Try SpotterConfigure FortiSwitch devices that are managed by this FortiGate.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch devices that are managed by this FortiGate.
fmgr_switchcontroller_managedswitch:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
switchcontroller_managedswitch:
_platform: <value of string>
description: <value of string>
name: <value of string>
ports:
-
allowed-vlans: <value of string>
allowed-vlans-all: <value in [disable, enable]>
arp-inspection-trust: <value in [untrusted, trusted]>
bundle: <value in [disable, enable]>
description: <value of string>
dhcp-snoop-option82-trust: <value in [disable, enable]>
dhcp-snooping: <value in [trusted, untrusted]>
discard-mode: <value in [none, all-untagged, all-tagged]>
edge-port: <value in [disable, enable]>
igmp-snooping: <value in [disable, enable]>
igmps-flood-reports: <value in [disable, enable]>
igmps-flood-traffic: <value in [disable, enable]>
lacp-speed: <value in [slow, fast]>
learning-limit: <value of integer>
lldp-profile: <value of string>
lldp-status: <value in [disable, rx-only, tx-only, ...]>
loop-guard: <value in [disabled, enabled]>
loop-guard-timeout: <value of integer>
max-bundle: <value of integer>
mclag: <value in [disable, enable]>
member-withdrawal-behavior: <value in [forward, block]>
members: <value of string>
min-bundle: <value of integer>
mode: <value in [static, lacp-passive, lacp-active]>
poe-pre-standard-detection: <value in [disable, enable]>
poe-status: <value in [disable, enable]>
port-name: <value of string>
port-owner: <value of string>
port-security-policy: <value of string>
port-selection-criteria: <value in [src-mac, dst-mac, src-dst-mac, ...]>
qos-policy: <value of string>
sample-direction: <value in [rx, tx, both]>
sflow-counter-interval: <value of integer>
sflow-sample-rate: <value of integer>
sflow-sampler: <value in [disabled, enabled]>
stp-bpdu-guard: <value in [disabled, enabled]>
stp-bpdu-guard-timeout: <value of integer>
stp-root-guard: <value in [disabled, enabled]>
stp-state: <value in [disabled, enabled]>
type: <value in [physical, trunk]>
untagged-vlans: <value of string>
vlan: <value of string>
export-to-pool-flag: <value of integer>
mac-addr: <value of string>
packet-sample-rate: <value of integer>
packet-sampler: <value in [disabled, enabled]>
sticky-mac: <value in [disable, enable]>
storm-control-policy: <value of string>
dot1x-enable: <value in [disable, enable]>
max-miss-heartbeats: <value of integer>
access-mode: <value in [normal, nac, dynamic, ...]>
ip-source-guard: <value in [disable, enable]>
mclag-icl-port: <value of integer>
p2p-port: <value of integer>
aggregator-mode: <value in [bandwidth, count]>
rpvst-port: <value in [disabled, enabled]>
flow-control: <value in [disable, tx, rx, ...]>
media-type: <value of string>
pause-meter: <value of integer>
pause-meter-resume: <value in [25%, 50%, 75%]>
trunk-member: <value of integer>
fec-capable: <value of integer>
fec-state: <value in [disabled, cl74, cl91]>
matched-dpp-intf-tags: <value of string>
matched-dpp-policy: <value of string>
port-policy: <value of string>
status: <value in [down, up]>
dsl-profile: <value of string>
flap-duration: <value of integer>
flap-rate: <value of integer>
flap-timeout: <value of integer>
flapguard: <value in [disable, enable]>
interface-tags: <value of string>
poe-max-power: <value of string>
poe-standard: <value of string>
igmp-snooping-flood-reports: <value in [disable, enable]>
mcast-snooping-flood-traffic: <value in [disable, enable]>
link-status: <value in [down, up]>
poe-mode-bt-cabable: <value of integer>
poe-port-mode: <value in [ieee802-3af, ieee802-3at, ieee802-3bt]>
poe-port-power: <value in [normal, perpetual, perpetual-fast]>
poe-port-priority: <value in [critical-priority, high-priority, low-priority, ...]>
acl-group: <value of string>
dhcp-snoop-option82-override:
-
circuit-id: <value of string>
remote-id: <value of string>
vlan-name: <value of string>
fortiswitch-acls: <value of integer>
isl-peer-device-sn: <value of string>
switch-id: <value of string>
override-snmp-community: <value in [disable, enable]>
override-snmp-sysinfo: <value in [disable, enable]>
override-snmp-trap-threshold: <value in [disable, enable]>
override-snmp-user: <value in [disable, enable]>
poe-detection-type: <value of integer>
remote-log:
-
csv: <value in [disable, enable]>
facility: <value in [kernel, user, mail, ...]>
name: <value of string>
port: <value of integer>
server: <value of string>
severity: <value in [emergency, alert, critical, ...]>
status: <value in [disable, enable]>
snmp-community:
-
events:
- cpu-high
- mem-low
- log-full
- intf-ip
- ent-conf-change
hosts:
-
id: <value of integer>
ip: <value of string>
id: <value of integer>
name: <value of string>
query-v1-port: <value of integer>
query-v1-status: <value in [disable, enable]>
query-v2c-port: <value of integer>
query-v2c-status: <value in [disable, enable]>
status: <value in [disable, enable]>
trap-v1-lport: <value of integer>
trap-v1-rport: <value of integer>
trap-v1-status: <value in [disable, enable]>
trap-v2c-lport: <value of integer>
trap-v2c-rport: <value of integer>
trap-v2c-status: <value in [disable, enable]>
snmp-user:
-
auth-proto: <value in [md5, sha]>
auth-pwd: <value of string>
name: <value of string>
priv-proto: <value in [des, aes]>
priv-pwd: <value of string>
queries: <value in [disable, enable]>
query-port: <value of integer>
security-level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]>
mclag-igmp-snooping-aware: <value in [disable, enable]>
ip-source-guard:
-
binding-entry:
-
entry-name: <value of string>
ip: <value of string>
mac: <value of string>
description: <value of string>
port: <value of string>
l3-discovered: <value of integer>
qos-drop-policy: <value in [taildrop, random-early-detection]>
qos-red-probability: <value of integer>
switch-dhcp_opt43_key: <value of string>
tdr-supported: <value of string>
custom-command:
-
command-entry: <value of string>
command-name: <value of string>
firmware-provision: <value in [disable, enable]>
firmware-provision-version: <value of string>
dhcp-server-access-list: <value in [disable, enable, global]>
firmware-provision-latest: <value in [disable, once]>
dhcp-snooping-static-client:
-
ip: <value of string>
mac: <value of string>
name: <value of string>
port: <value of string>
vlan: <value of string>
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
switchcontroller_managedswitch:
description: the top level parameters set
required: false
suboptions:
_platform:
description: _Platform.
type: str
custom-command:
description: Custom-Command.
elements: dict
suboptions:
command-entry:
description: List of FortiSwitch commands.
type: str
command-name:
description: Names of commands to be pushed to this FortiSwitch device, as
configured under config switch-controller custom-command.
type: str
type: list
description:
description: Description.
type: str
dhcp-server-access-list:
choices:
- disable
- enable
- global
description: DHCP snooping server access list.
type: str
dhcp-snooping-static-client:
description: description
elements: dict
suboptions:
ip:
description: Client static IP address.
type: str
mac:
description: Client MAC address.
type: str
name:
description: Client name.
type: str
port:
description: Interface name.
type: str
vlan:
description: VLAN name.
type: str
type: list
firmware-provision:
choices:
- disable
- enable
description: Enable/disable provisioning of firmware to FortiSwitches on join
connection.
type: str
firmware-provision-latest:
choices:
- disable
- once
description: Enable/disable one-time automatic provisioning of the latest firmware
version.
type: str
firmware-provision-version:
description: Firmware version to provision to this FortiSwitch on bootup
type: str
ip-source-guard:
description: description
elements: dict
suboptions:
binding-entry:
description: description
elements: dict
suboptions:
entry-name:
description: Configure binding pair.
type: str
ip:
description: Source IP for this rule.
type: str
mac:
description: MAC address for this rule.
type: str
type: list
description:
description: Description.
type: str
port:
description: Ingress interface to which source guard is bound.
type: str
type: list
l3-discovered:
description: L3-Discovered.
type: int
mclag-igmp-snooping-aware:
choices:
- disable
- enable
description: Enable/disable MCLAG IGMP-snooping awareness.
type: str
name:
description: Managed-switch name.
type: str
override-snmp-community:
choices:
- disable
- enable
description: Enable/disable overriding the global SNMP communities.
type: str
override-snmp-sysinfo:
choices:
- disable
- enable
description: Enable/disable overriding the global SNMP system information.
type: str
override-snmp-trap-threshold:
choices:
- disable
- enable
description: Enable/disable overriding the global SNMP trap threshold values.
type: str
override-snmp-user:
choices:
- disable
- enable
description: Enable/disable overriding the global SNMP users.
type: str
poe-detection-type:
description: Poe-Detection-Type.
type: int
ports:
description: Ports.
elements: dict
suboptions:
access-mode:
choices:
- normal
- nac
- dynamic
- static
description: Access mode of the port.
type: str
acl-group:
description: description
type: str
aggregator-mode:
choices:
- bandwidth
- count
description: LACP member select mode.
type: str
allowed-vlans:
description: Configure switch port tagged vlans
type: str
allowed-vlans-all:
choices:
- disable
- enable
description: Enable/disable all defined vlans on this port.
type: str
arp-inspection-trust:
choices:
- untrusted
- trusted
description: Trusted or untrusted dynamic ARP inspection.
type: str
bundle:
choices:
- disable
- enable
description: Enable/disable Link Aggregation Group
type: str
description:
description: Description for port.
type: str
dhcp-snoop-option82-override:
description: description
elements: dict
suboptions:
circuit-id:
description: Circuit ID string.
type: str
remote-id:
description: Remote ID string.
type: str
vlan-name:
description: DHCP snooping option 82 VLAN.
type: str
type: list
dhcp-snoop-option82-trust:
choices:
- disable
- enable
description: Enable/disable allowance of DHCP with option-82 on untrusted
interface.
type: str
dhcp-snooping:
choices:
- trusted
- untrusted
description: Trusted or untrusted DHCP-snooping interface.
type: str
discard-mode:
choices:
- none
- all-untagged
- all-tagged
description: Configure discard mode for port.
type: str
dot1x-enable:
choices:
- disable
- enable
description: no description
type: str
dsl-profile:
description: DSL policy configuration.
type: str
edge-port:
choices:
- disable
- enable
description: Enable/disable this interface as an edge port, bridging connections
between workstations and/or computers.
type: str
export-to-pool-flag:
description: Switch controller export port to pool-list.
type: int
fec-capable:
description: FEC capable.
type: int
fec-state:
choices:
- disabled
- cl74
- cl91
description: State of forward error correction.
type: str
flap-duration:
description: Period over which flap events are calculated
type: int
flap-rate:
description: Number of stage change events needed within flap-duration.
type: int
flap-timeout:
description: Flap guard disabling protection
type: int
flapguard:
choices:
- disable
- enable
description: Enable/disable flap guard.
type: str
flow-control:
choices:
- disable
- tx
- rx
- both
description: Flow control direction.
type: str
fortiswitch-acls:
description: description
type: int
igmp-snooping:
choices:
- disable
- enable
description: Set IGMP snooping mode for the physical port interface.
type: str
igmp-snooping-flood-reports:
choices:
- disable
- enable
description: Enable/disable flooding of IGMP reports to this interface when
igmp-snooping enabled.
type: str
igmps-flood-reports:
choices:
- disable
- enable
description: Enable/disable flooding of IGMP reports to this interface when
igmp-snooping enabled.
type: str
igmps-flood-traffic:
choices:
- disable
- enable
description: Enable/disable flooding of IGMP snooping traffic to this interface.
type: str
interface-tags:
description: description
type: str
ip-source-guard:
choices:
- disable
- enable
description: Enable/disable IP source guard.
type: str
isl-peer-device-sn:
description: no description
type: str
lacp-speed:
choices:
- slow
- fast
description: end Link Aggregation Control Protocol
type: str
learning-limit:
description: Limit the number of dynamic MAC addresses on this Port
type: int
link-status:
choices:
- down
- up
description: no description
type: str
lldp-profile:
description: LLDP port TLV profile.
type: str
lldp-status:
choices:
- disable
- rx-only
- tx-only
- tx-rx
description: LLDP transmit and receive status.
type: str
loop-guard:
choices:
- disabled
- enabled
description: Enable/disable loop-guard on this interface, an STP optimization
used to prevent network loops.
type: str
loop-guard-timeout:
description: Loop-guard timeout
type: int
mac-addr:
description: Port/Trunk MAC.
type: str
matched-dpp-intf-tags:
description: Matched interface tags in the dynamic port policy.
type: str
matched-dpp-policy:
description: Matched child policy in the dynamic port policy.
type: str
max-bundle:
description: Maximum size of LAG bundle
type: int
max-miss-heartbeats:
description: Maximum tolerant missed heartbeats.
type: int
mcast-snooping-flood-traffic:
choices:
- disable
- enable
description: Enable/disable flooding of IGMP snooping traffic to this interface.
type: str
mclag:
choices:
- disable
- enable
description: Enable/disable multi-chassis link aggregation
type: str
mclag-icl-port:
description: Mclag-Icl-Port.
type: int
media-type:
description: Media-Type.
type: str
member-withdrawal-behavior:
choices:
- forward
- block
description: Port behavior after it withdraws because of loss of control packets.
type: str
members:
description: Aggregated LAG bundle interfaces.
type: str
min-bundle:
description: Minimum size of LAG bundle
type: int
mode:
choices:
- static
- lacp-passive
- lacp-active
description: LACP mode
type: str
p2p-port:
description: P2P-Port.
type: int
packet-sample-rate:
description: Packet sampling rate
type: int
packet-sampler:
choices:
- disabled
- enabled
description: Enable/disable packet sampling on this interface.
type: str
pause-meter:
description: Configure ingress pause metering rate, in kbps
type: int
pause-meter-resume:
choices:
- 25%
- 50%
- 75%
description: Resume threshold for resuming traffic on ingress port.
type: str
poe-max-power:
description: no description
type: str
poe-mode-bt-cabable:
description: PoE mode IEEE 802.
type: int
poe-port-mode:
choices:
- ieee802-3af
- ieee802-3at
- ieee802-3bt
description: Configure PoE port mode.
type: str
poe-port-power:
choices:
- normal
- perpetual
- perpetual-fast
description: Configure PoE port power.
type: str
poe-port-priority:
choices:
- critical-priority
- high-priority
- low-priority
- medium-priority
description: Configure PoE port priority.
type: str
poe-pre-standard-detection:
choices:
- disable
- enable
description: Enable/disable PoE pre-standard detection.
type: str
poe-standard:
description: no description
type: str
poe-status:
choices:
- disable
- enable
description: Enable/disable PoE status.
type: str
port-name:
description: Switch port name.
type: str
port-owner:
description: Switch port name.
type: str
port-policy:
description: Switch controller dynamic port policy from available options.
type: str
port-security-policy:
description: Switch controller authentication policy to apply to this managed
switch from available options.
type: str
port-selection-criteria:
choices:
- src-mac
- dst-mac
- src-dst-mac
- src-ip
- dst-ip
- src-dst-ip
description: Algorithm for aggregate port selection.
type: str
qos-policy:
description: Switch controller QoS policy from available options.
type: str
rpvst-port:
choices:
- disabled
- enabled
description: Enable/disable inter-operability with rapid PVST on this interface.
type: str
sample-direction:
choices:
- rx
- tx
- both
description: sFlow sample direction.
type: str
sflow-counter-interval:
description: sFlow sampler counter polling interval
type: int
sflow-sample-rate:
description: sFlow sampler sample rate
type: int
sflow-sampler:
choices:
- disabled
- enabled
description: Enable/disable sFlow protocol on this interface.
type: str
status:
choices:
- down
- up
description: Switch port admin status
type: str
sticky-mac:
choices:
- disable
- enable
description: Enable or disable sticky-mac on the interface.
type: str
storm-control-policy:
description: Switch controller storm control policy from available options.
type: str
stp-bpdu-guard:
choices:
- disabled
- enabled
description: Enable/disable STP BPDU guard on this interface.
type: str
stp-bpdu-guard-timeout:
description: BPDU Guard disabling protection
type: int
stp-root-guard:
choices:
- disabled
- enabled
description: Enable/disable STP root guard on this interface.
type: str
stp-state:
choices:
- disabled
- enabled
description: Enable/disable Spanning Tree Protocol
type: str
trunk-member:
description: Trunk member.
type: int
type:
choices:
- physical
- trunk
description: Interface type
type: str
untagged-vlans:
description: Configure switch port untagged vlans
type: str
vlan:
description: Assign switch ports to a VLAN.
type: str
type: list
qos-drop-policy:
choices:
- taildrop
- random-early-detection
description: Set QoS drop-policy.
type: str
qos-red-probability:
description: Set QoS RED/WRED drop probability.
type: int
remote-log:
description: description
elements: dict
suboptions:
csv:
choices:
- disable
- enable
description: Enable/disable comma-separated value
type: str
facility:
choices:
- kernel
- user
- mail
- daemon
- auth
- syslog
- lpr
- news
- uucp
- cron
- authpriv
- ftp
- ntp
- audit
- alert
- clock
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
description: Facility to log to remote syslog server.
type: str
name:
description: Remote log name.
type: str
port:
description: Remote syslog server listening port.
type: int
server:
description: IPv4 address of the remote syslog server.
type: str
severity:
choices:
- emergency
- alert
- critical
- error
- warning
- notification
- information
- debug
description: Severity of logs to be transferred to remote log server.
type: str
status:
choices:
- disable
- enable
description: Enable/disable logging by FortiSwitch device to a remote syslog
server.
type: str
type: list
snmp-community:
description: description
elements: dict
suboptions:
events:
choices:
- cpu-high
- mem-low
- log-full
- intf-ip
- ent-conf-change
description: description
elements: str
type: list
hosts:
description: description
elements: dict
suboptions:
id:
description: Host entry ID.
type: int
ip:
description: IPv4 address of the SNMP manager
type: str
type: list
id:
description: SNMP community ID.
type: int
name:
description: SNMP community name.
type: str
query-v1-port:
description: SNMP v1 query port
type: int
query-v1-status:
choices:
- disable
- enable
description: Enable/disable SNMP v1 queries.
type: str
query-v2c-port:
description: SNMP v2c query port
type: int
query-v2c-status:
choices:
- disable
- enable
description: Enable/disable SNMP v2c queries.
type: str
status:
choices:
- disable
- enable
description: Enable/disable this SNMP community.
type: str
trap-v1-lport:
description: SNMP v2c trap local port
type: int
trap-v1-rport:
description: SNMP v2c trap remote port
type: int
trap-v1-status:
choices:
- disable
- enable
description: Enable/disable SNMP v1 traps.
type: str
trap-v2c-lport:
description: SNMP v2c trap local port
type: int
trap-v2c-rport:
description: SNMP v2c trap remote port
type: int
trap-v2c-status:
choices:
- disable
- enable
description: Enable/disable SNMP v2c traps.
type: str
type: list
snmp-user:
description: description
elements: dict
suboptions:
auth-proto:
choices:
- md5
- sha
description: Authentication protocol.
type: str
auth-pwd:
description: description
type: str
name:
description: SNMP user name.
type: str
priv-proto:
choices:
- des
- aes
description: Privacy
type: str
priv-pwd:
description: description
type: str
queries:
choices:
- disable
- enable
description: Enable/disable SNMP queries for this user.
type: str
query-port:
description: SNMPv3 query port
type: int
security-level:
choices:
- no-auth-no-priv
- auth-no-priv
- auth-priv
description: Security level for message authentication and encryption.
type: str
type: list
switch-dhcp_opt43_key:
description: DHCP option43 key.
type: str
switch-id:
description: Managed-switch id.
type: str
tdr-supported:
description: Tdr-Supported.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list