Try SpotterConfigure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet's FortiOS and FortiGate.
| "added in version" 2.8 of ansible.builtin"
Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
pipInstall with pip install ansible==2.8.20
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify wireless_controller feature and wtp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
fortios_wireless_controller_wtp_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
wireless_controller_wtp_profile:
state: "present"
allowaccess: "telnet"
ap-country: "NA"
ble-profile: "<your_own_value> (source wireless-controller.ble-profile.name)"
comment: "Comment."
control-message-offload: "ebp-frame"
deny-mac-list:
-
id: "9"
mac: "<your_own_value>"
dtls-in-kernel: "enable"
dtls-policy: "clear-text"
energy-efficient-ethernet: "enable"
ext-info-enable: "enable"
handoff-roaming: "enable"
handoff-rssi: "16"
handoff-sta-thresh: "17"
ip-fragment-preventing: "tcp-mss-adjust"
lan:
port-mode: "offline"
port-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port1-mode: "offline"
port1-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port2-mode: "offline"
port2-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port3-mode: "offline"
port3-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port4-mode: "offline"
port4-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port5-mode: "offline"
port5-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port6-mode: "offline"
port6-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port7-mode: "offline"
port7-ssid: "<your_own_value> (source wireless-controller.vap.name)"
port8-mode: "offline"
port8-ssid: "<your_own_value> (source wireless-controller.vap.name)"
lbs:
aeroscout: "enable"
aeroscout-ap-mac: "bssid"
aeroscout-mmu-report: "enable"
aeroscout-mu: "enable"
aeroscout-mu-factor: "43"
aeroscout-mu-timeout: "44"
aeroscout-server-ip: "<your_own_value>"
aeroscout-server-port: "46"
ekahau-blink-mode: "enable"
ekahau-tag: "<your_own_value>"
erc-server-ip: "<your_own_value>"
erc-server-port: "50"
fortipresence: "foreign"
fortipresence-frequency: "52"
fortipresence-port: "53"
fortipresence-project: "<your_own_value>"
fortipresence-rogue: "enable"
fortipresence-secret: "<your_own_value>"
fortipresence-server: "<your_own_value>"
fortipresence-unassoc: "enable"
station-locate: "enable"
led-schedules:
-
name: "default_name_61 (source firewall.schedule.group.name firewall.schedule.recurring.name)"
led-state: "enable"
lldp: "enable"
login-passwd: "<your_own_value>"
login-passwd-change: "yes"
max-clients: "66"
name: "default_name_67"
platform:
type: "AP-11N"
poe-mode: "auto"
radio-1:
amsdu: "enable"
ap-handoff: "enable"
ap-sniffer-addr: "<your_own_value>"
ap-sniffer-bufsize: "75"
ap-sniffer-chan: "76"
ap-sniffer-ctl: "enable"
ap-sniffer-data: "enable"
ap-sniffer-mgmt-beacon: "enable"
ap-sniffer-mgmt-other: "enable"
ap-sniffer-mgmt-probe: "enable"
auto-power-high: "82"
auto-power-level: "enable"
auto-power-low: "84"
band: "802.11a"
bandwidth-admission-control: "enable"
bandwidth-capacity: "87"
beacon-interval: "88"
call-admission-control: "enable"
call-capacity: "90"
channel:
-
chan: "<your_own_value>"
channel-bonding: "80MHz"
channel-utilization: "enable"
coexistence: "enable"
darrp: "enable"
dtim: "97"
frag-threshold: "98"
frequency-handoff: "enable"
max-clients: "100"
max-distance: "101"
mode: "disabled"
power-level: "103"
powersave-optimize: "tim"
protection-mode: "rtscts"
radio-id: "106"
rts-threshold: "107"
short-guard-interval: "enable"
spectrum-analysis: "enable"
transmit-optimize: "disable"
vap-all: "enable"
vaps:
-
name: "default_name_113 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
wids-profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
radio-2:
amsdu: "enable"
ap-handoff: "enable"
ap-sniffer-addr: "<your_own_value>"
ap-sniffer-bufsize: "119"
ap-sniffer-chan: "120"
ap-sniffer-ctl: "enable"
ap-sniffer-data: "enable"
ap-sniffer-mgmt-beacon: "enable"
ap-sniffer-mgmt-other: "enable"
ap-sniffer-mgmt-probe: "enable"
auto-power-high: "126"
auto-power-level: "enable"
auto-power-low: "128"
band: "802.11a"
bandwidth-admission-control: "enable"
bandwidth-capacity: "131"
beacon-interval: "132"
call-admission-control: "enable"
call-capacity: "134"
channel:
-
chan: "<your_own_value>"
channel-bonding: "80MHz"
channel-utilization: "enable"
coexistence: "enable"
darrp: "enable"
dtim: "141"
frag-threshold: "142"
frequency-handoff: "enable"
max-clients: "144"
max-distance: "145"
mode: "disabled"
power-level: "147"
powersave-optimize: "tim"
protection-mode: "rtscts"
radio-id: "150"
rts-threshold: "151"
short-guard-interval: "enable"
spectrum-analysis: "enable"
transmit-optimize: "disable"
vap-all: "enable"
vaps:
-
name: "default_name_157 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
wids-profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
split-tunneling-acl:
-
dest-ip: "<your_own_value>"
id: "161"
split-tunneling-acl-local-ap-subnet: "enable"
split-tunneling-acl-path: "tunnel"
tun-mtu-downlink: "164"
tun-mtu-uplink: "165"
wan-port-mode: "wan-lan"
host:
description:
- FortiOS or FortiGate ip address.
required: true
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
https:
default: true
description:
- Indicates if the requests towards FortiGate must use HTTPS protocol
type: bool
password:
default: ''
description:
- FortiOS or FortiGate password.
username:
description:
- FortiOS or FortiGate username.
required: true
wireless_controller_wtp_profile:
default: null
description:
- Configure WTP profiles or FortiAP profiles that define radio settings for manageable
FortiAP platforms.
suboptions:
allowaccess:
choices:
- telnet
- http
- https
- ssh
description:
- Control management access to the managed WTP, FortiAP, or AP. Separate entries
with a space.
ap-country:
choices:
- NA
- AL
- DZ
- AO
- AR
- AM
- AU
- AT
- AZ
- BH
- BD
- BB
- BY
- BE
- BZ
- BO
- BA
- BR
- BN
- BG
- KH
- CL
- CN
- CO
- CR
- HR
- CY
- CZ
- DK
- DO
- EC
- EG
- SV
- EE
- FI
- FR
- GE
- DE
- GR
- GL
- GD
- GU
- GT
- HT
- HN
- HK
- HU
- IS
- IN
- ID
- IR
- IE
- IL
- IT
- JM
- JO
- KZ
- KE
- KP
- KR
- KW
- LV
- LB
- LI
- LT
- LU
- MO
- MK
- MY
- MT
- MX
- MC
- MA
- MZ
- MM
- NP
- NL
- AN
- AW
- NZ
- false
- OM
- PK
- PA
- PG
- PY
- PE
- PH
- PL
- PT
- PR
- QA
- RO
- RU
- RW
- SA
- RS
- ME
- SG
- SK
- SI
- ZA
- ES
- LK
- SE
- SD
- CH
- SY
- TW
- TZ
- TH
- TT
- TN
- TR
- AE
- UA
- GB
- US
- PS
- UY
- UZ
- VE
- VN
- YE
- ZB
- ZW
- JP
- CA
description:
- Country in which this WTP, FortiAP or AP will operate (default = US).
ble-profile:
description:
- Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name.
comment:
description:
- Comment.
control-message-offload:
choices:
- ebp-frame
- aeroscout-tag
- ap-list
- sta-list
- sta-cap-list
- stats
- aeroscout-mu
description:
- Enable/disable CAPWAP control message data channel offload.
deny-mac-list:
description:
- List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
suboptions:
id:
description:
- ID.
required: true
mac:
description:
- A WiFi device with this MAC address is denied access to this WTP, FortiAP
or AP.
dtls-in-kernel:
choices:
- enable
- disable
description:
- Enable/disable data channel DTLS in kernel.
dtls-policy:
choices:
- clear-text
- dtls-enabled
- ipsec-vpn
description:
- WTP data channel DTLS policy (default = clear-text).
energy-efficient-ethernet:
choices:
- enable
- disable
description:
- Enable/disable use of energy efficient Ethernet on WTP.
ext-info-enable:
choices:
- enable
- disable
description:
- Enable/disable station/VAP/radio extension information.
handoff-roaming:
choices:
- enable
- disable
description:
- Enable/disable client load balancing during roaming to avoid roaming delay (default
= disable).
handoff-rssi:
description:
- Minimum received signal strength indicator (RSSI) value for handoff (20 - 30,
default = 25).
handoff-sta-thresh:
description:
- Threshold value for AP handoff (5 - 35, default = 30).
ip-fragment-preventing:
choices:
- tcp-mss-adjust
- icmp-unreachable
description:
- Select how to prevent IP fragmentation for CAPWAP tunneled control and data
packets (default = tcp-mss-adjust).
lan:
description:
- WTP LAN port mapping.
suboptions:
port-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port mode.
port-ssid:
description:
- Bridge LAN port to SSID. Source wireless-controller.vap.name.
port1-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 1 mode.
port1-ssid:
description:
- Bridge LAN port 1 to SSID. Source wireless-controller.vap.name.
port2-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 2 mode.
port2-ssid:
description:
- Bridge LAN port 2 to SSID. Source wireless-controller.vap.name.
port3-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 3 mode.
port3-ssid:
description:
- Bridge LAN port 3 to SSID. Source wireless-controller.vap.name.
port4-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 4 mode.
port4-ssid:
description:
- Bridge LAN port 4 to SSID. Source wireless-controller.vap.name.
port5-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 5 mode.
port5-ssid:
description:
- Bridge LAN port 5 to SSID. Source wireless-controller.vap.name.
port6-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 6 mode.
port6-ssid:
description:
- Bridge LAN port 6 to SSID. Source wireless-controller.vap.name.
port7-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 7 mode.
port7-ssid:
description:
- Bridge LAN port 7 to SSID. Source wireless-controller.vap.name.
port8-mode:
choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
description:
- LAN port 8 mode.
port8-ssid:
description:
- Bridge LAN port 8 to SSID. Source wireless-controller.vap.name.
lbs:
description:
- Set various location based service (LBS) options.
suboptions:
aeroscout:
choices:
- enable
- disable
description:
- Enable/disable AeroScout Real Time Location Service (RTLS) support.
aeroscout-ap-mac:
choices:
- bssid
- board-mac
description:
- Use BSSID or board MAC address as AP MAC address in the Aeroscout AP message.
aeroscout-mmu-report:
choices:
- enable
- disable
description:
- Enable/disable MU compounded report.
aeroscout-mu:
choices:
- enable
- disable
description:
- Enable/disable AeroScout support.
aeroscout-mu-factor:
description:
- AeroScout Mobile Unit (MU) mode dilution factor (default = 20).
aeroscout-mu-timeout:
description:
- AeroScout MU mode timeout (0 - 65535 sec, default = 5).
aeroscout-server-ip:
description:
- IP address of AeroScout server.
aeroscout-server-port:
description:
- AeroScout server UDP listening port.
ekahau-blink-mode:
choices:
- enable
- disable
description:
- Enable/disable Ekahua blink mode (also called AiRISTA Flow Blink Mode) to
find the location of devices connected to a wireless LAN (default = disable).
ekahau-tag:
description:
- WiFi frame MAC address or WiFi Tag.
erc-server-ip:
description:
- IP address of Ekahua RTLS Controller (ERC).
erc-server-port:
description:
- Ekahua RTLS Controller (ERC) UDP listening port.
fortipresence:
choices:
- foreign
- both
- disable
description:
- Enable/disable FortiPresence to monitor the location and activity of WiFi
clients even if they don't connect to this WiFi network (default = disable).
fortipresence-frequency:
description:
- FortiPresence report transmit frequency (5 - 65535 sec, default = 30).
fortipresence-port:
description:
- FortiPresence server UDP listening port (default = 3000).
fortipresence-project:
description:
- FortiPresence project name (max. 16 characters, default = fortipresence).
fortipresence-rogue:
choices:
- enable
- disable
description:
- Enable/disable FortiPresence finding and reporting rogue APs.
fortipresence-secret:
description:
- FortiPresence secret password (max. 16 characters).
fortipresence-server:
description:
- FortiPresence server IP address.
fortipresence-unassoc:
choices:
- enable
- disable
description:
- Enable/disable FortiPresence finding and reporting unassociated stations.
station-locate:
choices:
- enable
- disable
description:
- Enable/disable client station locating services for all clients, whether
associated or not (default = disable).
led-schedules:
description:
- Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state
is enabled, LEDs will be visible when at least one of the schedules is valid.
Separate multiple schedule names with a space.
suboptions:
name:
description:
- LED schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name.
required: true
led-state:
choices:
- enable
- disable
description:
- Enable/disable use of LEDs on WTP (default = disable).
lldp:
choices:
- enable
- disable
description:
- Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or
AP (default = disable).
login-passwd:
description:
- Set the managed WTP, FortiAP, or AP's administrator password.
login-passwd-change:
choices:
- true
- default
- false
description:
- Change or reset the administrator password of a managed WTP, FortiAP or AP (yes,
default, or no, default = no).
max-clients:
description:
- Maximum number of stations (STAs) supported by the WTP (default = 0, meaning
no client limitation).
name:
description:
- WTP (or FortiAP or AP) profile name.
required: true
platform:
description:
- WTP, FortiAP, or AP platform.
suboptions:
type:
choices:
- AP-11N
- 220B
- 210B
- 222B
- 112B
- 320B
- 11C
- 14C
- 223B
- 28C
- 320C
- 221C
- 25D
- 222C
- 224D
- 214B
- 21D
- 24D
- 112D
- 223C
- 321C
- C220C
- C225C
- C23JD
- C24JE
- S321C
- S322C
- S323C
- S311C
- S313C
- S321CR
- S322CR
- S323CR
- S421E
- S422E
- S423E
- 421E
- 423E
- 221E
- 222E
- 223E
- 224E
- S221E
- S223E
- U421E
- U422EV
- U423E
- U221EV
- U223EV
- U24JEV
- U321EV
- U323EV
description:
- WTP, FortiAP or AP platform type. There are built-in WTP profiles for all
supported FortiAP models. You can select a built-in profile and customize
it or create a new profile.
poe-mode:
choices:
- auto
- 8023af
- 8023at
- power-adapter
description:
- Set the WTP, FortiAP, or AP's PoE mode.
radio-1:
description:
- Configuration options for radio 1.
suboptions:
amsdu:
choices:
- enable
- disable
description:
- Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported
by your WiFi clients (default = enable).
ap-handoff:
choices:
- enable
- disable
description:
- Enable/disable AP handoff of clients to other APs (default = disable).
ap-sniffer-addr:
description:
- MAC address to monitor.
ap-sniffer-bufsize:
description:
- Sniffer buffer size (1 - 32 MB, default = 16).
ap-sniffer-chan:
description:
- Channel on which to operate the sniffer (default = 6).
ap-sniffer-ctl:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi control frame (default = enable).
ap-sniffer-data:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi data frame (default = enable).
ap-sniffer-mgmt-beacon:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi management Beacon frames (default = enable).
ap-sniffer-mgmt-other:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi management other frames (default = enable).
ap-sniffer-mgmt-probe:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi management probe frames (default = enable).
auto-power-high:
description:
- Automatic transmit power high limit in dBm (the actual range of transmit
power depends on the AP platform type).
auto-power-level:
choices:
- enable
- disable
description:
- Enable/disable automatic power-level adjustment to prevent co-channel interference
(default = disable).
auto-power-low:
description:
- Automatic transmission power low limit in dBm (the actual range of transmit
power depends on the AP platform type).
band:
choices:
- 802.11a
- 802.11b
- 802.11g
- 802.11n
- 802.11n-5G
- 802.11ac
- 802.11n,g-only
- 802.11g-only
- 802.11n-only
- 802.11n-5G-only
- 802.11ac,n-only
- 802.11ac-only
description:
- WiFi band that Radio 1 operates on.
bandwidth-admission-control:
choices:
- enable
- disable
description:
- Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize
WiFi bandwidth use. A request to join the wireless network is only allowed
if the access point has enough bandwidth to support it.
bandwidth-capacity:
description:
- Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).
beacon-interval:
description:
- Beacon interval. The time between beacon frames in msec (the actual range
of beacon interval depends on the AP platform type, default = 100).
call-admission-control:
choices:
- enable
- disable
description:
- Enable/disable WiFi multimedia (WMM) call admission control to optimize
WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there
is enough bandwidth available to support them.
call-capacity:
description:
- Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio
(0 - 60, default = 10).
channel:
description:
- Selected list of wireless radio channels.
suboptions:
chan:
description:
- Channel number.
required: true
channel-bonding:
choices:
- 80MHz
- 40MHz
- 20MHz
description:
- 'Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by
enabling coexistence.'
channel-utilization:
choices:
- enable
- disable
description:
- Enable/disable measuring channel utilization.
coexistence:
choices:
- enable
- disable
description:
- Enable/disable allowing both HT20 and HT40 on the same radio (default =
enable).
darrp:
choices:
- enable
- disable
description:
- Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP)
to make sure the radio is always using the most optimal channel (default
= disable).
dtim:
description:
- DTIM interval. The frequency to transmit Delivery Traffic Indication Message
(or Map) (DTIM) messages (1 - 255, default = 1). Set higher to save client
battery life.
frag-threshold:
description:
- Maximum packet size that can be sent without fragmentation (800 - 2346 bytes,
default = 2346).
frequency-handoff:
choices:
- enable
- disable
description:
- Enable/disable frequency handoff of clients to other channels (default =
disable).
max-clients:
description:
- Maximum number of stations (STAs) or WiFi clients supported by the radio.
Range depends on the hardware.
max-distance:
description:
- Maximum expected distance between the AP and clients (0 - 54000 m, default
= 0).
mode:
choices:
- disabled
- ap
- monitor
- sniffer
description:
- Mode of radio 1. Radio 1 can be disabled, configured as an access point,
a rogue AP monitor, or a sniffer.
power-level:
description:
- Radio power level as a percentage of the maximum transmit power (0 - 100,
default = 100).
powersave-optimize:
choices:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
description:
- Enable client power-saving features such as TIM, AC VO, and OBSS etc.
protection-mode:
choices:
- rtscts
- ctsonly
- disable
description:
- Enable/disable 802.11g protection modes to support backwards compatibility
with older clients (rtscts, ctsonly, disable).
radio-id:
description:
- radio-id
rts-threshold:
description:
- Maximum packet size for RTS transmissions, specifying the maximum size of
a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).
short-guard-interval:
choices:
- enable
- disable
description:
- Use either the short guard interval (Short GI) of 400 ns or the long guard
interval (Long GI) of 800 ns.
spectrum-analysis:
choices:
- enable
- disable
description:
- Enable/disable spectrum analysis to find interference that would negatively
impact wireless performance.
transmit-optimize:
choices:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
description:
- Packet transmission optimization options including power saving, aggregation
limiting, retry limiting, etc. All are enabled by default.
vap-all:
choices:
- enable
- disable
description:
- Enable/disable the automatic inheritance of all Virtual Access Points (VAPs)
(default = enable).
vaps:
description:
- Manually selected list of Virtual Access Points (VAPs).
suboptions:
name:
description:
- Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name
wireless-controller.vap.name.
required: true
wids-profile:
description:
- Wireless Intrusion Detection System (WIDS) profile name to assign to the
radio. Source wireless-controller.wids-profile.name.
radio-2:
description:
- Configuration options for radio 2.
suboptions:
amsdu:
choices:
- enable
- disable
description:
- Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported
by your WiFi clients (default = enable).
ap-handoff:
choices:
- enable
- disable
description:
- Enable/disable AP handoff of clients to other APs (default = disable).
ap-sniffer-addr:
description:
- MAC address to monitor.
ap-sniffer-bufsize:
description:
- Sniffer buffer size (1 - 32 MB, default = 16).
ap-sniffer-chan:
description:
- Channel on which to operate the sniffer (default = 6).
ap-sniffer-ctl:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi control frame (default = enable).
ap-sniffer-data:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi data frame (default = enable).
ap-sniffer-mgmt-beacon:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi management Beacon frames (default = enable).
ap-sniffer-mgmt-other:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi management other frames (default = enable).
ap-sniffer-mgmt-probe:
choices:
- enable
- disable
description:
- Enable/disable sniffer on WiFi management probe frames (default = enable).
auto-power-high:
description:
- Automatic transmit power high limit in dBm (the actual range of transmit
power depends on the AP platform type).
auto-power-level:
choices:
- enable
- disable
description:
- Enable/disable automatic power-level adjustment to prevent co-channel interference
(default = disable).
auto-power-low:
description:
- Automatic transmission power low limit in dBm (the actual range of transmit
power depends on the AP platform type).
band:
choices:
- 802.11a
- 802.11b
- 802.11g
- 802.11n
- 802.11n-5G
- 802.11ac
- 802.11n,g-only
- 802.11g-only
- 802.11n-only
- 802.11n-5G-only
- 802.11ac,n-only
- 802.11ac-only
description:
- WiFi band that Radio 2 operates on.
bandwidth-admission-control:
choices:
- enable
- disable
description:
- Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize
WiFi bandwidth use. A request to join the wireless network is only allowed
if the access point has enough bandwidth to support it.
bandwidth-capacity:
description:
- Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).
beacon-interval:
description:
- Beacon interval. The time between beacon frames in msec (the actual range
of beacon interval depends on the AP platform type, default = 100).
call-admission-control:
choices:
- enable
- disable
description:
- Enable/disable WiFi multimedia (WMM) call admission control to optimize
WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there
is enough bandwidth available to support them.
call-capacity:
description:
- Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio
(0 - 60, default = 10).
channel:
description:
- Selected list of wireless radio channels.
suboptions:
chan:
description:
- Channel number.
required: true
channel-bonding:
choices:
- 80MHz
- 40MHz
- 20MHz
description:
- 'Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by
enabling coexistence.'
channel-utilization:
choices:
- enable
- disable
description:
- Enable/disable measuring channel utilization.
coexistence:
choices:
- enable
- disable
description:
- Enable/disable allowing both HT20 and HT40 on the same radio (default =
enable).
darrp:
choices:
- enable
- disable
description:
- Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP)
to make sure the radio is always using the most optimal channel (default
= disable).
dtim:
description:
- DTIM interval. The frequency to transmit Delivery Traffic Indication Message
(or Map) (DTIM) messages (1 - 255, default = 1). Set higher to save client
battery life.
frag-threshold:
description:
- Maximum packet size that can be sent without fragmentation (800 - 2346 bytes,
default = 2346).
frequency-handoff:
choices:
- enable
- disable
description:
- Enable/disable frequency handoff of clients to other channels (default =
disable).
max-clients:
description:
- Maximum number of stations (STAs) or WiFi clients supported by the radio.
Range depends on the hardware.
max-distance:
description:
- Maximum expected distance between the AP and clients (0 - 54000 m, default
= 0).
mode:
choices:
- disabled
- ap
- monitor
- sniffer
description:
- Mode of radio 2. Radio 2 can be disabled, configured as an access point,
a rogue AP monitor, or a sniffer.
power-level:
description:
- Radio power level as a percentage of the maximum transmit power (0 - 100,
default = 100).
powersave-optimize:
choices:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
description:
- Enable client power-saving features such as TIM, AC VO, and OBSS etc.
protection-mode:
choices:
- rtscts
- ctsonly
- disable
description:
- Enable/disable 802.11g protection modes to support backwards compatibility
with older clients (rtscts, ctsonly, disable).
radio-id:
description:
- radio-id
rts-threshold:
description:
- Maximum packet size for RTS transmissions, specifying the maximum size of
a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).
short-guard-interval:
choices:
- enable
- disable
description:
- Use either the short guard interval (Short GI) of 400 ns or the long guard
interval (Long GI) of 800 ns.
spectrum-analysis:
choices:
- enable
- disable
description:
- Enable/disable spectrum analysis to find interference that would negatively
impact wireless performance.
transmit-optimize:
choices:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
description:
- Packet transmission optimization options including power saving, aggregation
limiting, retry limiting, etc. All are enabled by default.
vap-all:
choices:
- enable
- disable
description:
- Enable/disable the automatic inheritance of all Virtual Access Points (VAPs)
(default = enable).
vaps:
description:
- Manually selected list of Virtual Access Points (VAPs).
suboptions:
name:
description:
- Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name
wireless-controller.vap.name.
required: true
wids-profile:
description:
- Wireless Intrusion Detection System (WIDS) profile name to assign to the
radio. Source wireless-controller.wids-profile.name.
split-tunneling-acl:
description:
- Split tunneling ACL filter list.
suboptions:
dest-ip:
description:
- Destination IP and mask for the split-tunneling subnet.
id:
description:
- ID.
required: true
split-tunneling-acl-local-ap-subnet:
choices:
- enable
- disable
description:
- Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling
ACL (default = disable).
split-tunneling-acl-path:
choices:
- tunnel
- local
description:
- Split tunneling ACL path is local/tunnel.
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object
tun-mtu-downlink:
description:
- Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes, default = 0).
tun-mtu-uplink:
description:
- Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes, default = 0).
wan-port-mode:
choices:
- wan-lan
- wan-only
description:
- Enable/disable using a WAN port as a LAN port.
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str