Try Spotterno description
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: no description
fmgr_fsp_vlan:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
fsp_vlan:
_dhcp-status: <value in [disable, enable]>
auth: <value in [radius, usergroup]>
color: <value of integer>
comments: <value of string>
dynamic_mapping:
-
_dhcp-status: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
relay-agent: <value of string>
shared-subnet: <value in [disable, enable]>
interface:
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
ip: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
delegated-prefix-iaid: <value of integer>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
ip6-delegated-prefix-iaid: <value of integer>
dhcp6-relay-source-interface: <value in [disable, enable]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
secip-relay-ip: <value of string>
vlanid: <value of integer>
dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
vrrp:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
ignore-default-route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <value of integer>
proxy-arp:
-
id: <value of integer>
ip: <value of string>
start-time: <value of integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <value of string>
vrdst-priority: <value of integer>
vrgrp: <value of integer>
vrid: <value of integer>
vrip: <value of string>
name: <value of string>
portal-message-override-group: <value of string>
radius-server: <value of string>
security: <value in [open, captive-portal, 8021x]>
selected-usergroups: <value of string>
usergroup: <value of string>
vdom: <value of string>
vlanid: <value of integer>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
relay-agent: <value of string>
shared-subnet: <value in [disable, enable]>
interface:
ac-name: <value of string>
aggregate: <value of string>
algorithm: <value in [L2, L3, L4, ...]>
alias: <value of string>
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
ap-discover: <value in [disable, enable]>
arpforward: <value in [disable, enable]>
atm-protocol: <value in [none, ipoa]>
auth-type: <value in [auto, pap, chap, ...]>
auto-auth-extension-device: <value in [disable, enable]>
bandwidth-measure-time: <value of integer>
bfd: <value in [global, enable, disable]>
bfd-desired-min-tx: <value of integer>
bfd-detect-mult: <value of integer>
bfd-required-min-rx: <value of integer>
broadcast-forticlient-discovery: <value in [disable, enable]>
broadcast-forward: <value in [disable, enable]>
captive-portal: <value of integer>
cli-conn-status: <value of integer>
color: <value of integer>
ddns: <value in [disable, enable]>
ddns-auth: <value in [disable, tsig]>
ddns-domain: <value of string>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-password: <value of string>
ddns-server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
ddns-server-ip: <value of string>
ddns-sn: <value of string>
ddns-ttl: <value of integer>
ddns-username: <value of string>
ddns-zone: <value of string>
dedicated-to: <value in [none, management]>
defaultgw: <value in [disable, enable]>
description: <value of string>
detected-peer-mtu: <value of integer>
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
device-access-list: <value of string>
device-identification: <value in [disable, enable]>
device-identification-active-scan: <value in [disable, enable]>
device-netscan: <value in [disable, enable]>
device-user-identification: <value in [disable, enable]>
devindex: <value of integer>
dhcp-client-identifier: <value of string>
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-interface: <value of string>
dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
dhcp-renew-time: <value of integer>
disc-retry-timeout: <value of integer>
disconnect-threshold: <value of integer>
distance: <value of integer>
dns-query: <value in [disable, recursive, non-recursive]>
dns-server-override: <value in [disable, enable]>
drop-fragment: <value in [disable, enable]>
drop-overlapped-fragment: <value in [disable, enable]>
egress-cos: <value in [disable, cos0, cos1, ...]>
egress-shaping-profile: <value of string>
eip: <value of string>
endpoint-compliance: <value in [disable, enable]>
estimated-downstream-bandwidth: <value of integer>
estimated-upstream-bandwidth: <value of integer>
explicit-ftp-proxy: <value in [disable, enable]>
explicit-web-proxy: <value in [disable, enable]>
external: <value in [disable, enable]>
fail-action-on-extender: <value in [soft-restart, hard-restart, reboot]>
fail-alert-interfaces: <value of string>
fail-alert-method: <value in [link-failed-signal, link-down]>
fail-detect: <value in [disable, enable]>
fail-detect-option:
- detectserver
- link-down
fdp: <value in [disable, enable]>
fortiheartbeat: <value in [disable, enable]>
fortilink: <value in [disable, enable]>
fortilink-backup-link: <value of integer>
fortilink-neighbor-detect: <value in [lldp, fortilink]>
fortilink-split-interface: <value in [disable, enable]>
fortilink-stacking: <value in [disable, enable]>
forward-domain: <value of integer>
forward-error-correction: <value in [disable, enable, rs-fec, ...]>
fp-anomaly:
- drop_tcp_fin_noack
- pass_winnuke
- pass_tcpland
- pass_udpland
- pass_icmpland
- pass_ipland
- pass_iprr
- pass_ipssrr
- pass_iplsrr
- pass_ipstream
- pass_ipsecurity
- pass_iptimestamp
- pass_ipunknown_option
- pass_ipunknown_prot
- pass_icmp_frag
- pass_tcp_no_flag
- pass_tcp_fin_noack
- drop_winnuke
- drop_tcpland
- drop_udpland
- drop_icmpland
- drop_ipland
- drop_iprr
- drop_ipssrr
- drop_iplsrr
- drop_ipstream
- drop_ipsecurity
- drop_iptimestamp
- drop_ipunknown_option
- drop_ipunknown_prot
- drop_icmp_frag
- drop_tcp_no_flag
fp-disable:
- all
- ipsec
- none
gateway-address: <value of string>
gi-gk: <value in [disable, enable]>
gwaddr: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
icmp-accept-redirect: <value in [disable, enable]>
icmp-redirect: <value in [disable, enable]>
icmp-send-redirect: <value in [disable, enable]>
ident-accept: <value in [disable, enable]>
idle-timeout: <value of integer>
if-mdix: <value in [auto, normal, crossover]>
if-media: <value in [auto, copper, fiber]>
in-force-vlan-cos: <value of integer>
inbandwidth: <value of integer>
ingress-cos: <value in [disable, cos0, cos1, ...]>
ingress-shaping-profile: <value of string>
ingress-spillover-threshold: <value of integer>
internal: <value of integer>
ip: <value of string>
ip-managed-by-fortiipam: <value in [disable, enable, inherit-global]>
ipmac: <value in [disable, enable]>
ips-sniffer-mode: <value in [disable, enable]>
ipunnumbered: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
delegated-prefix-iaid: <value of integer>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
ip6-delegated-prefix-iaid: <value of integer>
dhcp6-relay-source-interface: <value in [disable, enable]>
l2forward: <value in [disable, enable]>
l2tp-client: <value in [disable, enable]>
lacp-ha-slave: <value in [disable, enable]>
lacp-mode: <value in [static, passive, active]>
lacp-speed: <value in [slow, fast]>
lcp-echo-interval: <value of integer>
lcp-max-echo-fails: <value of integer>
link-up-delay: <value of integer>
listen-forticlient-connection: <value in [disable, enable]>
lldp-network-policy: <value of string>
lldp-reception: <value in [disable, enable, vdom]>
lldp-transmission: <value in [enable, disable, vdom]>
log: <value in [disable, enable]>
macaddr: <value of string>
managed-subnetwork-size: <value in [256, 512, 1024, ...]>
management-ip: <value of string>
max-egress-burst-rate: <value of integer>
max-egress-rate: <value of integer>
measured-downstream-bandwidth: <value of integer>
measured-upstream-bandwidth: <value of integer>
mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
member: <value of string>
min-links: <value of integer>
min-links-down: <value in [operational, administrative]>
mode: <value in [static, dhcp, pppoe, ...]>
monitor-bandwidth: <value in [disable, enable]>
mtu: <value of integer>
mtu-override: <value in [disable, enable]>
mux-type: <value in [llc-encaps, vc-encaps]>
name: <value of string>
ndiscforward: <value in [disable, enable]>
netbios-forward: <value in [disable, enable]>
netflow-sampler: <value in [disable, tx, rx, ...]>
np-qos-profile: <value of integer>
npu-fastpath: <value in [disable, enable]>
nst: <value in [disable, enable]>
out-force-vlan-cos: <value of integer>
outbandwidth: <value of integer>
padt-retry-timeout: <value of integer>
password: <value of string>
peer-interface: <value of string>
phy-mode: <value in [auto, adsl, vdsl, ...]>
ping-serv-status: <value of integer>
poe: <value in [disable, enable]>
polling-interval: <value of integer>
pppoe-unnumbered-negotiate: <value in [disable, enable]>
pptp-auth-type: <value in [auto, pap, chap, ...]>
pptp-client: <value in [disable, enable]>
pptp-password: <value of string>
pptp-server-ip: <value of string>
pptp-timeout: <value of integer>
pptp-user: <value of string>
preserve-session-route: <value in [disable, enable]>
priority: <value of integer>
priority-override: <value in [disable, enable]>
proxy-captive-portal: <value in [disable, enable]>
redundant-interface: <value of string>
remote-ip: <value of string>
replacemsg-override-group: <value of string>
retransmission: <value in [disable, enable]>
ring-rx: <value of integer>
ring-tx: <value of integer>
role: <value in [lan, wan, dmz, ...]>
sample-direction: <value in [rx, tx, both]>
sample-rate: <value of integer>
scan-botnet-connections: <value in [disable, block, monitor]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
secip-relay-ip: <value of string>
security-8021x-dynamic-vlan-id: <value of integer>
security-8021x-master: <value of string>
security-8021x-mode: <value in [default, dynamic-vlan, fallback, ...]>
security-exempt-list: <value of string>
security-external-logout: <value of string>
security-external-web: <value of string>
security-groups: <value of string>
security-mac-auth-bypass: <value in [disable, enable, mac-auth-only]>
security-mode: <value in [none, captive-portal, 802.1X]>
security-redirect-url: <value of string>
service-name: <value of string>
sflow-sampler: <value in [disable, enable]>
speed: <value in [auto, 10full, 10half, ...]>
spillover-threshold: <value of integer>
src-check: <value in [disable, enable]>
status: <value in [down, up]>
stp: <value in [disable, enable]>
stp-ha-slave: <value in [disable, enable, priority-adjust]>
stpforward: <value in [disable, enable]>
stpforward-mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
strip-priority-vlan-tag: <value in [disable, enable]>
subst: <value in [disable, enable]>
substitute-dst-mac: <value of string>
swc-first-create: <value of integer>
swc-vlan: <value of integer>
switch: <value of string>
switch-controller-access-vlan: <value in [disable, enable]>
switch-controller-arp-inspection: <value in [disable, enable]>
switch-controller-auth: <value in [radius, usergroup]>
switch-controller-dhcp-snooping: <value in [disable, enable]>
switch-controller-dhcp-snooping-option82: <value in [disable, enable]>
switch-controller-dhcp-snooping-verify-mac: <value in [disable, enable]>
switch-controller-feature: <value in [none, default-vlan, quarantine, ...]>
switch-controller-igmp-snooping: <value in [disable, enable]>
switch-controller-igmp-snooping-fast-leave: <value in [disable, enable]>
switch-controller-igmp-snooping-proxy: <value in [disable, enable]>
switch-controller-iot-scanning: <value in [disable, enable]>
switch-controller-learning-limit: <value of integer>
switch-controller-mgmt-vlan: <value of integer>
switch-controller-nac: <value of string>
switch-controller-radius-server: <value of string>
switch-controller-rspan-mode: <value in [disable, enable]>
switch-controller-source-ip: <value in [outbound, fixed]>
switch-controller-traffic-policy: <value of string>
tc-mode: <value in [ptm, atm]>
tcp-mss: <value of integer>
trunk: <value in [disable, enable]>
trust-ip-1: <value of string>
trust-ip-2: <value of string>
trust-ip-3: <value of string>
trust-ip6-1: <value of string>
trust-ip6-2: <value of string>
trust-ip6-3: <value of string>
type: <value in [physical, vlan, aggregate, ...]>
username: <value of string>
vci: <value of integer>
vectoring: <value in [disable, enable]>
vindex: <value of integer>
vlan-protocol: <value in [8021q, 8021ad]>
vlanforward: <value in [disable, enable]>
vlanid: <value of integer>
vpi: <value of integer>
vrf: <value of integer>
vrrp:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
ignore-default-route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <value of string>
vrdst-priority: <value of integer>
vrgrp: <value of integer>
vrid: <value of integer>
vrip: <value of string>
proxy-arp:
-
id: <value of integer>
ip: <value of string>
vrrp-virtual-mac: <value in [disable, enable]>
wccp: <value in [disable, enable]>
weight: <value of integer>
wifi-5g-threshold: <value of string>
wifi-acl: <value in [deny, allow]>
wifi-ap-band: <value in [any, 5g-preferred, 5g-only]>
wifi-auth: <value in [PSK, RADIUS, radius, ...]>
wifi-auto-connect: <value in [disable, enable]>
wifi-auto-save: <value in [disable, enable]>
wifi-broadcast-ssid: <value in [disable, enable]>
wifi-encrypt: <value in [TKIP, AES]>
wifi-fragment-threshold: <value of integer>
wifi-key: <value of string>
wifi-keyindex: <value of integer>
wifi-mac-filter: <value in [disable, enable]>
wifi-passphrase: <value of string>
wifi-radius-server: <value of string>
wifi-rts-threshold: <value of integer>
wifi-security: <value in [None, WEP64, wep64, ...]>
wifi-ssid: <value of string>
wifi-usergroup: <value of string>
wins-ip: <value of string>
dhcp-relay-request-all-server: <value in [disable, enable]>
stp-ha-secondary: <value in [disable, enable, priority-adjust]>
switch-controller-dynamic: <value of string>
auth-cert: <value of string>
auth-portal-addr: <value of string>
dhcp-classless-route-addition: <value in [disable, enable]>
dhcp-relay-link-selection: <value of string>
dns-server-protocol:
- cleartext
- dot
- doh
eap-ca-cert: <value of string>
eap-identity: <value of string>
eap-method: <value in [tls, peap]>
eap-password: <value of string>
eap-supplicant: <value in [disable, enable]>
eap-user-cert: <value of string>
ike-saml-server: <value of string>
lacp-ha-secondary: <value in [disable, enable]>
pvc-atm-qos: <value in [cbr, rt-vbr, nrt-vbr]>
pvc-chan: <value of integer>
pvc-crc: <value of integer>
pvc-pcr: <value of integer>
pvc-scr: <value of integer>
pvc-vlan-id: <value of integer>
pvc-vlan-rx-id: <value of integer>
pvc-vlan-rx-op: <value in [pass-through, replace, remove]>
pvc-vlan-tx-id: <value of integer>
pvc-vlan-tx-op: <value in [pass-through, replace, remove]>
reachable-time: <value of integer>
select-profile-30a-35b: <value in [30A, 35B]>
sfp-dsl: <value in [disable, enable]>
sfp-dsl-adsl-fallback: <value in [disable, enable]>
sfp-dsl-autodetect: <value in [disable, enable]>
sfp-dsl-mac: <value of string>
sw-algorithm: <value in [l2, l3, eh]>
system-id: <value of string>
system-id-type: <value in [auto, user]>
vlan-id: <value of integer>
vlan-op-mode: <value in [tag, untag, passthrough]>
generic-receive-offload: <value in [disable, enable]>
interconnect-profile: <value in [default, profile1, profile2]>
large-receive-offload: <value in [disable, enable]>
aggregate-type: <value in [physical, vxlan]>
switch-controller-netflow-collect: <value in [disable, enable]>
wifi-dns-server1: <value of string>
wifi-dns-server2: <value of string>
wifi-gateway: <value of string>
default-purdue-level: <value in [1, 2, 3, ...]>
dhcp-broadcast-flag: <value in [disable, enable]>
dhcp-smart-relay: <value in [disable, enable]>
switch-controller-offloading: <value in [disable, enable]>
switch-controller-offloading-gw: <value in [disable, enable]>
switch-controller-offloading-ip: <value of string>
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
fsp_vlan:
description: the top level parameters set
required: false
suboptions:
_dhcp-status:
choices:
- disable
- enable
description: _Dhcp-Status.
type: str
auth:
choices:
- radius
- usergroup
description: no description
type: str
color:
description: Color.
type: int
comments:
description: no description
type: str
dhcp-server:
description: no description
required: false
suboptions:
auto-configuration:
choices:
- disable
- enable
description: Enable/disable auto configuration.
type: str
auto-managed-status:
choices:
- disable
- enable
description: Enable/disable use of this DHCP server once this interface has
been assigned an IP address from FortiIPAM.
type: str
conflicted-ip-timeout:
description: Time in seconds to wait after a conflicted IP address is removed
from the DHCP range before it can be reused.
type: int
ddns-auth:
choices:
- disable
- tsig
description: DDNS authentication mode.
type: str
ddns-key:
description: DDNS update key
type: str
ddns-keyname:
description: DDNS update key name.
type: str
ddns-server-ip:
description: DDNS server IP.
type: str
ddns-ttl:
description: TTL.
type: int
ddns-update:
choices:
- disable
- enable
description: Enable/disable DDNS update for DHCP.
type: str
ddns-update-override:
choices:
- disable
- enable
description: Enable/disable DDNS update override for DHCP.
type: str
ddns-zone:
description: Zone of your domain name
type: str
default-gateway:
description: Default gateway IP address assigned by the DHCP server.
type: str
dhcp-settings-from-fortiipam:
choices:
- disable
- enable
description: Enable/disable populating of DHCP server settings from FortiIPAM.
type: str
dns-server1:
description: DNS server 1.
type: str
dns-server2:
description: DNS server 2.
type: str
dns-server3:
description: DNS server 3.
type: str
dns-server4:
description: DNS server 4.
type: str
dns-service:
choices:
- default
- specify
- local
description: Options for assigning DNS servers to DHCP clients.
type: str
domain:
description: Domain name suffix for the IP addresses that the DHCP server
assigns to clients.
type: str
enable:
choices:
- disable
- enable
description: Enable.
type: str
exclude-range:
description: Exclude-Range.
elements: dict
suboptions:
end-ip:
description: End of IP range.
type: str
id:
description: ID.
type: int
lease-time:
description: Lease time in seconds, 0 means default lease time.
type: int
start-ip:
description: Start of IP range.
type: str
uci-match:
choices:
- disable
- enable
description: Enable/disable user class identifier
type: str
uci-string:
description: description
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: description
type: str
type: list
filename:
description: Name of the boot file on the TFTP server.
type: str
forticlient-on-net-status:
choices:
- disable
- enable
description: Enable/disable FortiClient-On-Net service for this DHCP server.
type: str
id:
description: ID.
type: int
ip-mode:
choices:
- range
- usrgrp
description: Method used to assign client IP.
type: str
ip-range:
description: Ip-Range.
elements: dict
suboptions:
end-ip:
description: End of IP range.
type: str
id:
description: ID.
type: int
lease-time:
description: Lease time in seconds, 0 means default lease time.
type: int
start-ip:
description: Start of IP range.
type: str
uci-match:
choices:
- disable
- enable
description: Enable/disable user class identifier
type: str
uci-string:
description: description
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: description
type: str
type: list
ipsec-lease-hold:
description: DHCP over IPsec leases expire this many seconds after tunnel
down
type: int
lease-time:
description: Lease time in seconds, 0 means unlimited.
type: int
mac-acl-default-action:
choices:
- assign
- block
description: MAC access control default action
type: str
netmask:
description: Netmask assigned by the DHCP server.
type: str
next-server:
description: IP address of a server
type: str
ntp-server1:
description: NTP server 1.
type: str
ntp-server2:
description: NTP server 2.
type: str
ntp-server3:
description: NTP server 3.
type: str
ntp-service:
choices:
- default
- specify
- local
description: Options for assigning Network Time Protocol
type: str
option1:
description: Option1.
type: str
option2:
description: Option2.
type: str
option3:
description: Option3.
type: str
option4:
description: Option4.
type: str
option5:
description: Option5.
type: str
option6:
description: Option6.
type: str
options:
description: Options.
elements: dict
suboptions:
code:
description: DHCP option code.
type: int
id:
description: ID.
type: int
ip:
description: DHCP option IPs.
type: str
type:
choices:
- hex
- string
- ip
- fqdn
description: DHCP option type.
type: str
uci-match:
choices:
- disable
- enable
description: Enable/disable user class identifier
type: str
uci-string:
description: description
type: str
value:
description: DHCP option value.
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: description
type: str
type: list
relay-agent:
description: Relay agent IP.
type: str
reserved-address:
description: Reserved-Address.
elements: dict
suboptions:
action:
choices:
- assign
- block
- reserved
description: Options for the DHCP server to configure the client with
the reserved MAC address.
type: str
circuit-id:
description: Option 82 circuit-ID of the client that will get the reserved
IP address.
type: str
circuit-id-type:
choices:
- hex
- string
description: DHCP option type.
type: str
description:
description: Description.
type: str
id:
description: ID.
type: int
ip:
description: IP address to be reserved for the MAC address.
type: str
mac:
description: MAC address of the client that will get the reserved IP address.
type: str
remote-id:
description: Option 82 remote-ID of the client that will get the reserved
IP address.
type: str
remote-id-type:
choices:
- hex
- string
description: DHCP option type.
type: str
type:
choices:
- mac
- option82
description: DHCP reserved-address type.
type: str
type: list
server-type:
choices:
- regular
- ipsec
description: DHCP server can be a normal DHCP server or an IPsec DHCP server.
type: str
shared-subnet:
choices:
- disable
- enable
description: Enable/disable shared subnet.
type: str
status:
choices:
- disable
- enable
description: Enable/disable this DHCP configuration.
type: str
tftp-server:
description: One or more hostnames or IP addresses of the TFTP servers in
quotes separated by spaces.
type: str
timezone:
choices:
- '00'
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
- '07'
- 08
- 09
- '10'
- '11'
- '12'
- '13'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '22'
- '23'
- '24'
- '25'
- '26'
- '27'
- '28'
- '29'
- '30'
- '31'
- '32'
- '33'
- '34'
- '35'
- '36'
- '37'
- '38'
- '39'
- '40'
- '41'
- '42'
- '43'
- '44'
- '45'
- '46'
- '47'
- '48'
- '49'
- '50'
- '51'
- '52'
- '53'
- '54'
- '55'
- '56'
- '57'
- '58'
- '59'
- '60'
- '61'
- '62'
- '63'
- '64'
- '65'
- '66'
- '67'
- '68'
- '69'
- '70'
- '71'
- '72'
- '73'
- '74'
- '75'
- '76'
- '77'
- '78'
- '79'
- '80'
- '81'
- '82'
- '83'
- '84'
- '85'
- '86'
- '87'
description: Select the time zone to be assigned to DHCP clients.
type: str
timezone-option:
choices:
- disable
- default
- specify
description: Options for the DHCP server to set the clients time zone.
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: One or more VCI strings in quotes separated by spaces.
type: str
wifi-ac-service:
choices:
- specify
- local
description: Options for assigning WiFi Access Controllers to DHCP clients
type: str
wifi-ac1:
description: WiFi Access Controller 1 IP address
type: str
wifi-ac2:
description: WiFi Access Controller 2 IP address
type: str
wifi-ac3:
description: WiFi Access Controller 3 IP address
type: str
wins-server1:
description: WINS server 1.
type: str
wins-server2:
description: WINS server 2.
type: str
type: dict
dynamic_mapping:
description: Dynamic_Mapping.
elements: dict
suboptions:
_dhcp-status:
choices:
- disable
- enable
description: _Dhcp-Status.
type: str
_scope:
description: _Scope.
elements: dict
suboptions:
name:
description: Name.
type: str
vdom:
description: Vdom.
type: str
type: list
dhcp-server:
description: no description
required: false
suboptions:
auto-configuration:
choices:
- disable
- enable
description: Enable/disable auto configuration.
type: str
auto-managed-status:
choices:
- disable
- enable
description: Enable/disable use of this DHCP server once this interface
has been assigned an IP address from FortiIPAM.
type: str
conflicted-ip-timeout:
description: Time in seconds to wait after a conflicted IP address is
removed from the DHCP range before it can be reused.
type: int
ddns-auth:
choices:
- disable
- tsig
description: DDNS authentication mode.
type: str
ddns-key:
description: DDNS update key
type: str
ddns-keyname:
description: DDNS update key name.
type: str
ddns-server-ip:
description: DDNS server IP.
type: str
ddns-ttl:
description: TTL.
type: int
ddns-update:
choices:
- disable
- enable
description: Enable/disable DDNS update for DHCP.
type: str
ddns-update-override:
choices:
- disable
- enable
description: Enable/disable DDNS update override for DHCP.
type: str
ddns-zone:
description: Zone of your domain name
type: str
default-gateway:
description: Default gateway IP address assigned by the DHCP server.
type: str
dhcp-settings-from-fortiipam:
choices:
- disable
- enable
description: Enable/disable populating of DHCP server settings from FortiIPAM.
type: str
dns-server1:
description: DNS server 1.
type: str
dns-server2:
description: DNS server 2.
type: str
dns-server3:
description: DNS server 3.
type: str
dns-server4:
description: DNS server 4.
type: str
dns-service:
choices:
- default
- specify
- local
description: Options for assigning DNS servers to DHCP clients.
type: str
domain:
description: Domain name suffix for the IP addresses that the DHCP server
assigns to clients.
type: str
enable:
choices:
- disable
- enable
description: Enable.
type: str
exclude-range:
description: Exclude-Range.
elements: dict
suboptions:
end-ip:
description: End of IP range.
type: str
id:
description: ID.
type: int
lease-time:
description: Lease time in seconds, 0 means default lease time.
type: int
start-ip:
description: Start of IP range.
type: str
uci-match:
choices:
- disable
- enable
description: Enable/disable user class identifier
type: str
uci-string:
description: description
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: description
type: str
type: list
filename:
description: Name of the boot file on the TFTP server.
type: str
forticlient-on-net-status:
choices:
- disable
- enable
description: Enable/disable FortiClient-On-Net service for this DHCP server.
type: str
id:
description: ID.
type: int
ip-mode:
choices:
- range
- usrgrp
description: Method used to assign client IP.
type: str
ip-range:
description: Ip-Range.
elements: dict
suboptions:
end-ip:
description: End of IP range.
type: str
id:
description: ID.
type: int
lease-time:
description: Lease time in seconds, 0 means default lease time.
type: int
start-ip:
description: Start of IP range.
type: str
uci-match:
choices:
- disable
- enable
description: Enable/disable user class identifier
type: str
uci-string:
description: description
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: description
type: str
type: list
ipsec-lease-hold:
description: DHCP over IPsec leases expire this many seconds after tunnel
down
type: int
lease-time:
description: Lease time in seconds, 0 means unlimited.
type: int
mac-acl-default-action:
choices:
- assign
- block
description: MAC access control default action
type: str
netmask:
description: Netmask assigned by the DHCP server.
type: str
next-server:
description: IP address of a server
type: str
ntp-server1:
description: NTP server 1.
type: str
ntp-server2:
description: NTP server 2.
type: str
ntp-server3:
description: NTP server 3.
type: str
ntp-service:
choices:
- default
- specify
- local
description: Options for assigning Network Time Protocol
type: str
option1:
description: Option1.
type: str
option2:
description: Option2.
type: str
option3:
description: Option3.
type: str
option4:
description: Option4.
type: str
option5:
description: Option5.
type: str
option6:
description: Option6.
type: str
options:
description: Options.
elements: dict
suboptions:
code:
description: DHCP option code.
type: int
id:
description: ID.
type: int
ip:
description: DHCP option IPs.
type: str
type:
choices:
- hex
- string
- ip
- fqdn
description: DHCP option type.
type: str
uci-match:
choices:
- disable
- enable
description: Enable/disable user class identifier
type: str
uci-string:
description: description
type: str
value:
description: DHCP option value.
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: description
type: str
type: list
relay-agent:
description: Relay agent IP.
type: str
reserved-address:
description: Reserved-Address.
elements: dict
suboptions:
action:
choices:
- assign
- block
- reserved
description: Options for the DHCP server to configure the client with
the reserved MAC address.
type: str
circuit-id:
description: Option 82 circuit-ID of the client that will get the
reserved IP address.
type: str
circuit-id-type:
choices:
- hex
- string
description: DHCP option type.
type: str
description:
description: Description.
type: str
id:
description: ID.
type: int
ip:
description: IP address to be reserved for the MAC address.
type: str
mac:
description: MAC address of the client that will get the reserved
IP address.
type: str
remote-id:
description: Option 82 remote-ID of the client that will get the reserved
IP address.
type: str
remote-id-type:
choices:
- hex
- string
description: DHCP option type.
type: str
type:
choices:
- mac
- option82
description: DHCP reserved-address type.
type: str
type: list
server-type:
choices:
- regular
- ipsec
description: DHCP server can be a normal DHCP server or an IPsec DHCP
server.
type: str
shared-subnet:
choices:
- disable
- enable
description: Enable/disable shared subnet.
type: str
status:
choices:
- disable
- enable
description: Enable/disable this DHCP configuration.
type: str
tftp-server:
description: One or more hostnames or IP addresses of the TFTP servers
in quotes separated by spaces.
type: str
timezone:
choices:
- '00'
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
- '07'
- 08
- 09
- '10'
- '11'
- '12'
- '13'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '22'
- '23'
- '24'
- '25'
- '26'
- '27'
- '28'
- '29'
- '30'
- '31'
- '32'
- '33'
- '34'
- '35'
- '36'
- '37'
- '38'
- '39'
- '40'
- '41'
- '42'
- '43'
- '44'
- '45'
- '46'
- '47'
- '48'
- '49'
- '50'
- '51'
- '52'
- '53'
- '54'
- '55'
- '56'
- '57'
- '58'
- '59'
- '60'
- '61'
- '62'
- '63'
- '64'
- '65'
- '66'
- '67'
- '68'
- '69'
- '70'
- '71'
- '72'
- '73'
- '74'
- '75'
- '76'
- '77'
- '78'
- '79'
- '80'
- '81'
- '82'
- '83'
- '84'
- '85'
- '86'
- '87'
description: Select the time zone to be assigned to DHCP clients.
type: str
timezone-option:
choices:
- disable
- default
- specify
description: Options for the DHCP server to set the clients time zone.
type: str
vci-match:
choices:
- disable
- enable
description: Enable/disable vendor class identifier
type: str
vci-string:
description: One or more VCI strings in quotes separated by spaces.
type: str
wifi-ac-service:
choices:
- specify
- local
description: Options for assigning WiFi Access Controllers to DHCP clients
type: str
wifi-ac1:
description: WiFi Access Controller 1 IP address
type: str
wifi-ac2:
description: WiFi Access Controller 2 IP address
type: str
wifi-ac3:
description: WiFi Access Controller 3 IP address
type: str
wins-server1:
description: WINS server 1.
type: str
wins-server2:
description: WINS server 2.
type: str
type: dict
interface:
description: no description
required: false
suboptions:
dhcp-relay-agent-option:
choices:
- disable
- enable
description: Dhcp-Relay-Agent-Option.
type: str
dhcp-relay-interface-select-method:
choices:
- auto
- sdwan
- specify
description: no description
type: str
dhcp-relay-ip:
description: Dhcp-Relay-Ip.
type: str
dhcp-relay-service:
choices:
- disable
- enable
description: Dhcp-Relay-Service.
type: str
dhcp-relay-type:
choices:
- regular
- ipsec
description: Dhcp-Relay-Type.
type: str
ip:
description: Ip.
type: str
ipv6:
description: no description
required: false
suboptions:
autoconf:
choices:
- disable
- enable
description: Enable/disable address auto config.
type: str
cli-conn6-status:
description: Cli-Conn6-Status.
type: int
dhcp6-client-options:
choices:
- rapid
- iapd
- iana
- dns
- dnsname
description: Dhcp6-Client-Options.
elements: str
type: list
dhcp6-information-request:
choices:
- disable
- enable
description: Enable/disable DHCPv6 information request.
type: str
dhcp6-prefix-delegation:
choices:
- disable
- enable
description: Enable/disable DHCPv6 prefix delegation.
type: str
dhcp6-prefix-hint:
description: DHCPv6 prefix that will be used as a hint to the upstream
DHCPv6 server.
type: str
dhcp6-prefix-hint-plt:
description: DHCPv6 prefix hint preferred life time
type: int
dhcp6-prefix-hint-vlt:
description: DHCPv6 prefix hint valid life time
type: int
dhcp6-relay-ip:
description: DHCPv6 relay IP address.
type: str
dhcp6-relay-service:
choices:
- disable
- enable
description: Enable/disable DHCPv6 relay.
type: str
dhcp6-relay-source-interface:
choices:
- disable
- enable
description: Enable/disable use of address on this interface as the
source address of the relay message.
type: str
dhcp6-relay-type:
choices:
- regular
description: DHCPv6 relay type.
type: str
icmp6-send-redirect:
choices:
- disable
- enable
description: Enable/disable sending of ICMPv6 redirects.
type: str
interface-identifier:
description: IPv6 interface identifier.
type: str
ip6-address:
description: Primary IPv6 address prefix, syntax
type: str
ip6-allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
description: Allow management access to the interface.
elements: str
type: list
ip6-default-life:
description: Default life
type: int
ip6-delegated-prefix-iaid:
description: IAID of obtained delegated-prefix from the upstream interface.
type: int
ip6-delegated-prefix-list:
description: Ip6-Delegated-Prefix-List.
elements: dict
suboptions:
autonomous-flag:
choices:
- disable
- enable
description: Enable/disable the autonomous flag.
type: str
delegated-prefix-iaid:
description: IAID of obtained delegated-prefix from the upstream
interface.
type: int
onlink-flag:
choices:
- disable
- enable
description: Enable/disable the onlink flag.
type: str
prefix-id:
description: Prefix ID.
type: int
rdnss:
description: Recursive DNS server option.
type: str
rdnss-service:
choices:
- delegated
- default
- specify
description: Recursive DNS service option.
type: str
subnet:
description: Add subnet ID to routing prefix.
type: str
upstream-interface:
description: Name of the interface that provides delegated information.
type: str
type: list
ip6-dns-server-override:
choices:
- disable
- enable
description: Enable/disable using the DNS server acquired by DHCP.
type: str
ip6-extra-addr:
description: Ip6-Extra-Addr.
elements: dict
suboptions:
prefix:
description: IPv6 address prefix.
type: str
type: list
ip6-hop-limit:
description: Hop limit
type: int
ip6-link-mtu:
description: IPv6 link MTU.
type: int
ip6-manage-flag:
choices:
- disable
- enable
description: Enable/disable the managed flag.
type: str
ip6-max-interval:
description: IPv6 maximum interval
type: int
ip6-min-interval:
description: IPv6 minimum interval
type: int
ip6-mode:
choices:
- static
- dhcp
- pppoe
- delegated
description: Addressing mode
type: str
ip6-other-flag:
choices:
- disable
- enable
description: Enable/disable the other IPv6 flag.
type: str
ip6-prefix-list:
description: Ip6-Prefix-List.
elements: dict
suboptions:
autonomous-flag:
choices:
- disable
- enable
description: Enable/disable the autonomous flag.
type: str
dnssl:
description: DNS search list option.
type: str
onlink-flag:
choices:
- disable
- enable
description: Enable/disable the onlink flag.
type: str
preferred-life-time:
description: Preferred life time
type: int
prefix:
description: IPv6 prefix.
type: str
rdnss:
description: Recursive DNS server option.
type: str
valid-life-time:
description: Valid life time
type: int
type: list
ip6-prefix-mode:
choices:
- dhcp6
- ra
description: Assigning a prefix from DHCP or RA.
type: str
ip6-reachable-time:
description: IPv6 reachable time
type: int
ip6-retrans-time:
description: IPv6 retransmit time
type: int
ip6-send-adv:
choices:
- disable
- enable
description: Enable/disable sending advertisements about the interface.
type: str
ip6-subnet:
description: Subnet to routing prefix, syntax
type: str
ip6-upstream-interface:
description: Interface name providing delegated information.
type: str
nd-cert:
description: Neighbor discovery certificate.
type: str
nd-cga-modifier:
description: Neighbor discovery CGA modifier.
type: str
nd-mode:
choices:
- basic
- SEND-compatible
description: Neighbor discovery mode.
type: str
nd-security-level:
description: Neighbor discovery security level
type: int
nd-timestamp-delta:
description: Neighbor discovery timestamp delta value
type: int
nd-timestamp-fuzz:
description: Neighbor discovery timestamp fuzz factor
type: int
ra-send-mtu:
choices:
- disable
- enable
description: Enable/disable sending link MTU in RA packet.
type: str
unique-autoconf-addr:
choices:
- disable
- enable
description: Enable/disable unique auto config address.
type: str
vrip6_link_local:
description: Link-local IPv6 address of virtual router.
type: str
vrrp-virtual-mac6:
choices:
- disable
- enable
description: Enable/disable virtual MAC for VRRP.
type: str
vrrp6:
description: Vrrp6.
elements: dict
suboptions:
accept-mode:
choices:
- disable
- enable
description: Enable/disable accept mode.
type: str
adv-interval:
description: Advertisement interval
type: int
preempt:
choices:
- disable
- enable
description: Enable/disable preempt mode.
type: str
priority:
description: Priority of the virtual router
type: int
start-time:
description: Startup time
type: int
status:
choices:
- disable
- enable
description: Enable/disable VRRP.
type: str
vrdst6:
description: Monitor the route to this destination.
type: str
vrgrp:
description: VRRP group ID
type: int
vrid:
description: Virtual router identifier
type: int
vrip6:
description: IPv6 address of the virtual router.
type: str
type: list
type: dict
secondary-IP:
choices:
- disable
- enable
description: Secondary-Ip.
type: str
secondaryip:
description: Secondaryip.
elements: dict
suboptions:
allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
description: Management access settings for the secondary IP address.
elements: str
type: list
detectprotocol:
choices:
- ping
- tcp-echo
- udp-echo
description: Protocols used to detect the server.
elements: str
type: list
detectserver:
description: Gateways ping server for this IP.
type: str
gwdetect:
choices:
- disable
- enable
description: Enable/disable detect gateway alive for first.
type: str
ha-priority:
description: HA election priority for the PING server.
type: int
id:
description: ID.
type: int
ip:
description: Secondary IP address of the interface.
type: str
ping-serv-status:
description: Ping-Serv-Status.
type: int
secip-relay-ip:
description: DHCP relay IP address.
type: str
seq:
description: Seq.
type: int
type: list
vlanid:
description: Vlanid.
type: int
vrrp:
description: description
elements: dict
suboptions:
accept-mode:
choices:
- disable
- enable
description: Enable/disable accept mode.
type: str
adv-interval:
description: Advertisement interval
type: int
ignore-default-route:
choices:
- disable
- enable
description: Enable/disable ignoring of default route when checking
destination.
type: str
preempt:
choices:
- disable
- enable
description: Enable/disable preempt mode.
type: str
priority:
description: Priority of the virtual router
type: int
proxy-arp:
description: description
elements: dict
suboptions:
id:
description: ID.
type: int
ip:
description: Set IP addresses of proxy ARP.
type: str
type: list
start-time:
description: Startup time
type: int
status:
choices:
- disable
- enable
description: Enable/disable this VRRP configuration.
type: str
version:
choices:
- '2'
- '3'
description: VRRP version.
type: str
vrdst:
description: description
type: str
vrdst-priority:
description: Priority of the virtual router when the virtual router
destination becomes unreachable
type: int
vrgrp:
description: VRRP group ID
type: int
vrid:
description: Virtual router identifier
type: int
vrip:
description: IP address of the virtual router.
type: str
type: list
type: dict
type: list
interface:
description: no description
required: false
suboptions:
ac-name:
description: PPPoE server name.
type: str
aggregate:
description: Aggregate.
type: str
aggregate-type:
choices:
- physical
- vxlan
description: Type of aggregation.
type: str
algorithm:
choices:
- L2
- L3
- L4
- LB
- Source-MAC
description: Frame distribution algorithm.
type: str
alias:
description: Alias will be displayed with the interface name to make it easier
to distinguish.
type: str
allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
description: Permitted types of management access to this interface.
elements: str
type: list
ap-discover:
choices:
- disable
- enable
description: Enable/disable automatic registration of unknown FortiAP devices.
type: str
arpforward:
choices:
- disable
- enable
description: Enable/disable ARP forwarding.
type: str
atm-protocol:
choices:
- none
- ipoa
description: ATM protocol.
type: str
auth-cert:
description: HTTPS server certificate.
type: str
auth-portal-addr:
description: Address of captive portal.
type: str
auth-type:
choices:
- auto
- pap
- chap
- mschapv1
- mschapv2
description: PPP authentication type to use.
type: str
auto-auth-extension-device:
choices:
- disable
- enable
description: Enable/disable automatic authorization of dedicated Fortinet
extension device on this interface.
type: str
bandwidth-measure-time:
description: Bandwidth measure time
type: int
bfd:
choices:
- global
- enable
- disable
description: Bidirectional Forwarding Detection
type: str
bfd-desired-min-tx:
description: BFD desired minimal transmit interval.
type: int
bfd-detect-mult:
description: BFD detection multiplier.
type: int
bfd-required-min-rx:
description: BFD required minimal receive interval.
type: int
broadcast-forticlient-discovery:
choices:
- disable
- enable
description: Enable/disable broadcasting FortiClient discovery messages.
type: str
broadcast-forward:
choices:
- disable
- enable
description: Enable/disable broadcast forwarding.
type: str
captive-portal:
description: Enable/disable captive portal.
type: int
cli-conn-status:
description: Cli-Conn-Status.
type: int
color:
description: Color of icon on the GUI.
type: int
ddns:
choices:
- disable
- enable
description: Ddns.
type: str
ddns-auth:
choices:
- disable
- tsig
description: Ddns-Auth.
type: str
ddns-domain:
description: Ddns-Domain.
type: str
ddns-key:
description: Ddns-Key.
type: str
ddns-keyname:
description: Ddns-Keyname.
type: str
ddns-password:
description: Ddns-Password.
type: str
ddns-server:
choices:
- dhs.org
- dyndns.org
- dyns.net
- tzo.com
- ods.org
- vavic.com
- now.net.cn
- dipdns.net
- easydns.com
- genericDDNS
description: Ddns-Server.
type: str
ddns-server-ip:
description: Ddns-Server-Ip.
type: str
ddns-sn:
description: Ddns-Sn.
type: str
ddns-ttl:
description: Ddns-Ttl.
type: int
ddns-username:
description: Ddns-Username.
type: str
ddns-zone:
description: Ddns-Zone.
type: str
dedicated-to:
choices:
- none
- management
description: Configure interface for single purpose.
type: str
default-purdue-level:
choices:
- '1'
- '2'
- '3'
- '4'
- '5'
- '1.5'
- '2.5'
- '3.5'
- '5.5'
description: default purdue level of device detected on this interface.
type: str
defaultgw:
choices:
- disable
- enable
description: Enable to get the gateway IP from the DHCP or PPPoE server.
type: str
description:
description: Description.
type: str
detected-peer-mtu:
description: Detected-Peer-Mtu.
type: int
detectprotocol:
choices:
- ping
- tcp-echo
- udp-echo
description: Protocols used to detect the server.
elements: str
type: list
detectserver:
description: Gateways ping server for this IP.
type: str
device-access-list:
description: Device access list.
type: str
device-identification:
choices:
- disable
- enable
description: Enable/disable passively gathering of device identity information
about the devices on the network connected to this in...
type: str
device-identification-active-scan:
choices:
- disable
- enable
description: Enable/disable active gathering of device identity information
about the devices on the network connected to this inter...
type: str
device-netscan:
choices:
- disable
- enable
description: Enable/disable inclusion of devices detected on this interface
in network vulnerability scans.
type: str
device-user-identification:
choices:
- disable
- enable
description: Enable/disable passive gathering of user identity information
about users on this interface.
type: str
devindex:
description: Devindex.
type: int
dhcp-broadcast-flag:
choices:
- disable
- enable
description: Enable/disable setting of the broadcast flag in messages sent
by the DHCP client
type: str
dhcp-classless-route-addition:
choices:
- disable
- enable
description: Enable/disable addition of classless static routes retrieved
from DHCP server.
type: str
dhcp-client-identifier:
description: DHCP client identifier.
type: str
dhcp-relay-agent-option:
choices:
- disable
- enable
description: Enable/disable DHCP relay agent option.
type: str
dhcp-relay-interface:
description: Specify outgoing interface to reach server.
type: str
dhcp-relay-interface-select-method:
choices:
- auto
- sdwan
- specify
description: Specify how to select outgoing interface to reach server.
type: str
dhcp-relay-ip:
description: DHCP relay IP address.
type: str
dhcp-relay-link-selection:
description: DHCP relay link selection.
type: str
dhcp-relay-request-all-server:
choices:
- disable
- enable
description: Enable/disable sending of DHCP requests to all servers.
type: str
dhcp-relay-service:
choices:
- disable
- enable
description: Enable/disable allowing this interface to act as a DHCP relay.
type: str
dhcp-relay-type:
choices:
- regular
- ipsec
description: DHCP relay type
type: str
dhcp-renew-time:
description: DHCP renew time in seconds
type: int
dhcp-smart-relay:
choices:
- disable
- enable
description: Enable/disable DHCP smart relay.
type: str
disc-retry-timeout:
description: Time in seconds to wait before retrying to start a PPPoE discovery,
0 means no timeout.
type: int
disconnect-threshold:
description: Time in milliseconds to wait before sending a notification that
this interface is down or disconnected.
type: int
distance:
description: Distance for routes learned through PPPoE or DHCP, lower distance
indicates preferred route.
type: int
dns-query:
choices:
- disable
- recursive
- non-recursive
description: Dns-Query.
type: str
dns-server-override:
choices:
- disable
- enable
description: Enable/disable use DNS acquired by DHCP or PPPoE.
type: str
dns-server-protocol:
choices:
- cleartext
- dot
- doh
description: description
elements: str
type: list
drop-fragment:
choices:
- disable
- enable
description: Enable/disable drop fragment packets.
type: str
drop-overlapped-fragment:
choices:
- disable
- enable
description: Enable/disable drop overlapped fragment packets.
type: str
eap-ca-cert:
description: EAP CA certificate name.
type: str
eap-identity:
description: EAP identity.
type: str
eap-method:
choices:
- tls
- peap
description: EAP method.
type: str
eap-password:
description: description
type: str
eap-supplicant:
choices:
- disable
- enable
description: Enable/disable EAP-Supplicant.
type: str
eap-user-cert:
description: EAP user certificate name.
type: str
egress-cos:
choices:
- disable
- cos0
- cos1
- cos2
- cos3
- cos4
- cos5
- cos6
- cos7
description: Override outgoing CoS in user VLAN tag.
type: str
egress-shaping-profile:
description: Outgoing traffic shaping profile.
type: str
eip:
description: Eip.
type: str
endpoint-compliance:
choices:
- disable
- enable
description: Enable/disable endpoint compliance enforcement.
type: str
estimated-downstream-bandwidth:
description: Estimated maximum downstream bandwidth
type: int
estimated-upstream-bandwidth:
description: Estimated maximum upstream bandwidth
type: int
explicit-ftp-proxy:
choices:
- disable
- enable
description: Enable/disable the explicit FTP proxy on this interface.
type: str
explicit-web-proxy:
choices:
- disable
- enable
description: Enable/disable the explicit web proxy on this interface.
type: str
external:
choices:
- disable
- enable
description: Enable/disable identifying the interface as an external interface
type: str
fail-action-on-extender:
choices:
- soft-restart
- hard-restart
- reboot
description: Action on extender when interface fail .
type: str
fail-alert-interfaces:
description: Names of the FortiGate interfaces to which the link failure alert
is sent.
type: str
fail-alert-method:
choices:
- link-failed-signal
- link-down
description: Select link-failed-signal or link-down method to alert about
a failed link.
type: str
fail-detect:
choices:
- disable
- enable
description: Enable/disable fail detection features for this interface.
type: str
fail-detect-option:
choices:
- detectserver
- link-down
description: Options for detecting that this interface has failed.
elements: str
type: list
fdp:
choices:
- disable
- enable
description: Fdp.
type: str
fortiheartbeat:
choices:
- disable
- enable
description: Enable/disable FortiHeartBeat
type: str
fortilink:
choices:
- disable
- enable
description: Enable FortiLink to dedicate this interface to manage other Fortinet
devices.
type: str
fortilink-backup-link:
description: Fortilink-Backup-Link.
type: int
fortilink-neighbor-detect:
choices:
- lldp
- fortilink
description: Protocol for FortiGate neighbor discovery.
type: str
fortilink-split-interface:
choices:
- disable
- enable
description: Enable/disable FortiLink split interface to connect member link
to different FortiSwitch in stack for uplink redundancy.
type: str
fortilink-stacking:
choices:
- disable
- enable
description: Enable/disable FortiLink switch-stacking on this interface.
type: str
forward-domain:
description: Transparent mode forward domain.
type: int
forward-error-correction:
choices:
- disable
- enable
- rs-fec
- base-r-fec
- fec-cl91
- fec-cl74
- rs-544
- none
- cl91-rs-fec
- cl74-fc-fec
description: Enable/disable forward error correction
type: str
fp-anomaly:
choices:
- drop_tcp_fin_noack
- pass_winnuke
- pass_tcpland
- pass_udpland
- pass_icmpland
- pass_ipland
- pass_iprr
- pass_ipssrr
- pass_iplsrr
- pass_ipstream
- pass_ipsecurity
- pass_iptimestamp
- pass_ipunknown_option
- pass_ipunknown_prot
- pass_icmp_frag
- pass_tcp_no_flag
- pass_tcp_fin_noack
- drop_winnuke
- drop_tcpland
- drop_udpland
- drop_icmpland
- drop_ipland
- drop_iprr
- drop_ipssrr
- drop_iplsrr
- drop_ipstream
- drop_ipsecurity
- drop_iptimestamp
- drop_ipunknown_option
- drop_ipunknown_prot
- drop_icmp_frag
- drop_tcp_no_flag
description: Fp-Anomaly.
elements: str
type: list
fp-disable:
choices:
- all
- ipsec
- none
description: Fp-Disable.
elements: str
type: list
gateway-address:
description: Gateway address
type: str
generic-receive-offload:
choices:
- disable
- enable
description: no description
type: str
gi-gk:
choices:
- disable
- enable
description: Enable/disable Gi Gatekeeper.
type: str
gwaddr:
description: Gateway address
type: str
gwdetect:
choices:
- disable
- enable
description: Enable/disable detect gateway alive for first.
type: str
ha-priority:
description: HA election priority for the PING server.
type: int
icmp-accept-redirect:
choices:
- disable
- enable
description: Enable/disable ICMP accept redirect.
type: str
icmp-redirect:
choices:
- disable
- enable
description: Enable/disable ICMP redirect.
type: str
icmp-send-redirect:
choices:
- disable
- enable
description: Enable/disable sending of ICMP redirects.
type: str
ident-accept:
choices:
- disable
- enable
description: Enable/disable authentication for this interface.
type: str
idle-timeout:
description: PPPoE auto disconnect after idle timeout seconds, 0 means no
timeout.
type: int
if-mdix:
choices:
- auto
- normal
- crossover
description: Interface MDIX mode
type: str
if-media:
choices:
- auto
- copper
- fiber
description: Select interface media type
type: str
ike-saml-server:
description: Configure IKE authentication SAML server.
type: str
in-force-vlan-cos:
description: In-Force-Vlan-Cos.
type: int
inbandwidth:
description: Bandwidth limit for incoming traffic
type: int
ingress-cos:
choices:
- disable
- cos0
- cos1
- cos2
- cos3
- cos4
- cos5
- cos6
- cos7
description: Override incoming CoS in user VLAN tag on VLAN interface or assign
a priority VLAN tag on physical interface.
type: str
ingress-shaping-profile:
description: Incoming traffic shaping profile.
type: str
ingress-spillover-threshold:
description: Ingress Spillover threshold
type: int
interconnect-profile:
choices:
- default
- profile1
- profile2
description: Set interconnect profile.
type: str
internal:
description: Implicitly created.
type: int
ip:
description: Interface IPv4 address and subnet mask, syntax
type: str
ip-managed-by-fortiipam:
choices:
- disable
- enable
- inherit-global
description: Enable/disable automatic IP address assignment of this interface
by FortiIPAM.
type: str
ipmac:
choices:
- disable
- enable
description: Enable/disable IP/MAC binding.
type: str
ips-sniffer-mode:
choices:
- disable
- enable
description: Enable/disable the use of this interface as a one-armed sniffer.
type: str
ipunnumbered:
description: Unnumbered IP used for PPPoE interfaces for which no unique local
address is provided.
type: str
ipv6:
description: no description
required: false
suboptions:
autoconf:
choices:
- disable
- enable
description: Enable/disable address auto config.
type: str
cli-conn6-status:
description: Cli-Conn6-Status.
type: int
dhcp6-client-options:
choices:
- rapid
- iapd
- iana
- dns
- dnsname
description: Dhcp6-Client-Options.
elements: str
type: list
dhcp6-information-request:
choices:
- disable
- enable
description: Enable/disable DHCPv6 information request.
type: str
dhcp6-prefix-delegation:
choices:
- disable
- enable
description: Enable/disable DHCPv6 prefix delegation.
type: str
dhcp6-prefix-hint:
description: DHCPv6 prefix that will be used as a hint to the upstream
DHCPv6 server.
type: str
dhcp6-prefix-hint-plt:
description: DHCPv6 prefix hint preferred life time
type: int
dhcp6-prefix-hint-vlt:
description: DHCPv6 prefix hint valid life time
type: int
dhcp6-relay-ip:
description: DHCPv6 relay IP address.
type: str
dhcp6-relay-service:
choices:
- disable
- enable
description: Enable/disable DHCPv6 relay.
type: str
dhcp6-relay-source-interface:
choices:
- disable
- enable
description: Enable/disable use of address on this interface as the source
address of the relay message.
type: str
dhcp6-relay-type:
choices:
- regular
description: DHCPv6 relay type.
type: str
icmp6-send-redirect:
choices:
- disable
- enable
description: Enable/disable sending of ICMPv6 redirects.
type: str
interface-identifier:
description: IPv6 interface identifier.
type: str
ip6-address:
description: Primary IPv6 address prefix, syntax
type: str
ip6-allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
description: Allow management access to the interface.
elements: str
type: list
ip6-default-life:
description: Default life
type: int
ip6-delegated-prefix-iaid:
description: IAID of obtained delegated-prefix from the upstream interface.
type: int
ip6-delegated-prefix-list:
description: Ip6-Delegated-Prefix-List.
elements: dict
suboptions:
autonomous-flag:
choices:
- disable
- enable
description: Enable/disable the autonomous flag.
type: str
delegated-prefix-iaid:
description: IAID of obtained delegated-prefix from the upstream interface.
type: int
onlink-flag:
choices:
- disable
- enable
description: Enable/disable the onlink flag.
type: str
prefix-id:
description: Prefix ID.
type: int
rdnss:
description: Recursive DNS server option.
type: str
rdnss-service:
choices:
- delegated
- default
- specify
description: Recursive DNS service option.
type: str
subnet:
description: Add subnet ID to routing prefix.
type: str
upstream-interface:
description: Name of the interface that provides delegated information.
type: str
type: list
ip6-dns-server-override:
choices:
- disable
- enable
description: Enable/disable using the DNS server acquired by DHCP.
type: str
ip6-extra-addr:
description: Ip6-Extra-Addr.
elements: dict
suboptions:
prefix:
description: IPv6 address prefix.
type: str
type: list
ip6-hop-limit:
description: Hop limit
type: int
ip6-link-mtu:
description: IPv6 link MTU.
type: int
ip6-manage-flag:
choices:
- disable
- enable
description: Enable/disable the managed flag.
type: str
ip6-max-interval:
description: IPv6 maximum interval
type: int
ip6-min-interval:
description: IPv6 minimum interval
type: int
ip6-mode:
choices:
- static
- dhcp
- pppoe
- delegated
description: Addressing mode
type: str
ip6-other-flag:
choices:
- disable
- enable
description: Enable/disable the other IPv6 flag.
type: str
ip6-prefix-list:
description: Ip6-Prefix-List.
elements: dict
suboptions:
autonomous-flag:
choices:
- disable
- enable
description: Enable/disable the autonomous flag.
type: str
dnssl:
description: DNS search list option.
type: str
onlink-flag:
choices:
- disable
- enable
description: Enable/disable the onlink flag.
type: str
preferred-life-time:
description: Preferred life time
type: int
prefix:
description: IPv6 prefix.
type: str
rdnss:
description: Recursive DNS server option.
type: str
valid-life-time:
description: Valid life time
type: int
type: list
ip6-prefix-mode:
choices:
- dhcp6
- ra
description: Assigning a prefix from DHCP or RA.
type: str
ip6-reachable-time:
description: IPv6 reachable time
type: int
ip6-retrans-time:
description: IPv6 retransmit time
type: int
ip6-send-adv:
choices:
- disable
- enable
description: Enable/disable sending advertisements about the interface.
type: str
ip6-subnet:
description: Subnet to routing prefix, syntax
type: str
ip6-upstream-interface:
description: Interface name providing delegated information.
type: str
nd-cert:
description: Neighbor discovery certificate.
type: str
nd-cga-modifier:
description: Neighbor discovery CGA modifier.
type: str
nd-mode:
choices:
- basic
- SEND-compatible
description: Neighbor discovery mode.
type: str
nd-security-level:
description: Neighbor discovery security level
type: int
nd-timestamp-delta:
description: Neighbor discovery timestamp delta value
type: int
nd-timestamp-fuzz:
description: Neighbor discovery timestamp fuzz factor
type: int
ra-send-mtu:
choices:
- disable
- enable
description: Enable/disable sending link MTU in RA packet.
type: str
unique-autoconf-addr:
choices:
- disable
- enable
description: Enable/disable unique auto config address.
type: str
vrip6_link_local:
description: Link-local IPv6 address of virtual router.
type: str
vrrp-virtual-mac6:
choices:
- disable
- enable
description: Enable/disable virtual MAC for VRRP.
type: str
vrrp6:
description: Vrrp6.
elements: dict
suboptions:
accept-mode:
choices:
- disable
- enable
description: Enable/disable accept mode.
type: str
adv-interval:
description: Advertisement interval
type: int
preempt:
choices:
- disable
- enable
description: Enable/disable preempt mode.
type: str
priority:
description: Priority of the virtual router
type: int
start-time:
description: Startup time
type: int
status:
choices:
- disable
- enable
description: Enable/disable VRRP.
type: str
vrdst6:
description: Monitor the route to this destination.
type: str
vrgrp:
description: VRRP group ID
type: int
vrid:
description: Virtual router identifier
type: int
vrip6:
description: IPv6 address of the virtual router.
type: str
type: list
type: dict
l2forward:
choices:
- disable
- enable
description: Enable/disable l2 forwarding.
type: str
l2tp-client:
choices:
- disable
- enable
description: Enable/disable this interface as a Layer 2 Tunnelling Protocol
type: str
lacp-ha-secondary:
choices:
- disable
- enable
description: no description
type: str
lacp-ha-slave:
choices:
- disable
- enable
description: LACP HA slave.
type: str
lacp-mode:
choices:
- static
- passive
- active
description: LACP mode.
type: str
lacp-speed:
choices:
- slow
- fast
description: How often the interface sends LACP messages.
type: str
large-receive-offload:
choices:
- disable
- enable
description: no description
type: str
lcp-echo-interval:
description: Time in seconds between PPPoE Link Control Protocol
type: int
lcp-max-echo-fails:
description: Maximum missed LCP echo messages before disconnect.
type: int
link-up-delay:
description: Number of milliseconds to wait before considering a link is up.
type: int
listen-forticlient-connection:
choices:
- disable
- enable
description: Listen-Forticlient-Connection.
type: str
lldp-network-policy:
description: LLDP-MED network policy profile.
type: str
lldp-reception:
choices:
- disable
- enable
- vdom
description: Enable/disable Link Layer Discovery Protocol
type: str
lldp-transmission:
choices:
- enable
- disable
- vdom
description: Enable/disable Link Layer Discovery Protocol
type: str
log:
choices:
- disable
- enable
description: Log.
type: str
macaddr:
description: Change the interfaces MAC address.
type: str
managed-subnetwork-size:
choices:
- '256'
- '512'
- '1024'
- '2048'
- '4096'
- '8192'
- '16384'
- '32768'
- '65536'
- '32'
- '64'
- '128'
description: Number of IP addresses to be allocated by FortiIPAM and used
by this FortiGate units DHCP server settings.
type: str
management-ip:
description: High Availability in-band management IP address of this interface.
type: str
max-egress-burst-rate:
description: Max egress burst rate
type: int
max-egress-rate:
description: Max egress rate
type: int
measured-downstream-bandwidth:
description: Measured downstream bandwidth
type: int
measured-upstream-bandwidth:
description: Measured upstream bandwidth
type: int
mediatype:
choices:
- serdes-sfp
- sgmii-sfp
- cfp2-sr10
- cfp2-lr4
- serdes-copper-sfp
- sr
- cr
- lr
- qsfp28-sr4
- qsfp28-lr4
- qsfp28-cr4
- sr4
- cr4
- lr4
- none
- gmii
- sgmii
- sr2
- lr2
- cr2
- sr8
- lr8
- cr8
description: Select SFP media interface type
type: str
member:
description: Physical interfaces that belong to the aggregate or redundant
interface.
type: str
min-links:
description: Minimum number of aggregated ports that must be up.
type: int
min-links-down:
choices:
- operational
- administrative
description: Action to take when less than the configured minimum number of
links are active.
type: str
mode:
choices:
- static
- dhcp
- pppoe
- pppoa
- ipoa
- eoa
description: Addressing mode
type: str
monitor-bandwidth:
choices:
- disable
- enable
description: Enable monitoring bandwidth on this interface.
type: str
mtu:
description: MTU value for this interface.
type: int
mtu-override:
choices:
- disable
- enable
description: Enable to set a custom MTU for this interface.
type: str
mux-type:
choices:
- llc-encaps
- vc-encaps
description: Multiplexer type
type: str
name:
description: Name.
type: str
ndiscforward:
choices:
- disable
- enable
description: Enable/disable NDISC forwarding.
type: str
netbios-forward:
choices:
- disable
- enable
description: Enable/disable NETBIOS forwarding.
type: str
netflow-sampler:
choices:
- disable
- tx
- rx
- both
description: Enable/disable NetFlow on this interface and set the data that
NetFlow collects
type: str
np-qos-profile:
description: NP QoS profile ID.
type: int
npu-fastpath:
choices:
- disable
- enable
description: Npu-Fastpath.
type: str
nst:
choices:
- disable
- enable
description: Nst.
type: str
out-force-vlan-cos:
description: Out-Force-Vlan-Cos.
type: int
outbandwidth:
description: Bandwidth limit for outgoing traffic
type: int
padt-retry-timeout:
description: PPPoE Active Discovery Terminate
type: int
password:
description: PPPoE accounts password.
type: str
peer-interface:
description: Peer-Interface.
type: str
phy-mode:
choices:
- auto
- adsl
- vdsl
- adsl-auto
- vdsl2
- adsl2+
- adsl2
- g.dmt
- t1.413
- g.lite
description: DSL physical mode.
type: str
ping-serv-status:
description: Ping-Serv-Status.
type: int
poe:
choices:
- disable
- enable
description: Enable/disable PoE status.
type: str
polling-interval:
description: sFlow polling interval
type: int
pppoe-unnumbered-negotiate:
choices:
- disable
- enable
description: Enable/disable PPPoE unnumbered negotiation.
type: str
pptp-auth-type:
choices:
- auto
- pap
- chap
- mschapv1
- mschapv2
description: PPTP authentication type.
type: str
pptp-client:
choices:
- disable
- enable
description: Enable/disable PPTP client.
type: str
pptp-password:
description: PPTP password.
type: str
pptp-server-ip:
description: PPTP server IP address.
type: str
pptp-timeout:
description: Idle timer in minutes
type: int
pptp-user:
description: PPTP user name.
type: str
preserve-session-route:
choices:
- disable
- enable
description: Enable/disable preservation of session route when dirty.
type: str
priority:
description: Priority of learned routes.
type: int
priority-override:
choices:
- disable
- enable
description: Enable/disable fail back to higher priority port once recovered.
type: str
proxy-captive-portal:
choices:
- disable
- enable
description: Enable/disable proxy captive portal on this interface.
type: str
pvc-atm-qos:
choices:
- cbr
- rt-vbr
- nrt-vbr
description: SFP-DSL ADSL Fallback PVC ATM QoS.
type: str
pvc-chan:
description: SFP-DSL ADSL Fallback PVC Channel.
type: int
pvc-crc:
description: SFP-DSL ADSL Fallback PVC CRC Option
type: int
pvc-pcr:
description: SFP-DSL ADSL Fallback PVC Packet Cell Rate in cells
type: int
pvc-scr:
description: SFP-DSL ADSL Fallback PVC Sustainable Cell Rate in cells
type: int
pvc-vlan-id:
description: SFP-DSL ADSL Fallback PVC VLAN ID.
type: int
pvc-vlan-rx-id:
description: SFP-DSL ADSL Fallback PVC VLANID RX.
type: int
pvc-vlan-rx-op:
choices:
- pass-through
- replace
- remove
description: SFP-DSL ADSL Fallback PVC VLAN RX op.
type: str
pvc-vlan-tx-id:
description: SFP-DSL ADSL Fallback PVC VLAN ID TX.
type: int
pvc-vlan-tx-op:
choices:
- pass-through
- replace
- remove
description: SFP-DSL ADSL Fallback PVC VLAN TX op.
type: str
reachable-time:
description: IPv4 reachable time in milliseconds
type: int
redundant-interface:
description: Redundant-Interface.
type: str
remote-ip:
description: Remote IP address of tunnel.
type: str
replacemsg-override-group:
description: Replacement message override group.
type: str
retransmission:
choices:
- disable
- enable
description: Enable/disable DSL retransmission.
type: str
ring-rx:
description: RX ring size.
type: int
ring-tx:
description: TX ring size.
type: int
role:
choices:
- lan
- wan
- dmz
- undefined
description: Interface role.
type: str
sample-direction:
choices:
- rx
- tx
- both
description: Data that NetFlow collects
type: str
sample-rate:
description: sFlow sample rate
type: int
scan-botnet-connections:
choices:
- disable
- block
- monitor
description: Enable monitoring or blocking connections to Botnet servers through
this interface.
type: str
secondary-IP:
choices:
- disable
- enable
description: Enable/disable adding a secondary IP to this interface.
type: str
secondaryip:
description: Secondaryip.
elements: dict
suboptions:
allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
description: Management access settings for the secondary IP address.
elements: str
type: list
detectprotocol:
choices:
- ping
- tcp-echo
- udp-echo
description: Protocols used to detect the server.
elements: str
type: list
detectserver:
description: Gateways ping server for this IP.
type: str
gwdetect:
choices:
- disable
- enable
description: Enable/disable detect gateway alive for first.
type: str
ha-priority:
description: HA election priority for the PING server.
type: int
id:
description: ID.
type: int
ip:
description: Secondary IP address of the interface.
type: str
ping-serv-status:
description: Ping-Serv-Status.
type: int
secip-relay-ip:
description: DHCP relay IP address.
type: str
seq:
description: Seq.
type: int
type: list
security-8021x-dynamic-vlan-id:
description: VLAN ID for virtual switch.
type: int
security-8021x-master:
description: '802.'
type: str
security-8021x-mode:
choices:
- default
- dynamic-vlan
- fallback
- slave
description: '802.'
type: str
security-exempt-list:
description: Name of security-exempt-list.
type: str
security-external-logout:
description: URL of external authentication logout server.
type: str
security-external-web:
description: URL of external authentication web server.
type: str
security-groups:
description: User groups that can authenticate with the captive portal.
type: str
security-mac-auth-bypass:
choices:
- disable
- enable
- mac-auth-only
description: Enable/disable MAC authentication bypass.
type: str
security-mode:
choices:
- none
- captive-portal
- 802.1X
description: Turn on captive portal authentication for this interface.
type: str
security-redirect-url:
description: URL redirection after disclaimer/authentication.
type: str
select-profile-30a-35b:
choices:
- 30A
- 35B
description: Select VDSL Profile 30a or 35b.
type: str
service-name:
description: PPPoE service name.
type: str
sflow-sampler:
choices:
- disable
- enable
description: Enable/disable sFlow on this interface.
type: str
sfp-dsl:
choices:
- disable
- enable
description: Enable/disable SFP DSL.
type: str
sfp-dsl-adsl-fallback:
choices:
- disable
- enable
description: Enable/disable SFP DSL ADSL fallback.
type: str
sfp-dsl-autodetect:
choices:
- disable
- enable
description: Enable/disable SFP DSL MAC address autodetect.
type: str
sfp-dsl-mac:
description: SFP DSL MAC address.
type: str
speed:
choices:
- auto
- 10full
- 10half
- 100full
- 100half
- 1000full
- 1000half
- 10000full
- 1000auto
- 10000auto
- 40000full
- 100Gfull
- 25000full
- 40000auto
- 25000auto
- 100Gauto
- 400Gfull
- 400Gauto
- 50000full
- 2500auto
- 5000auto
- 50000auto
- 200Gfull
- 200Gauto
- 100auto
description: Interface speed.
type: str
spillover-threshold:
description: Egress Spillover threshold
type: int
src-check:
choices:
- disable
- enable
description: Enable/disable source IP check.
type: str
status:
choices:
- down
- up
description: Bring the interface up or shut the interface down.
type: str
stp:
choices:
- disable
- enable
description: Enable/disable STP.
type: str
stp-ha-secondary:
choices:
- disable
- enable
- priority-adjust
description: Control STP behaviour on HA secondary.
type: str
stp-ha-slave:
choices:
- disable
- enable
- priority-adjust
description: Control STP behaviour on HA slave.
type: str
stpforward:
choices:
- disable
- enable
description: Enable/disable STP forwarding.
type: str
stpforward-mode:
choices:
- rpl-all-ext-id
- rpl-bridge-ext-id
- rpl-nothing
description: Configure STP forwarding mode.
type: str
strip-priority-vlan-tag:
choices:
- disable
- enable
description: Strip-Priority-Vlan-Tag.
type: str
subst:
choices:
- disable
- enable
description: Enable to always send packets from this interface to a destination
MAC address.
type: str
substitute-dst-mac:
description: Destination MAC address that all packets are sent to from this
interface.
type: str
sw-algorithm:
choices:
- l2
- l3
- eh
description: Frame distribution algorithm for switch.
type: str
swc-first-create:
description: Initial create for switch-controller VLANs.
type: int
swc-vlan:
description: Swc-Vlan.
type: int
switch:
description: Switch.
type: str
switch-controller-access-vlan:
choices:
- disable
- enable
description: Block FortiSwitch port-to-port traffic.
type: str
switch-controller-arp-inspection:
choices:
- disable
- enable
description: Enable/disable FortiSwitch ARP inspection.
type: str
switch-controller-auth:
choices:
- radius
- usergroup
description: Switch controller authentication.
type: str
switch-controller-dhcp-snooping:
choices:
- disable
- enable
description: Switch controller DHCP snooping.
type: str
switch-controller-dhcp-snooping-option82:
choices:
- disable
- enable
description: Switch controller DHCP snooping option82.
type: str
switch-controller-dhcp-snooping-verify-mac:
choices:
- disable
- enable
description: Switch controller DHCP snooping verify MAC.
type: str
switch-controller-dynamic:
description: Integrated FortiLink settings for managed FortiSwitch.
type: str
switch-controller-feature:
choices:
- none
- default-vlan
- quarantine
- sniffer
- voice
- camera
- rspan
- video
- nac
- nac-segment
description: Interfaces purpose when assigning traffic
type: str
switch-controller-igmp-snooping:
choices:
- disable
- enable
description: Switch controller IGMP snooping.
type: str
switch-controller-igmp-snooping-fast-leave:
choices:
- disable
- enable
description: Switch controller IGMP snooping fast-leave.
type: str
switch-controller-igmp-snooping-proxy:
choices:
- disable
- enable
description: Switch controller IGMP snooping proxy.
type: str
switch-controller-iot-scanning:
choices:
- disable
- enable
description: Enable/disable managed FortiSwitch IoT scanning.
type: str
switch-controller-learning-limit:
description: Limit the number of dynamic MAC addresses on this VLAN
type: int
switch-controller-mgmt-vlan:
description: VLAN to use for FortiLink management purposes.
type: int
switch-controller-nac:
description: Integrated NAC settings for managed FortiSwitch.
type: str
switch-controller-netflow-collect:
choices:
- disable
- enable
description: NetFlow collection and processing.
type: str
switch-controller-offloading:
choices:
- disable
- enable
description: no description
type: str
switch-controller-offloading-gw:
choices:
- disable
- enable
description: no description
type: str
switch-controller-offloading-ip:
description: no description
type: str
switch-controller-radius-server:
description: RADIUS server name for this FortiSwitch VLAN.
type: str
switch-controller-rspan-mode:
choices:
- disable
- enable
description: Stop Layer2 MAC learning and interception of BPDUs and other
packets on this interface.
type: str
switch-controller-source-ip:
choices:
- outbound
- fixed
description: Source IP address used in FortiLink over L3 connections.
type: str
switch-controller-traffic-policy:
description: Switch controller traffic policy for the VLAN.
type: str
system-id:
description: Define a system ID for the aggregate interface.
type: str
system-id-type:
choices:
- auto
- user
description: Method in which system ID is generated.
type: str
tc-mode:
choices:
- ptm
- atm
description: DSL transfer mode.
type: str
tcp-mss:
description: TCP maximum segment size.
type: int
trunk:
choices:
- disable
- enable
description: Enable/disable VLAN trunk.
type: str
trust-ip-1:
description: Trusted host for dedicated management traffic
type: str
trust-ip-2:
description: Trusted host for dedicated management traffic
type: str
trust-ip-3:
description: Trusted host for dedicated management traffic
type: str
trust-ip6-1:
description: Trusted IPv6 host for dedicated management traffic
type: str
trust-ip6-2:
description: Trusted IPv6 host for dedicated management traffic
type: str
trust-ip6-3:
description: Trusted IPv6 host for dedicated management traffic
type: str
type:
choices:
- physical
- vlan
- aggregate
- redundant
- tunnel
- wireless
- vdom-link
- loopback
- switch
- hard-switch
- hdlc
- vap-switch
- wl-mesh
- fortilink
- switch-vlan
- fctrl-trunk
- tdm
- fext-wan
- vxlan
- emac-vlan
- geneve
- ssl
- lan-extension
description: Interface type.
type: str
username:
description: Username of the PPPoE account, provided by your ISP.
type: str
vci:
description: Virtual Channel ID
type: int
vectoring:
choices:
- disable
- enable
description: Enable/disable DSL vectoring.
type: str
vindex:
description: Vindex.
type: int
vlan-id:
description: Vlan ID
type: int
vlan-op-mode:
choices:
- tag
- untag
- passthrough
description: Configure DSL 802.
type: str
vlan-protocol:
choices:
- 8021q
- 8021ad
description: Ethernet protocol of VLAN.
type: str
vlanforward:
choices:
- disable
- enable
description: Enable/disable traffic forwarding between VLANs on this interface.
type: str
vlanid:
description: VLAN ID
type: int
vpi:
description: Virtual Path ID
type: int
vrf:
description: Virtual Routing Forwarding ID.
type: int
vrrp:
description: Vrrp.
elements: dict
suboptions:
accept-mode:
choices:
- disable
- enable
description: Enable/disable accept mode.
type: str
adv-interval:
description: Advertisement interval
type: int
ignore-default-route:
choices:
- disable
- enable
description: Enable/disable ignoring of default route when checking destination.
type: str
preempt:
choices:
- disable
- enable
description: Enable/disable preempt mode.
type: str
priority:
description: Priority of the virtual router
type: int
proxy-arp:
description: description
elements: dict
suboptions:
id:
description: ID.
type: int
ip:
description: Set IP addresses of proxy ARP.
type: str
type: list
start-time:
description: Startup time
type: int
status:
choices:
- disable
- enable
description: Enable/disable this VRRP configuration.
type: str
version:
choices:
- '2'
- '3'
description: VRRP version.
type: str
vrdst:
description: Monitor the route to this destination.
type: str
vrdst-priority:
description: Priority of the virtual router when the virtual router destination
becomes unreachable
type: int
vrgrp:
description: VRRP group ID
type: int
vrid:
description: Virtual router identifier
type: int
vrip:
description: IP address of the virtual router.
type: str
type: list
vrrp-virtual-mac:
choices:
- disable
- enable
description: Enable/disable use of virtual MAC for VRRP.
type: str
wccp:
choices:
- disable
- enable
description: Enable/disable WCCP on this interface.
type: str
weight:
description: Default weight for static routes
type: int
wifi-5g-threshold:
description: Minimal signal strength to be considered as a good 5G AP.
type: str
wifi-acl:
choices:
- deny
- allow
description: Access control for MAC addresses in the MAC list.
type: str
wifi-ap-band:
choices:
- any
- 5g-preferred
- 5g-only
description: How to select the AP to connect.
type: str
wifi-auth:
choices:
- PSK
- RADIUS
- radius
- usergroup
description: WiFi authentication.
type: str
wifi-auto-connect:
choices:
- disable
- enable
description: Enable/disable WiFi network auto connect.
type: str
wifi-auto-save:
choices:
- disable
- enable
description: Enable/disable WiFi network automatic save.
type: str
wifi-broadcast-ssid:
choices:
- disable
- enable
description: Enable/disable SSID broadcast in the beacon.
type: str
wifi-dns-server1:
description: DNS server 1.
type: str
wifi-dns-server2:
description: DNS server 2.
type: str
wifi-encrypt:
choices:
- TKIP
- AES
description: Data encryption.
type: str
wifi-fragment-threshold:
description: WiFi fragment threshold
type: int
wifi-gateway:
description: IPv4 default gateway IP address.
type: str
wifi-key:
description: WiFi WEP Key.
type: str
wifi-keyindex:
description: WEP key index
type: int
wifi-mac-filter:
choices:
- disable
- enable
description: Enable/disable MAC filter status.
type: str
wifi-passphrase:
description: WiFi pre-shared key for WPA.
type: str
wifi-radius-server:
description: WiFi RADIUS server for WPA.
type: str
wifi-rts-threshold:
description: WiFi RTS threshold
type: int
wifi-security:
choices:
- None
- WEP64
- wep64
- WEP128
- wep128
- WPA_PSK
- WPA_RADIUS
- WPA
- WPA2
- WPA2_AUTO
- open
- wpa-personal
- wpa-enterprise
- wpa-only-personal
- wpa-only-enterprise
- wpa2-only-personal
- wpa2-only-enterprise
description: Wireless access security of SSID.
type: str
wifi-ssid:
description: IEEE 802.
type: str
wifi-usergroup:
description: WiFi user group for WPA.
type: str
wins-ip:
description: WINS server IP.
type: str
type: dict
name:
description: Name.
type: str
portal-message-override-group:
description: no description
type: str
radius-server:
description: no description
type: str
security:
choices:
- open
- captive-portal
- 8021x
description: no description
type: str
selected-usergroups:
description: no description
type: str
usergroup:
description: no description
type: str
vdom:
description: Vdom.
type: str
vlanid:
description: Vlanid.
type: int
type: dict
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list