"
upstream-interface: "<your_own_value> (source system.interface.name)"
ip6-dns-server-override: "enable"
ip6-extra-addr:
-
prefix: "<your_own_value>"
ip6-hop-limit: "103"
ip6-link-mtu: "104"
ip6-manage-flag: "enable"
ip6-max-interval: "106"
ip6-min-interval: "107"
ip6-mode: "static"
ip6-other-flag: "enable"
ip6-prefix-list:
-
autonomous-flag: "enable"
dnssl:
-
domain: "<your_own_value>"
onlink-flag: "enable"
preferred-life-time: "115"
prefix: "<your_own_value>"
rdnss: "<your_own_value>"
valid-life-time: "118"
ip6-reachable-time: "119"
ip6-retrans-time: "120"
ip6-send-adv: "enable"
ip6-subnet: "<your_own_value>"
ip6-upstream-interface: "<your_own_value> (source system.interface.name)"
nd-cert: "<your_own_value> (source certificate.local.name)"
nd-cga-modifier: "<your_own_value>"
nd-mode: "basic"
nd-security-level: "127"
nd-timestamp-delta: "128"
nd-timestamp-fuzz: "129"
vrip6_link_local: "<your_own_value>"
vrrp-virtual-mac6: "enable"
vrrp6:
-
accept-mode: "enable"
adv-interval: "134"
preempt: "enable"
priority: "136"
start-time: "137"
status: "enable"
vrdst6: "<your_own_value>"
vrgrp: "140"
vrid: "141"
vrip6: "<your_own_value>"
l2forward: "enable"
lacp-ha-slave: "enable"
lacp-mode: "static"
lacp-speed: "slow"
lcp-echo-interval: "147"
lcp-max-echo-fails: "148"
link-up-delay: "149"
lldp-transmission: "enable"
macaddr: "<your_own_value>"
managed-device:
-
name: "default_name_153"
management-ip: "<your_own_value>"
member:
-
interface-name: "<your_own_value> (source system.interface.name)"
min-links: "157"
min-links-down: "operational"
mode: "static"
mtu: "160"
mtu-override: "enable"
name: "default_name_162"
ndiscforward: "enable"
netbios-forward: "disable"
netflow-sampler: "disable"
outbandwidth: "166"
padt-retry-timeout: "167"
password: "<your_own_value>"
ping-serv-status: "169"
polling-interval: "170"
pppoe-unnumbered-negotiate: "enable"
pptp-auth-type: "auto"
pptp-client: "enable"
pptp-password: "<your_own_value>"
pptp-server-ip: "<your_own_value>"
pptp-timeout: "176"
pptp-user: "<your_own_value>"
preserve-session-route: "enable"
priority: "179"
priority-override: "enable"
proxy-captive-portal: "enable"
redundant-interface: "<your_own_value>"
remote-ip: "<your_own_value>"
replacemsg-override-group: "<your_own_value>"
role: "lan"
sample-direction: "tx"
sample-rate: "187"
scan-botnet-connections: "disable"
secondary-IP: "enable"
secondaryip:
-
allowaccess: "ping"
detectprotocol: "ping"
detectserver: "<your_own_value>"
gwdetect: "enable"
ha-priority: "195"
id: "196"
ip: "<your_own_value>"
ping-serv-status: "198"
security-exempt-list: "<your_own_value>"
security-external-logout: "<your_own_value>"
security-external-web: "<your_own_value>"
security-groups:
-
name: "default_name_203"
security-mac-auth-bypass: "enable"
security-mode: "none"
security-redirect-url: "<your_own_value>"
service-name: "<your_own_value>"
sflow-sampler: "enable"
snmp-index: "209"
speed: "auto"
spillover-threshold: "211"
src-check: "enable"
status: "up"
stpforward: "enable"
stpforward-mode: "rpl-all-ext-id"
subst: "enable"
substitute-dst-mac: "<your_own_value>"
switch: "<your_own_value>"
switch-controller-access-vlan: "enable"
switch-controller-arp-inspection: "enable"
switch-controller-dhcp-snooping: "enable"
switch-controller-dhcp-snooping-option82: "enable"
switch-controller-dhcp-snooping-verify-mac: "enable"
switch-controller-igmp-snooping: "enable"
switch-controller-learning-limit: "225"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_228"
tags:
-
name: "default_name_230 (source system.object-tagging.tags.name)"
tcp-mss: "231"
trust-ip-1: "<your_own_value>"
trust-ip-2: "<your_own_value>"
trust-ip-3: "<your_own_value>"
trust-ip6-1: "<your_own_value>"
trust-ip6-2: "<your_own_value>"
trust-ip6-3: "<your_own_value>"
type: "physical"
username: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vindex: "241"
vlanforward: "enable"
vlanid: "243"
vrf: "244"
vrrp:
-
accept-mode: "enable"
adv-interval: "247"
preempt: "enable"
priority: "249"
proxy-arp:
-
id: "251"
ip: "<your_own_value>"
start-time: "253"
status: "enable"
version: "2"
vrdst: "<your_own_value>"
vrdst-priority: "257"
vrgrp: "258"
vrid: "259"
vrip: "<your_own_value>"
vrrp-virtual-mac: "enable"
wccp: "enable"
weight: "263"
wins-ip: "<your_own_value>"
host:
description:
- FortiOS or FortiGate ip address.
required: true
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
https:
default: true
description:
- Indicates if the requests towards FortiGate must use HTTPS protocol
type: bool
password:
default: ''
description:
- FortiOS or FortiGate password.
username:
description:
- FortiOS or FortiGate username.
required: true
system_interface:
default: null
description:
- Configure interfaces.
suboptions:
ac-name:
description:
- PPPoE server name.
aggregate:
description:
- Aggregate interface.
algorithm:
choices:
- L2
- L3
- L4
description:
- Frame distribution algorithm.
alias:
description:
- Alias will be displayed with the interface name to make it easier to distinguish.
allowaccess:
choices:
- ping
- https
- ssh
- snmp
- http
- telnet
- fgfm
- radius-acct
- probe-response
- capwap
- ftm
description:
- Permitted types of management access to this interface.
ap-discover:
choices:
- enable
- disable
description:
- Enable/disable automatic registration of unknown FortiAP devices.
arpforward:
choices:
- enable
- disable
description:
- Enable/disable ARP forwarding.
auth-type:
choices:
- auto
- pap
- chap
- mschapv1
- mschapv2
description:
- PPP authentication type to use.
auto-auth-extension-device:
choices:
- enable
- disable
description:
- Enable/disable automatic authorization of dedicated Fortinet extension device
on this interface.
bfd:
choices:
- global
- enable
- disable
description:
- Bidirectional Forwarding Detection (BFD) settings.
bfd-desired-min-tx:
description:
- BFD desired minimal transmit interval.
bfd-detect-mult:
description:
- BFD detection multiplier.
bfd-required-min-rx:
description:
- BFD required minimal receive interval.
broadcast-forticlient-discovery:
choices:
- enable
- disable
description:
- Enable/disable broadcasting FortiClient discovery messages.
broadcast-forward:
choices:
- enable
- disable
description:
- Enable/disable broadcast forwarding.
captive-portal:
description:
- Enable/disable captive portal.
cli-conn-status:
description:
- CLI connection status.
color:
description:
- Color of icon on the GUI.
dedicated-to:
choices:
- none
- management
description:
- Configure interface for single purpose.
defaultgw:
choices:
- enable
- disable
description:
- Enable to get the gateway IP from the DHCP or PPPoE server.
description:
description:
- Description.
detected-peer-mtu:
description:
- MTU of detected peer (0 - 4294967295).
detectprotocol:
choices:
- ping
- tcp-echo
- udp-echo
description:
- Protocols used to detect the server.
detectserver:
description:
- Gateway's ping server for this IP.
device-access-list:
description:
- Device access list.
device-identification:
choices:
- enable
- disable
description:
- Enable/disable passively gathering of device identity information about the
devices on the network connected to this interface.
device-identification-active-scan:
choices:
- enable
- disable
description:
- Enable/disable active gathering of device identity information about the devices
on the network connected to this interface.
device-netscan:
choices:
- disable
- enable
description:
- Enable/disable inclusion of devices detected on this interface in network vulnerability
scans.
device-user-identification:
choices:
- enable
- disable
description:
- Enable/disable passive gathering of user identity information about users on
this interface.
devindex:
description:
- Device Index.
dhcp-client-identifier:
description:
- DHCP client identifier.
dhcp-relay-agent-option:
choices:
- enable
- disable
description:
- Enable/disable DHCP relay agent option.
dhcp-relay-ip:
description:
- DHCP relay IP address.
dhcp-relay-service:
choices:
- disable
- enable
description:
- Enable/disable allowing this interface to act as a DHCP relay.
dhcp-relay-type:
choices:
- regular
- ipsec
description:
- DHCP relay type (regular or IPsec).
dhcp-renew-time:
description:
- DHCP renew time in seconds (300-604800), 0 means use the renew time provided
by the server.
disc-retry-timeout:
description:
- Time in seconds to wait before retrying to start a PPPoE discovery, 0 means
no timeout.
disconnect-threshold:
description:
- Time in milliseconds to wait before sending a notification that this interface
is down or disconnected.
distance:
description:
- Distance for routes learned through PPPoE or DHCP, lower distance indicates
preferred route.
dns-server-override:
choices:
- enable
- disable
description:
- Enable/disable use DNS acquired by DHCP or PPPoE.
drop-fragment:
choices:
- enable
- disable
description:
- Enable/disable drop fragment packets.
drop-overlapped-fragment:
choices:
- enable
- disable
description:
- Enable/disable drop overlapped fragment packets.
egress-shaping-profile:
description:
- Outgoing traffic shaping profile.
endpoint-compliance:
choices:
- enable
- disable
description:
- Enable/disable endpoint compliance enforcement.
estimated-downstream-bandwidth:
description:
- Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
estimated-upstream-bandwidth:
description:
- Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
explicit-ftp-proxy:
choices:
- enable
- disable
description:
- Enable/disable the explicit FTP proxy on this interface.
explicit-web-proxy:
choices:
- enable
- disable
description:
- Enable/disable the explicit web proxy on this interface.
external:
choices:
- enable
- disable
description:
- Enable/disable identifying the interface as an external interface (which usually
means it's connected to the Internet).
fail-action-on-extender:
choices:
- soft-restart
- hard-restart
- reboot
description:
- Action on extender when interface fail .
fail-alert-interfaces:
description:
- Names of the FortiGate interfaces from which the link failure alert is sent
for this interface.
suboptions:
name:
description:
- Names of the physical interfaces belonging to the aggregate or redundant
interface. Source system.interface.name.
required: true
fail-alert-method:
choices:
- link-failed-signal
- link-down
description:
- Select link-failed-signal or link-down method to alert about a failed link.
fail-detect:
choices:
- enable
- disable
description:
- Enable/disable fail detection features for this interface.
fail-detect-option:
choices:
- detectserver
- link-down
description:
- Options for detecting that this interface has failed.
fortiheartbeat:
choices:
- enable
- disable
description:
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI).
fortilink:
choices:
- enable
- disable
description:
- Enable FortiLink to dedicate this interface to manage other Fortinet devices.
fortilink-backup-link:
description:
- fortilink split interface backup link.
fortilink-split-interface:
choices:
- enable
- disable
description:
- Enable/disable FortiLink split interface to connect member link to different
FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members"
command).
fortilink-stacking:
choices:
- enable
- disable
description:
- Enable/disable FortiLink switch-stacking on this interface.
forward-domain:
description:
- Transparent mode forward domain.
gwdetect:
choices:
- enable
- disable
description:
- Enable/disable detect gateway alive for first.
ha-priority:
description:
- HA election priority for the PING server.
icmp-accept-redirect:
choices:
- enable
- disable
description:
- Enable/disable ICMP accept redirect.
icmp-send-redirect:
choices:
- enable
- disable
description:
- Enable/disable ICMP send redirect.
ident-accept:
choices:
- enable
- disable
description:
- Enable/disable authentication for this interface.
idle-timeout:
description:
- PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
inbandwidth:
description:
- Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited.
ingress-spillover-threshold:
description:
- Ingress Spillover threshold (0 - 16776000 kbps).
interface:
description:
- Interface name. Source system.interface.name.
internal:
description:
- Implicitly created.
ip:
description:
- 'Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.'
ipmac:
choices:
- enable
- disable
description:
- Enable/disable IP/MAC binding.
ips-sniffer-mode:
choices:
- enable
- disable
description:
- Enable/disable the use of this interface as a one-armed sniffer.
ipunnumbered:
description:
- Unnumbered IP used for PPPoE interfaces for which no unique local address is
provided.
ipv6:
description:
- IPv6 of interface.
suboptions:
autoconf:
choices:
- enable
- disable
description:
- Enable/disable address auto config.
dhcp6-client-options:
choices:
- rapid
- iapd
- iana
description:
- DHCPv6 client options.
dhcp6-information-request:
choices:
- enable
- disable
description:
- Enable/disable DHCPv6 information request.
dhcp6-prefix-delegation:
choices:
- enable
- disable
description:
- Enable/disable DHCPv6 prefix delegation.
dhcp6-prefix-hint:
description:
- DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
dhcp6-prefix-hint-plt:
description:
- DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
dhcp6-prefix-hint-vlt:
description:
- DHCPv6 prefix hint valid life time (sec).
dhcp6-relay-ip:
description:
- DHCPv6 relay IP address.
dhcp6-relay-service:
choices:
- disable
- enable
description:
- Enable/disable DHCPv6 relay.
dhcp6-relay-type:
choices:
- regular
description:
- DHCPv6 relay type.
ip6-address:
description:
- 'Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx'
ip6-allowaccess:
choices:
- ping
- https
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
description:
- Allow management access to the interface.
ip6-default-life:
description:
- Default life (sec).
ip6-delegated-prefix-list:
description:
- Advertised IPv6 delegated prefix list.
suboptions:
autonomous-flag:
choices:
- enable
- disable
description:
- Enable/disable the autonomous flag.
onlink-flag:
choices:
- enable
- disable
description:
- Enable/disable the onlink flag.
prefix-id:
description:
- Prefix ID.
required: true
rdnss:
description:
- Recursive DNS server option.
rdnss-service:
choices:
- delegated
- default
- specify
description:
- Recursive DNS service option.
subnet:
description:
- Add subnet ID to routing prefix.
upstream-interface:
description:
- Name of the interface that provides delegated information. Source system.interface.name.
ip6-dns-server-override:
choices:
- enable
- disable
description:
- Enable/disable using the DNS server acquired by DHCP.
ip6-extra-addr:
description:
- Extra IPv6 address prefixes of interface.
suboptions:
prefix:
description:
- IPv6 address prefix.
required: true
ip6-hop-limit:
description:
- Hop limit (0 means unspecified).
ip6-link-mtu:
description:
- IPv6 link MTU.
ip6-manage-flag:
choices:
- enable
- disable
description:
- Enable/disable the managed flag.
ip6-max-interval:
description:
- IPv6 maximum interval (4 to 1800 sec).
ip6-min-interval:
description:
- IPv6 minimum interval (3 to 1350 sec).
ip6-mode:
choices:
- static
- dhcp
- pppoe
- delegated
description:
- Addressing mode (static, DHCP, delegated).
ip6-other-flag:
choices:
- enable
- disable
description:
- Enable/disable the other IPv6 flag.
ip6-prefix-list:
description:
- Advertised prefix list.
suboptions:
autonomous-flag:
choices:
- enable
- disable
description:
- Enable/disable the autonomous flag.
dnssl:
description:
- DNS search list option.
suboptions:
domain:
description:
- Domain name.
required: true
onlink-flag:
choices:
- enable
- disable
description:
- Enable/disable the onlink flag.
preferred-life-time:
description:
- Preferred life time (sec).
prefix:
description:
- IPv6 prefix.
required: true
rdnss:
description:
- Recursive DNS server option.
valid-life-time:
description:
- Valid life time (sec).
ip6-reachable-time:
description:
- IPv6 reachable time (milliseconds; 0 means unspecified).
ip6-retrans-time:
description:
- IPv6 retransmit time (milliseconds; 0 means unspecified).
ip6-send-adv:
choices:
- enable
- disable
description:
- Enable/disable sending advertisements about the interface.
ip6-subnet:
description:
- ' Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx'
ip6-upstream-interface:
description:
- Interface name providing delegated information. Source system.interface.name.
nd-cert:
description:
- Neighbor discovery certificate. Source certificate.local.name.
nd-cga-modifier:
description:
- Neighbor discovery CGA modifier.
nd-mode:
choices:
- basic
- SEND-compatible
description:
- Neighbor discovery mode.
nd-security-level:
description:
- Neighbor discovery security level (0 - 7; 0 = least secure, default = 0).
nd-timestamp-delta:
description:
- Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300).
nd-timestamp-fuzz:
description:
- Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1).
vrip6_link_local:
description:
- Link-local IPv6 address of virtual router.
vrrp-virtual-mac6:
choices:
- enable
- disable
description:
- Enable/disable virtual MAC for VRRP.
vrrp6:
description:
- IPv6 VRRP configuration.
suboptions:
accept-mode:
choices:
- enable
- disable
description:
- Enable/disable accept mode.
adv-interval:
description:
- Advertisement interval (1 - 255 seconds).
preempt:
choices:
- enable
- disable
description:
- Enable/disable preempt mode.
priority:
description:
- Priority of the virtual router (1 - 255).
start-time:
description:
- Startup time (1 - 255 seconds).
status:
choices:
- enable
- disable
description:
- Enable/disable VRRP.
vrdst6:
description:
- Monitor the route to this destination.
vrgrp:
description:
- VRRP group ID (1 - 65535).
vrid:
description:
- Virtual router identifier (1 - 255).
required: true
vrip6:
description:
- IPv6 address of the virtual router.
l2forward:
choices:
- enable
- disable
description:
- Enable/disable l2 forwarding.
lacp-ha-slave:
choices:
- enable
- disable
description:
- LACP HA slave.
lacp-mode:
choices:
- static
- passive
- active
description:
- LACP mode.
lacp-speed:
choices:
- slow
- fast
description:
- How often the interface sends LACP messages.
lcp-echo-interval:
description:
- Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
lcp-max-echo-fails:
description:
- Maximum missed LCP echo messages before disconnect.
link-up-delay:
description:
- Number of milliseconds to wait before considering a link is up.
lldp-transmission:
choices:
- enable
- disable
- vdom
description:
- Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
macaddr:
description:
- Change the interface's MAC address.
managed-device:
description:
- Available when FortiLink is enabled, used for managed devices through FortiLink
interface.
suboptions:
name:
description:
- Managed dev identifier.
required: true
management-ip:
description:
- High Availability in-band management IP address of this interface.
member:
description:
- Physical interfaces that belong to the aggregate or redundant interface.
suboptions:
interface-name:
description:
- Physical interface name. Source system.interface.name.
required: true
min-links:
description:
- Minimum number of aggregated ports that must be up.
min-links-down:
choices:
- operational
- administrative
description:
- Action to take when less than the configured minimum number of links are active.
mode:
choices:
- static
- dhcp
- pppoe
description:
- Addressing mode (static, DHCP, PPPoE).
mtu:
description:
- MTU value for this interface.
mtu-override:
choices:
- enable
- disable
description:
- Enable to set a custom MTU for this interface.
name:
description:
- Name.
required: true
ndiscforward:
choices:
- enable
- disable
description:
- Enable/disable NDISC forwarding.
netbios-forward:
choices:
- disable
- enable
description:
- Enable/disable NETBIOS forwarding.
netflow-sampler:
choices:
- disable
- tx
- rx
- both
description:
- Enable/disable NetFlow on this interface and set the data that NetFlow collects
(rx, tx, or both).
outbandwidth:
description:
- Bandwidth limit for outgoing traffic (0 - 16776000 kbps).
padt-retry-timeout:
description:
- PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an
idle time.
password:
description:
- PPPoE account's password.
ping-serv-status:
description:
- PING server status.
polling-interval:
description:
- sFlow polling interval (1 - 255 sec).
pppoe-unnumbered-negotiate:
choices:
- enable
- disable
description:
- Enable/disable PPPoE unnumbered negotiation.
pptp-auth-type:
choices:
- auto
- pap
- chap
- mschapv1
- mschapv2
description:
- PPTP authentication type.
pptp-client:
choices:
- enable
- disable
description:
- Enable/disable PPTP client.
pptp-password:
description:
- PPTP password.
pptp-server-ip:
description:
- PPTP server IP address.
pptp-timeout:
description:
- Idle timer in minutes (0 for disabled).
pptp-user:
description:
- PPTP user name.
preserve-session-route:
choices:
- enable
- disable
description:
- Enable/disable preservation of session route when dirty.
priority:
description:
- Priority of learned routes.
priority-override:
choices:
- enable
- disable
description:
- Enable/disable fail back to higher priority port once recovered.
proxy-captive-portal:
choices:
- enable
- disable
description:
- Enable/disable proxy captive portal on this interface.
redundant-interface:
description:
- Redundant interface.
remote-ip:
description:
- Remote IP address of tunnel.
replacemsg-override-group:
description:
- Replacement message override group.
role:
choices:
- lan
- wan
- dmz
- undefined
description:
- Interface role.
sample-direction:
choices:
- tx
- rx
- both
description:
- Data that NetFlow collects (rx, tx, or both).
sample-rate:
description:
- sFlow sample rate (10 - 99999).
scan-botnet-connections:
choices:
- disable
- block
- monitor
description:
- Enable monitoring or blocking connections to Botnet servers through this interface.
secondary-IP:
choices:
- enable
- disable
description:
- Enable/disable adding a secondary IP to this interface.
secondaryip:
description:
- Second IP address of interface.
suboptions:
allowaccess:
choices:
- ping
- https
- ssh
- snmp
- http
- telnet
- fgfm
- radius-acct
- probe-response
- capwap
- ftm
description:
- Management access settings for the secondary IP address.
detectprotocol:
choices:
- ping
- tcp-echo
- udp-echo
description:
- Protocols used to detect the server.
detectserver:
description:
- Gateway's ping server for this IP.
gwdetect:
choices:
- enable
- disable
description:
- Enable/disable detect gateway alive for first.
ha-priority:
description:
- HA election priority for the PING server.
id:
description:
- ID.
required: true
ip:
description:
- Secondary IP address of the interface.
ping-serv-status:
description:
- PING server status.
security-exempt-list:
description:
- Name of security-exempt-list.
security-external-logout:
description:
- URL of external authentication logout server.
security-external-web:
description:
- URL of external authentication web server.
security-groups:
description:
- User groups that can authenticate with the captive portal.
suboptions:
name:
description:
- Names of user groups that can authenticate with the captive portal.
required: true
security-mac-auth-bypass:
choices:
- enable
- disable
description:
- Enable/disable MAC authentication bypass.
security-mode:
choices:
- none
- captive-portal
- 802.1X
description:
- Turn on captive portal authentication for this interface.
security-redirect-url:
description:
- URL redirection after disclaimer/authentication.
service-name:
description:
- PPPoE service name.
sflow-sampler:
choices:
- enable
- disable
description:
- Enable/disable sFlow on this interface.
snmp-index:
description:
- Permanent SNMP Index of the interface.
speed:
choices:
- auto
- 10full
- 10half
- 100full
- 100half
- 1000full
- 1000half
- 1000auto
description:
- Interface speed. The default setting and the options available depend on the
interface hardware.
spillover-threshold:
description:
- Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
src-check:
choices:
- enable
- disable
description:
- Enable/disable source IP check.
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object
status:
choices:
- up
- down
description:
- Bring the interface up or shut the interface down.
stpforward:
choices:
- enable
- disable
description:
- Enable/disable STP forwarding.
stpforward-mode:
choices:
- rpl-all-ext-id
- rpl-bridge-ext-id
- rpl-nothing
description:
- Configure STP forwarding mode.
subst:
choices:
- enable
- disable
description:
- Enable to always send packets from this interface to a destination MAC address.
substitute-dst-mac:
description:
- Destination MAC address that all packets are sent to from this interface.
switch:
description:
- Contained in switch.
switch-controller-access-vlan:
choices:
- enable
- disable
description:
- Block FortiSwitch port-to-port traffic.
switch-controller-arp-inspection:
choices:
- enable
- disable
description:
- Enable/disable FortiSwitch ARP inspection.
switch-controller-dhcp-snooping:
choices:
- enable
- disable
description:
- Switch controller DHCP snooping.
switch-controller-dhcp-snooping-option82:
choices:
- enable
- disable
description:
- Switch controller DHCP snooping option82.
switch-controller-dhcp-snooping-verify-mac:
choices:
- enable
- disable
description:
- Switch controller DHCP snooping verify MAC.
switch-controller-igmp-snooping:
choices:
- enable
- disable
description:
- Switch controller IGMP snooping.
switch-controller-learning-limit:
description:
- Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit,
default).
tagging:
description:
- Config object tagging.
suboptions:
category:
description:
- Tag category. Source system.object-tagging.category.
name:
description:
- Tagging entry name.
required: true
tags:
description:
- Tags.
suboptions:
name:
description:
- Tag name. Source system.object-tagging.tags.name.
required: true
tcp-mss:
description:
- TCP maximum segment size. 0 means do not change segment size.
trust-ip-1:
description:
- Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip-2:
description:
- Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip-3:
description:
- Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip6-1:
description:
- Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust-ip6-2:
description:
- Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust-ip6-3:
description:
- Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
type:
choices:
- physical
- vlan
- aggregate
- redundant
- tunnel
- vdom-link
- loopback
- switch
- hard-switch
- vap-switch
- wl-mesh
- fext-wan
- vxlan
- hdlc
- switch-vlan
description:
- Interface type.
username:
description:
- Username of the PPPoE account, provided by your ISP.
vdom:
description:
- Interface is in this virtual domain (VDOM). Source system.vdom.name.
vindex:
description:
- Switch control interface VLAN ID.
vlanforward:
choices:
- enable
- disable
description:
- Enable/disable traffic forwarding between VLANs on this interface.
vlanid:
description:
- VLAN ID (1 - 4094).
vrf:
description:
- Virtual Routing Forwarding ID.
vrrp:
description:
- VRRP configuration.
suboptions:
accept-mode:
choices:
- enable
- disable
description:
- Enable/disable accept mode.
adv-interval:
description:
- Advertisement interval (1 - 255 seconds).
preempt:
choices:
- enable
- disable
description:
- Enable/disable preempt mode.
priority:
description:
- Priority of the virtual router (1 - 255).
proxy-arp:
description:
- VRRP Proxy ARP configuration.
suboptions:
id:
description:
- ID.
required: true
ip:
description:
- Set IP addresses of proxy ARP.
start-time:
description:
- Startup time (1 - 255 seconds).
status:
choices:
- enable
- disable
description:
- Enable/disable this VRRP configuration.
version:
choices:
- 2
- 3
description:
- VRRP version.
vrdst:
description:
- Monitor the route to this destination.
vrdst-priority:
description:
- Priority of the virtual router when the virtual router destination becomes
unreachable (0 - 254).
vrgrp:
description:
- VRRP group ID (1 - 65535).
vrid:
description:
- Virtual router identifier (1 - 255).
required: true
vrip:
description:
- IP address of the virtual router.
vrrp-virtual-mac:
choices:
- enable
- disable
description:
- Enable/disable use of virtual MAC for VRRP.
wccp:
choices:
- enable
- disable
description:
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication
between WCCP clients and servers.
weight:
description:
- Default weight for static routes (if route has no weight configured).
wins-ip:
description:
- WINS server IP.
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str