drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_vap Configure Virtual Access Points | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_vap (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure Virtual Access Points fmgr_vap: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> vap: _centmgmt: <value in [disable, enable]> _dhcp_svr_id: <value of string> _intf_allowaccess: - https - ping - ssh - snmp - http - telnet - fgfm - auto-ipsec - radius-acct - probe-response - capwap - dnp - ftm - fabric - speed-test _intf_device-identification: <value in [disable, enable]> _intf_device-netscan: <value in [disable, enable]> _intf_dhcp-relay-ip: <value of string> _intf_dhcp-relay-service: <value in [disable, enable]> _intf_dhcp-relay-type: <value in [regular, ipsec]> _intf_dhcp6-relay-ip: <value of string> _intf_dhcp6-relay-service: <value in [disable, enable]> _intf_dhcp6-relay-type: <value in [regular]> _intf_ip: <value of string> _intf_ip6-address: <value of string> _intf_ip6-allowaccess: - https - ping - ssh - snmp - http - telnet - any - fgfm - capwap _intf_listen-forticlient-connection: <value in [disable, enable]> acct-interim-interval: <value of integer> alias: <value of string> auth: <value in [PSK, psk, RADIUS, ...]> broadcast-ssid: <value in [disable, enable]> broadcast-suppression: - dhcp - arp - dhcp2 - arp2 - netbios-ns - netbios-ds - arp3 - dhcp-up - dhcp-down - arp-known - arp-unknown - arp-reply - ipv6 - dhcp-starvation - arp-poison - all-other-mc - all-other-bc - arp-proxy - dhcp-ucast captive-portal-ac-name: <value of string> captive-portal-macauth-radius-secret: <value of string> captive-portal-macauth-radius-server: <value of string> captive-portal-radius-secret: <value of string> captive-portal-radius-server: <value of string> captive-portal-session-timeout-interval: <value of integer> dhcp-lease-time: <value of integer> dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]> dhcp-option82-insertion: <value in [disable, enable]> dhcp-option82-remote-id-insertion: <value in [disable, style-1]> dynamic-vlan: <value in [disable, enable]> dynamic_mapping: - _centmgmt: <value in [disable, enable]> _dhcp_svr_id: <value of string> _intf_allowaccess: - https - ping - ssh - snmp - http - telnet - fgfm - auto-ipsec - radius-acct - probe-response - capwap - dnp - ftm - fabric - speed-test _intf_device-identification: <value in [disable, enable]> _intf_device-netscan: <value in [disable, enable]> _intf_dhcp-relay-ip: <value of string> _intf_dhcp-relay-service: <value in [disable, enable]> _intf_dhcp-relay-type: <value in [regular, ipsec]> _intf_dhcp6-relay-ip: <value of string> _intf_dhcp6-relay-service: <value in [disable, enable]> _intf_dhcp6-relay-type: <value in [regular]> _intf_ip: <value of string> _intf_ip6-address: <value of string> _intf_ip6-allowaccess: - https - ping - ssh - snmp - http - telnet - any - fgfm - capwap _intf_listen-forticlient-connection: <value in [disable, enable]> _scope: - name: <value of string> vdom: <value of string> acct-interim-interval: <value of integer> address-group: <value of string> alias: <value of string> atf-weight: <value of integer> auth: <value in [PSK, psk, RADIUS, ...]> broadcast-ssid: <value in [disable, enable]> broadcast-suppression: - dhcp - arp - dhcp2 - arp2 - netbios-ns - netbios-ds - arp3 - dhcp-up - dhcp-down - arp-known - arp-unknown - arp-reply - ipv6 - dhcp-starvation - arp-poison - all-other-mc - all-other-bc - arp-proxy - dhcp-ucast captive-portal-ac-name: <value of string> captive-portal-macauth-radius-secret: <value of string> captive-portal-macauth-radius-server: <value of string> captive-portal-radius-secret: <value of string> captive-portal-radius-server: <value of string> captive-portal-session-timeout-interval: <value of integer> client-count: <value of integer> dhcp-lease-time: <value of integer> dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]> dhcp-option82-insertion: <value in [disable, enable]> dhcp-option82-remote-id-insertion: <value in [disable, style-1]> dynamic-vlan: <value in [disable, enable]> eap-reauth: <value in [disable, enable]> eap-reauth-intv: <value of integer> eapol-key-retries: <value in [disable, enable]> encrypt: <value in [TKIP, AES, TKIP-AES]> external-fast-roaming: <value in [disable, enable]> external-logout: <value of string> external-web: <value of string> fast-bss-transition: <value in [disable, enable]> fast-roaming: <value in [disable, enable]> ft-mobility-domain: <value of integer> ft-over-ds: <value in [disable, enable]> ft-r0-key-lifetime: <value of integer> gtk-rekey: <value in [disable, enable]> gtk-rekey-intv: <value of integer> hotspot20-profile: <value of string> intra-vap-privacy: <value in [disable, enable]> ip: <value of string> key: <value of string> keyindex: <value of integer> ldpc: <value in [disable, tx, rx, ...]> local-authentication: <value in [disable, enable]> local-bridging: <value in [disable, enable]> local-lan: <value in [deny, allow]> local-standalone: <value in [disable, enable]> local-standalone-nat: <value in [disable, enable]> local-switching: <value in [disable, enable]> mac-auth-bypass: <value in [disable, enable]> mac-filter: <value in [disable, enable]> mac-filter-policy-other: <value in [deny, allow]> max-clients: <value of integer> max-clients-ap: <value of integer> me-disable-thresh: <value of integer> mesh-backhaul: <value in [disable, enable]> mpsk: <value in [disable, enable]> mpsk-concurrent-clients: <value of integer> multicast-enhance: <value in [disable, enable]> multicast-rate: <value in [0, 6000, 12000, ...]> okc: <value in [disable, enable]> owe-groups: - 19 - 20 - 21 owe-transition: <value in [disable, enable]> owe-transition-ssid: <value of string> passphrase: <value of string> pmf: <value in [disable, enable, optional]> pmf-assoc-comeback-timeout: <value of integer> pmf-sa-query-retry-timeout: <value of integer> portal-message-override-group: <value of string> portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]> probe-resp-suppression: <value in [disable, enable]> probe-resp-threshold: <value of string> ptk-rekey: <value in [disable, enable]> ptk-rekey-intv: <value of integer> qos-profile: <value of string> quarantine: <value in [disable, enable]> radio-2g-threshold: <value of string> radio-5g-threshold: <value of string> radio-sensitivity: <value in [disable, enable]> radius-mac-auth: <value in [disable, enable]> radius-mac-auth-server: <value of string> radius-mac-auth-usergroups: <value of string> radius-server: <value of string> rates-11a: - 1 - 1-basic - 2 - 2-basic - 5.5 - 5.5-basic - 6 - 6-basic - 9 - 9-basic - 12 - 12-basic - 18 - 18-basic - 24 - 24-basic - 36 - 36-basic - 48 - 48-basic - 54 - 54-basic - 11 - 11-basic rates-11ac-ss12: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/1 - mcs11/1 - mcs10/2 - mcs11/2 rates-11ac-ss34: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/3 - mcs11/3 - mcs10/4 - mcs11/4 rates-11bg: - 1 - 1-basic - 2 - 2-basic - 5.5 - 5.5-basic - 6 - 6-basic - 9 - 9-basic - 12 - 12-basic - 18 - 18-basic - 24 - 24-basic - 36 - 36-basic - 48 - 48-basic - 54 - 54-basic - 11 - 11-basic rates-11n-ss12: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 - mcs12/2 - mcs13/2 - mcs14/2 - mcs15/2 rates-11n-ss34: - mcs16/3 - mcs17/3 - mcs18/3 - mcs19/3 - mcs20/3 - mcs21/3 - mcs22/3 - mcs23/3 - mcs24/4 - mcs25/4 - mcs26/4 - mcs27/4 - mcs28/4 - mcs29/4 - mcs30/4 - mcs31/4 sae-groups: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 - 27 - 28 - 29 - 30 - 31 sae-password: <value of string> schedule: <value of string> security: <value in [None, WEP64, wep64, ...]> security-exempt-list: <value of string> security-obsolete-option: <value in [disable, enable]> security-redirect-url: <value of string> selected-usergroups: <value of string> split-tunneling: <value in [disable, enable]> ssid: <value of string> tkip-counter-measure: <value in [disable, enable]> usergroup: <value of string> utm-profile: <value of string> vdom: <value of string> vlan-auto: <value in [disable, enable]> vlan-pooling: <value in [wtp-group, round-robin, hash, ...]> vlanid: <value of integer> voice-enterprise: <value in [disable, enable]> mu-mimo: <value in [disable, enable]> _intf_device-access-list: <value of string> external-web-format: <value in [auto-detect, no-query-string, partial-query-string]> high-efficiency: <value in [disable, enable]> primary-wag-profile: <value of string> secondary-wag-profile: <value of string> target-wake-time: <value in [disable, enable]> tunnel-echo-interval: <value of integer> tunnel-fallback-interval: <value of integer> access-control-list: <value of string> captive-portal-auth-timeout: <value of integer> ipv6-rules: - drop-icmp6ra - drop-icmp6rs - drop-llmnr6 - drop-icmp6mld2 - drop-dhcp6s - drop-dhcp6c - ndp-proxy - drop-ns-dad - drop-ns-nondad sticky-client-remove: <value in [disable, enable]> sticky-client-threshold-2g: <value of string> sticky-client-threshold-5g: <value of string> bss-color-partial: <value in [disable, enable]> dhcp-option43-insertion: <value in [disable, enable]> mpsk-profile: <value of string> igmp-snooping: <value in [disable, enable]> port-macauth: <value in [disable, radius, address-group]> port-macauth-reauth-timeout: <value of integer> port-macauth-timeout: <value of integer> additional-akms: - akm6 bstm-disassociation-imminent: <value in [disable, enable]> bstm-load-balancing-disassoc-timer: <value of integer> bstm-rssi-disassoc-timer: <value of integer> dhcp-address-enforcement: <value in [disable, enable]> gas-comeback-delay: <value of integer> gas-fragmentation-limit: <value of integer> mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mac-case: <value in [uppercase, lowercase]> mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mbo: <value in [disable, enable]> mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]> nac: <value in [disable, enable]> nac-profile: <value of string> neighbor-report-dual-band: <value in [disable, enable]> address-group-policy: <value in [disable, allow, deny]> antivirus-profile: <value of string> application-detection-engine: <value in [disable, enable]> application-list: <value of string> application-report-intv: <value of integer> auth-cert: <value of string> auth-portal-addr: <value of string> beacon-advertising: - name - model - serial-number ips-sensor: <value of string> l3-roaming: <value in [disable, enable]> local-standalone-dns: <value in [disable, enable]> local-standalone-dns-ip: <value of string> osen: <value in [disable, enable]> radius-mac-mpsk-auth: <value in [disable, enable]> radius-mac-mpsk-timeout: <value of integer> rates-11ax-ss12: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs10/1 - mcs11/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 rates-11ax-ss34: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs10/3 - mcs11/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/4 - mcs11/4 scan-botnet-connections: <value in [disable, block, monitor]> utm-log: <value in [disable, enable]> utm-status: <value in [disable, enable]> webfilter-profile: <value of string> sae-h2e-only: <value in [disable, enable]> sae-pk: <value in [disable, enable]> sae-private-key: <value of string> sticky-client-threshold-6g: <value of string> application-dscp-marking: <value in [disable, enable]> l3-roaming-mode: <value in [direct, indirect]> rates-11ac-mcs-map: <value of string> rates-11ax-mcs-map: <value of string> captive-portal-fw-accounting: <value in [disable, enable]> radius-mac-auth-block-interval: <value of integer> _is_factory_setting: <value in [disable, enable, ext]> eap-reauth: <value in [disable, enable]> eap-reauth-intv: <value of integer> eapol-key-retries: <value in [disable, enable]> encrypt: <value in [TKIP, AES, TKIP-AES]> external-fast-roaming: <value in [disable, enable]> external-logout: <value of string> external-web: <value of string> fast-bss-transition: <value in [disable, enable]> fast-roaming: <value in [disable, enable]> ft-mobility-domain: <value of integer> ft-over-ds: <value in [disable, enable]> ft-r0-key-lifetime: <value of integer> gtk-rekey: <value in [disable, enable]> gtk-rekey-intv: <value of integer> hotspot20-profile: <value of string> intra-vap-privacy: <value in [disable, enable]> ip: <value of string> key: <value of string> keyindex: <value of integer> ldpc: <value in [disable, tx, rx, ...]> local-authentication: <value in [disable, enable]> local-bridging: <value in [disable, enable]> local-lan: <value in [deny, allow]> local-standalone: <value in [disable, enable]> local-standalone-nat: <value in [disable, enable]> mac-auth-bypass: <value in [disable, enable]> mac-filter: <value in [disable, enable]> mac-filter-list: - id: <value of integer> mac: <value of string> mac-filter-policy: <value in [deny, allow]> mac-filter-policy-other: <value in [deny, allow]> max-clients: <value of integer> max-clients-ap: <value of integer> me-disable-thresh: <value of integer> mesh-backhaul: <value in [disable, enable]> mpsk: <value in [disable, enable]> mpsk-concurrent-clients: <value of integer> mpsk-key: - comment: <value of string> concurrent-clients: <value of string> key-name: <value of string> passphrase: <value of string> mpsk-schedules: <value of string> multicast-enhance: <value in [disable, enable]> multicast-rate: <value in [0, 6000, 12000, ...]> name: <value of string> okc: <value in [disable, enable]> passphrase: <value of string> pmf: <value in [disable, enable, optional]> pmf-assoc-comeback-timeout: <value of integer> pmf-sa-query-retry-timeout: <value of integer> portal-message-override-group: <value of string> portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]> probe-resp-suppression: <value in [disable, enable]> probe-resp-threshold: <value of string> ptk-rekey: <value in [disable, enable]> ptk-rekey-intv: <value of integer> qos-profile: <value of string> quarantine: <value in [disable, enable]> radio-2g-threshold: <value of string> radio-5g-threshold: <value of string> radio-sensitivity: <value in [disable, enable]> radius-mac-auth: <value in [disable, enable]> radius-mac-auth-server: <value of string> radius-mac-auth-usergroups: <value of string> radius-server: <value of string> rates-11a: - 1 - 1-basic - 2 - 2-basic - 5.5 - 5.5-basic - 6 - 6-basic - 9 - 9-basic - 12 - 12-basic - 18 - 18-basic - 24 - 24-basic - 36 - 36-basic - 48 - 48-basic - 54 - 54-basic - 11 - 11-basic rates-11ac-ss12: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/1 - mcs11/1 - mcs10/2 - mcs11/2 rates-11ac-ss34: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/3 - mcs11/3 - mcs10/4 - mcs11/4 rates-11bg: - 1 - 1-basic - 2 - 2-basic - 5.5 - 5.5-basic - 6 - 6-basic - 9 - 9-basic - 12 - 12-basic - 18 - 18-basic - 24 - 24-basic - 36 - 36-basic - 48 - 48-basic - 54 - 54-basic - 11 - 11-basic rates-11n-ss12: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 - mcs12/2 - mcs13/2 - mcs14/2 - mcs15/2 rates-11n-ss34: - mcs16/3 - mcs17/3 - mcs18/3 - mcs19/3 - mcs20/3 - mcs21/3 - mcs22/3 - mcs23/3 - mcs24/4 - mcs25/4 - mcs26/4 - mcs27/4 - mcs28/4 - mcs29/4 - mcs30/4 - mcs31/4 schedule: <value of string> security: <value in [None, WEP64, wep64, ...]> security-exempt-list: <value of string> security-obsolete-option: <value in [disable, enable]> security-redirect-url: <value of string> selected-usergroups: <value of string> split-tunneling: <value in [disable, enable]> ssid: <value of string> tkip-counter-measure: <value in [disable, enable]> usergroup: <value of string> utm-profile: <value of string> vdom: <value of string> vlan-auto: <value in [disable, enable]> vlan-pool: - _wtp-group: <value of string> id: <value of integer> wtp-group: <value of string> vlan-pooling: <value in [wtp-group, round-robin, hash, ...]> vlanid: <value of integer> voice-enterprise: <value in [disable, enable]> address-group: <value of string> atf-weight: <value of integer> mu-mimo: <value in [disable, enable]> owe-groups: - 19 - 20 - 21 owe-transition: <value in [disable, enable]> owe-transition-ssid: <value of string> sae-groups: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 - 27 - 28 - 29 - 30 - 31 sae-password: <value of string> _intf_device-access-list: <value of string> external-web-format: <value in [auto-detect, no-query-string, partial-query-string]> high-efficiency: <value in [disable, enable]> primary-wag-profile: <value of string> secondary-wag-profile: <value of string> target-wake-time: <value in [disable, enable]> tunnel-echo-interval: <value of integer> tunnel-fallback-interval: <value of integer> access-control-list: <value of string> captive-portal-auth-timeout: <value of integer> ipv6-rules: - drop-icmp6ra - drop-icmp6rs - drop-llmnr6 - drop-icmp6mld2 - drop-dhcp6s - drop-dhcp6c - ndp-proxy - drop-ns-dad - drop-ns-nondad sticky-client-remove: <value in [disable, enable]> sticky-client-threshold-2g: <value of string> sticky-client-threshold-5g: <value of string> bss-color-partial: <value in [disable, enable]> dhcp-option43-insertion: <value in [disable, enable]> mpsk-profile: <value of string> igmp-snooping: <value in [disable, enable]> port-macauth: <value in [disable, radius, address-group]> port-macauth-reauth-timeout: <value of integer> port-macauth-timeout: <value of integer> portal-message-overrides: auth-disclaimer-page: <value of string> auth-login-failed-page: <value of string> auth-login-page: <value of string> auth-reject-page: <value of string> additional-akms: - akm6 bstm-disassociation-imminent: <value in [disable, enable]> bstm-load-balancing-disassoc-timer: <value of integer> bstm-rssi-disassoc-timer: <value of integer> dhcp-address-enforcement: <value in [disable, enable]> gas-comeback-delay: <value of integer> gas-fragmentation-limit: <value of integer> mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mac-case: <value in [uppercase, lowercase]> mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]> mbo: <value in [disable, enable]> mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]> nac: <value in [disable, enable]> nac-profile: <value of string> neighbor-report-dual-band: <value in [disable, enable]> address-group-policy: <value in [disable, allow, deny]> antivirus-profile: <value of string> application-detection-engine: <value in [disable, enable]> application-list: <value of string> application-report-intv: <value of integer> auth-cert: <value of string> auth-portal-addr: <value of string> beacon-advertising: - name - model - serial-number ips-sensor: <value of string> l3-roaming: <value in [disable, enable]> local-standalone-dns: <value in [disable, enable]> local-standalone-dns-ip: <value of string> osen: <value in [disable, enable]> radius-mac-mpsk-auth: <value in [disable, enable]> radius-mac-mpsk-timeout: <value of integer> rates-11ax-ss12: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs10/1 - mcs11/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 rates-11ax-ss34: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs10/3 - mcs11/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/4 - mcs11/4 scan-botnet-connections: <value in [disable, block, monitor]> utm-log: <value in [disable, enable]> utm-status: <value in [disable, enable]> vlan-name: - name: <value of string> vlan-id: <value of integer> webfilter-profile: <value of string> sae-h2e-only: <value in [disable, enable]> sae-pk: <value in [disable, enable]> sae-private-key: <value of string> sticky-client-threshold-6g: <value of string> application-dscp-marking: <value in [disable, enable]> l3-roaming-mode: <value in [direct, indirect]> rates-11ac-mcs-map: <value of string> rates-11ax-mcs-map: <value of string> captive-portal-fw-accounting: <value in [disable, enable]> radius-mac-auth-block-interval: <value of integer> _is_factory_setting: <value in [disable, enable, ext]>
vap: description: the top level parameters set required: false suboptions: _centmgmt: choices: - disable - enable description: _Centmgmt. type: str _dhcp_svr_id: description: _Dhcp_Svr_Id. type: str _intf_allowaccess: choices: - https - ping - ssh - snmp - http - telnet - fgfm - auto-ipsec - radius-acct - probe-response - capwap - dnp - ftm - fabric - speed-test description: _Intf_Allowaccess. elements: str type: list _intf_device-access-list: description: _Intf_Device-Access-List. type: str _intf_device-identification: choices: - disable - enable description: _Intf_Device-Identification. type: str _intf_device-netscan: choices: - disable - enable description: _Intf_Device-Netscan. type: str _intf_dhcp-relay-ip: description: _Intf_Dhcp-Relay-Ip. type: str _intf_dhcp-relay-service: choices: - disable - enable description: _Intf_Dhcp-Relay-Service. type: str _intf_dhcp-relay-type: choices: - regular - ipsec description: _Intf_Dhcp-Relay-Type. type: str _intf_dhcp6-relay-ip: description: _Intf_Dhcp6-Relay-Ip. type: str _intf_dhcp6-relay-service: choices: - disable - enable description: _Intf_Dhcp6-Relay-Service. type: str _intf_dhcp6-relay-type: choices: - regular description: _Intf_Dhcp6-Relay-Type. type: str _intf_ip: description: _Intf_Ip. type: str _intf_ip6-address: description: _Intf_Ip6-Address. type: str _intf_ip6-allowaccess: choices: - https - ping - ssh - snmp - http - telnet - any - fgfm - capwap description: _Intf_Ip6-Allowaccess. elements: str type: list _intf_listen-forticlient-connection: choices: - disable - enable description: _Intf_Listen-Forticlient-Connection. type: str _is_factory_setting: choices: - disable - enable - ext description: no description type: str access-control-list: description: access-control-list profile name. type: str acct-interim-interval: description: WiFi RADIUS accounting interim interval type: int additional-akms: choices: - akm6 description: Additional AKMs. elements: str type: list address-group: description: Address group ID. type: str address-group-policy: choices: - disable - allow - deny description: Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str alias: description: Alias. type: str antivirus-profile: description: AntiVirus profile name. type: str application-detection-engine: choices: - disable - enable description: Enable/disable application detection engine type: str application-dscp-marking: choices: - disable - enable description: Enable/disable application attribute based DSCP marking type: str application-list: description: Application control list name. type: str application-report-intv: description: Application report interval type: int atf-weight: description: Airtime weight in percentage type: int auth: choices: - PSK - psk - RADIUS - radius - usergroup description: Authentication protocol. type: str auth-cert: description: HTTPS server certificate. type: str auth-portal-addr: description: Address of captive portal. type: str beacon-advertising: choices: - name - model - serial-number description: description elements: str type: list broadcast-ssid: choices: - disable - enable description: Enable/disable broadcasting the SSID type: str broadcast-suppression: choices: - dhcp - arp - dhcp2 - arp2 - netbios-ns - netbios-ds - arp3 - dhcp-up - dhcp-down - arp-known - arp-unknown - arp-reply - ipv6 - dhcp-starvation - arp-poison - all-other-mc - all-other-bc - arp-proxy - dhcp-ucast description: Optional suppression of broadcast messages. elements: str type: list bss-color-partial: choices: - disable - enable description: Enable/disable 802. type: str bstm-disassociation-imminent: choices: - disable - enable description: Enable/disable forcing of disassociation after the BSTM request timer has been reached type: str bstm-load-balancing-disassoc-timer: description: Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing type: int bstm-rssi-disassoc-timer: description: Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI type: int captive-portal-ac-name: description: Local-bridging captive portal ac-name. type: str captive-portal-auth-timeout: description: Hard timeout - AP will always clear the session after timeout regardless of traffic type: int captive-portal-fw-accounting: choices: - disable - enable description: Enable/disable RADIUS accounting for captive portal firewall authentication session. type: str captive-portal-macauth-radius-secret: description: Secret key to access the macauth RADIUS server. type: str captive-portal-macauth-radius-server: description: Captive portal external RADIUS server domain name or IP address. type: str captive-portal-radius-secret: description: Secret key to access the RADIUS server. type: str captive-portal-radius-server: description: Captive portal RADIUS server domain name or IP address. type: str captive-portal-session-timeout-interval: description: Session timeout interval type: int dhcp-address-enforcement: choices: - disable - enable description: Enable/disable DHCP address enforcement type: str dhcp-lease-time: description: DHCP lease time in seconds for NAT IP address. type: int dhcp-option43-insertion: choices: - disable - enable description: Enable/disable insertion of DHCP option 43 type: str dhcp-option82-circuit-id-insertion: choices: - disable - style-1 - style-2 - style-3 description: Enable/disable DHCP option 82 circuit-id insert type: str dhcp-option82-insertion: choices: - disable - enable description: Enable/disable DHCP option 82 insert type: str dhcp-option82-remote-id-insertion: choices: - disable - style-1 description: Enable/disable DHCP option 82 remote-id insert type: str dynamic-vlan: choices: - disable - enable description: Enable/disable dynamic VLAN assignment. type: str dynamic_mapping: description: Dynamic_Mapping. elements: dict suboptions: _centmgmt: choices: - disable - enable description: _Centmgmt. type: str _dhcp_svr_id: description: _Dhcp_Svr_Id. type: str _intf_allowaccess: choices: - https - ping - ssh - snmp - http - telnet - fgfm - auto-ipsec - radius-acct - probe-response - capwap - dnp - ftm - fabric - speed-test description: _Intf_Allowaccess. elements: str type: list _intf_device-access-list: description: _Intf_Device-Access-List. type: str _intf_device-identification: choices: - disable - enable description: _Intf_Device-Identification. type: str _intf_device-netscan: choices: - disable - enable description: _Intf_Device-Netscan. type: str _intf_dhcp-relay-ip: description: _Intf_Dhcp-Relay-Ip. type: str _intf_dhcp-relay-service: choices: - disable - enable description: _Intf_Dhcp-Relay-Service. type: str _intf_dhcp-relay-type: choices: - regular - ipsec description: _Intf_Dhcp-Relay-Type. type: str _intf_dhcp6-relay-ip: description: _Intf_Dhcp6-Relay-Ip. type: str _intf_dhcp6-relay-service: choices: - disable - enable description: _Intf_Dhcp6-Relay-Service. type: str _intf_dhcp6-relay-type: choices: - regular description: _Intf_Dhcp6-Relay-Type. type: str _intf_ip: description: _Intf_Ip. type: str _intf_ip6-address: description: _Intf_Ip6-Address. type: str _intf_ip6-allowaccess: choices: - https - ping - ssh - snmp - http - telnet - any - fgfm - capwap description: _Intf_Ip6-Allowaccess. elements: str type: list _intf_listen-forticlient-connection: choices: - disable - enable description: _Intf_Listen-Forticlient-Connection. type: str _is_factory_setting: choices: - disable - enable - ext description: no description type: str _scope: description: _Scope. elements: dict suboptions: name: description: Name. type: str vdom: description: Vdom. type: str type: list access-control-list: description: Access-Control-List. type: str acct-interim-interval: description: WiFi RADIUS accounting interim interval type: int additional-akms: choices: - akm6 description: Additional-Akms. elements: str type: list address-group: description: Address group ID. type: str address-group-policy: choices: - disable - allow - deny description: Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str alias: description: Alias. type: str antivirus-profile: description: AntiVirus profile name. type: str application-detection-engine: choices: - disable - enable description: Enable/disable application detection engine type: str application-dscp-marking: choices: - disable - enable description: Enable/disable application attribute based DSCP marking type: str application-list: description: Application control list name. type: str application-report-intv: description: Application report interval type: int atf-weight: description: Airtime weight in percentage type: int auth: choices: - PSK - psk - RADIUS - radius - usergroup description: Authentication protocol. type: str auth-cert: description: HTTPS server certificate. type: str auth-portal-addr: description: Address of captive portal. type: str beacon-advertising: choices: - name - model - serial-number description: description elements: str type: list broadcast-ssid: choices: - disable - enable description: Enable/disable broadcasting the SSID type: str broadcast-suppression: choices: - dhcp - arp - dhcp2 - arp2 - netbios-ns - netbios-ds - arp3 - dhcp-up - dhcp-down - arp-known - arp-unknown - arp-reply - ipv6 - dhcp-starvation - arp-poison - all-other-mc - all-other-bc - arp-proxy - dhcp-ucast description: Optional suppression of broadcast messages. elements: str type: list bss-color-partial: choices: - disable - enable description: Bss-Color-Partial. type: str bstm-disassociation-imminent: choices: - disable - enable description: Enable/disable forcing of disassociation after the BSTM request timer has been reached type: str bstm-load-balancing-disassoc-timer: description: Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing type: int bstm-rssi-disassoc-timer: description: Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI type: int captive-portal-ac-name: description: Local-bridging captive portal ac-name. type: str captive-portal-auth-timeout: description: Captive-Portal-Auth-Timeout. type: int captive-portal-fw-accounting: choices: - disable - enable description: Enable/disable RADIUS accounting for captive portal firewall authentication session. type: str captive-portal-macauth-radius-secret: description: Secret key to access the macauth RADIUS server. type: str captive-portal-macauth-radius-server: description: Captive portal external RADIUS server domain name or IP address. type: str captive-portal-radius-secret: description: Secret key to access the RADIUS server. type: str captive-portal-radius-server: description: Captive portal RADIUS server domain name or IP address. type: str captive-portal-session-timeout-interval: description: Session timeout interval type: int client-count: description: Client-Count. type: int dhcp-address-enforcement: choices: - disable - enable description: Enable/disable DHCP address enforcement type: str dhcp-lease-time: description: DHCP lease time in seconds for NAT IP address. type: int dhcp-option43-insertion: choices: - disable - enable description: Dhcp-Option43-Insertion. type: str dhcp-option82-circuit-id-insertion: choices: - disable - style-1 - style-2 - style-3 description: Enable/disable DHCP option 82 circuit-id insert type: str dhcp-option82-insertion: choices: - disable - enable description: Enable/disable DHCP option 82 insert type: str dhcp-option82-remote-id-insertion: choices: - disable - style-1 description: Enable/disable DHCP option 82 remote-id insert type: str dynamic-vlan: choices: - disable - enable description: Enable/disable dynamic VLAN assignment. type: str eap-reauth: choices: - disable - enable description: Enable/disable EAP re-authentication for WPA-Enterprise security. type: str eap-reauth-intv: description: EAP re-authentication interval type: int eapol-key-retries: choices: - disable - enable description: Enable/disable retransmission of EAPOL-Key frames type: str encrypt: choices: - TKIP - AES - TKIP-AES description: Encryption protocol to use type: str external-fast-roaming: choices: - disable - enable description: Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate type: str external-logout: description: URL of external authentication logout server. type: str external-web: description: URL of external authentication web server. type: str external-web-format: choices: - auto-detect - no-query-string - partial-query-string description: URL query parameter detection type: str fast-bss-transition: choices: - disable - enable description: Enable/disable 802. type: str fast-roaming: choices: - disable - enable description: Enable/disable fast-roaming, or pre-authentication, where supported by clients type: str ft-mobility-domain: description: Mobility domain identifier in FT type: int ft-over-ds: choices: - disable - enable description: Enable/disable FT over the Distribution System type: str ft-r0-key-lifetime: description: Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int gas-comeback-delay: description: GAS comeback delay type: int gas-fragmentation-limit: description: GAS fragmentation limit type: int gtk-rekey: choices: - disable - enable description: Enable/disable GTK rekey for WPA security. type: str gtk-rekey-intv: description: GTK rekey interval type: int high-efficiency: choices: - disable - enable description: Enable/disable 802. type: str hotspot20-profile: description: Hotspot 2. type: str igmp-snooping: choices: - disable - enable description: Enable/disable IGMP snooping. type: str intra-vap-privacy: choices: - disable - enable description: Enable/disable blocking communication between clients on the same SSID type: str ip: description: IP address and subnet mask for the local standalone NAT subnet. type: str ips-sensor: description: IPS sensor name. type: str ipv6-rules: choices: - drop-icmp6ra - drop-icmp6rs - drop-llmnr6 - drop-icmp6mld2 - drop-dhcp6s - drop-dhcp6c - ndp-proxy - drop-ns-dad - drop-ns-nondad description: Ipv6-Rules. elements: str type: list key: description: WEP Key. type: str keyindex: description: WEP key index type: int l3-roaming: choices: - disable - enable description: Enable/disable layer 3 roaming type: str l3-roaming-mode: choices: - direct - indirect description: Select the way that layer 3 roaming traffic is passed type: str ldpc: choices: - disable - tx - rx - rxtx description: VAP low-density parity-check type: str local-authentication: choices: - disable - enable description: Enable/disable AP local authentication. type: str local-bridging: choices: - disable - enable description: Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP type: str local-lan: choices: - deny - allow description: Allow/deny traffic destined for a Class A, B, or C private IP address type: str local-standalone: choices: - disable - enable description: Enable/disable AP local standalone type: str local-standalone-dns: choices: - disable - enable description: Enable/disable AP local standalone DNS. type: str local-standalone-dns-ip: description: description type: str local-standalone-nat: choices: - disable - enable description: Enable/disable AP local standalone NAT mode. type: str local-switching: choices: - disable - enable description: Local-Switching. type: str mac-auth-bypass: choices: - disable - enable description: Enable/disable MAC authentication bypass. type: str mac-called-station-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC called station delimiter type: str mac-calling-station-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC calling station delimiter type: str mac-case: choices: - uppercase - lowercase description: MAC case type: str mac-filter: choices: - disable - enable description: Enable/disable MAC filtering to block wireless clients by mac address. type: str mac-filter-policy-other: choices: - deny - allow description: Allow or block clients with MAC addresses that are not in the filter list. type: str mac-password-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC authentication password delimiter type: str mac-username-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC authentication username delimiter type: str max-clients: description: Maximum number of clients that can connect simultaneously to the VAP type: int max-clients-ap: description: Maximum number of clients that can connect simultaneously to the VAP per AP radio type: int mbo: choices: - disable - enable description: Enable/disable Multiband Operation type: str mbo-cell-data-conn-pref: choices: - excluded - prefer-not - prefer-use description: MBO cell data connection preference type: str me-disable-thresh: description: Disable multicast enhancement when this many clients are receiving multicast traffic. type: int mesh-backhaul: choices: - disable - enable description: Enable/disable using this VAP as a WiFi mesh backhaul type: str mpsk: choices: - disable - enable description: Enable/disable multiple PSK authentication. type: str mpsk-concurrent-clients: description: Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication type: int mpsk-profile: description: Mpsk-Profile. type: str mu-mimo: choices: - disable - enable description: Enable/disable Multi-user MIMO type: str multicast-enhance: choices: - disable - enable description: Enable/disable converting multicast to unicast to improve performance type: str multicast-rate: choices: - '0' - '6000' - '12000' - '24000' description: Multicast rate type: str nac: choices: - disable - enable description: Enable/disable network access control. type: str nac-profile: description: NAC profile name. type: str neighbor-report-dual-band: choices: - disable - enable description: Enable/disable dual-band neighbor report type: str okc: choices: - disable - enable description: Enable/disable Opportunistic Key Caching type: str osen: choices: - disable - enable description: Enable/disable OSEN as part of key management type: str owe-groups: choices: - '19' - '20' - '21' description: OWE-Groups. elements: str type: list owe-transition: choices: - disable - enable description: Enable/disable OWE transition mode support. type: str owe-transition-ssid: description: OWE transition mode peer SSID. type: str passphrase: description: WPA pre-shared key type: str pmf: choices: - disable - enable - optional description: Protected Management Frames type: str pmf-assoc-comeback-timeout: description: Protected Management Frames type: int pmf-sa-query-retry-timeout: description: Protected Management Frames type: int port-macauth: choices: - disable - radius - address-group description: Enable/disable LAN port MAC authentication type: str port-macauth-reauth-timeout: description: LAN port MAC authentication re-authentication timeout value type: int port-macauth-timeout: description: LAN port MAC authentication idle timeout value type: int portal-message-override-group: description: Replacement message group for this VAP type: str portal-type: choices: - auth - auth+disclaimer - disclaimer - email-collect - cmcc - cmcc-macauth - auth-mac - external-auth - external-macauth description: Captive portal functionality. type: str primary-wag-profile: description: Primary wireless access gateway profile name. type: str probe-resp-suppression: choices: - disable - enable description: Enable/disable probe response suppression type: str probe-resp-threshold: description: Minimum signal level/threshold in dBm required for the AP response to probe requests type: str ptk-rekey: choices: - disable - enable description: Enable/disable PTK rekey for WPA-Enterprise security. type: str ptk-rekey-intv: description: PTK rekey interval type: int qos-profile: description: Quality of service profile name. type: str quarantine: choices: - disable - enable description: Enable/disable station quarantine type: str radio-2g-threshold: description: Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. type: str radio-5g-threshold: description: Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band type: str radio-sensitivity: choices: - disable - enable description: Enable/disable software radio sensitivity type: str radius-mac-auth: choices: - disable - enable description: Enable/disable RADIUS-based MAC authentication of clients type: str radius-mac-auth-block-interval: description: Dont send RADIUS MAC auth request again if the client has been rejected within specific interval type: int radius-mac-auth-server: description: RADIUS-based MAC authentication server. type: str radius-mac-auth-usergroups: description: Selective user groups that are permitted for RADIUS mac authentication. type: str radius-mac-mpsk-auth: choices: - disable - enable description: Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication type: str radius-mac-mpsk-timeout: description: RADIUS MAC MPSK cache timeout interval type: int radius-server: description: RADIUS server to be used to authenticate WiFi users. type: str rates-11a: choices: - '1' - 1-basic - '2' - 2-basic - '5.5' - 5.5-basic - '6' - 6-basic - '9' - 9-basic - '12' - 12-basic - '18' - 18-basic - '24' - 24-basic - '36' - 36-basic - '48' - 48-basic - '54' - 54-basic - '11' - 11-basic description: Allowed data rates for 802. elements: str type: list rates-11ac-mcs-map: description: Comma separated list of max supported VHT MCS for spatial streams 1 through 8. type: str rates-11ac-ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/1 - mcs11/1 - mcs10/2 - mcs11/2 description: Allowed data rates for 802. elements: str type: list rates-11ac-ss34: choices: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/3 - mcs11/3 - mcs10/4 - mcs11/4 description: Allowed data rates for 802. elements: str type: list rates-11ax-mcs-map: description: Comma separated list of max supported HE MCS for spatial streams 1 through 8. type: str rates-11ax-ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs10/1 - mcs11/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 description: description elements: str type: list rates-11ax-ss34: choices: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs10/3 - mcs11/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/4 - mcs11/4 description: description elements: str type: list rates-11bg: choices: - '1' - 1-basic - '2' - 2-basic - '5.5' - 5.5-basic - '6' - 6-basic - '9' - 9-basic - '12' - 12-basic - '18' - 18-basic - '24' - 24-basic - '36' - 36-basic - '48' - 48-basic - '54' - 54-basic - '11' - 11-basic description: Allowed data rates for 802. elements: str type: list rates-11n-ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 - mcs12/2 - mcs13/2 - mcs14/2 - mcs15/2 description: Allowed data rates for 802. elements: str type: list rates-11n-ss34: choices: - mcs16/3 - mcs17/3 - mcs18/3 - mcs19/3 - mcs20/3 - mcs21/3 - mcs22/3 - mcs23/3 - mcs24/4 - mcs25/4 - mcs26/4 - mcs27/4 - mcs28/4 - mcs29/4 - mcs30/4 - mcs31/4 description: Allowed data rates for 802. elements: str type: list sae-groups: choices: - '1' - '2' - '5' - '14' - '15' - '16' - '17' - '18' - '19' - '20' - '21' - '27' - '28' - '29' - '30' - '31' description: SAE-Groups. elements: str type: list sae-h2e-only: choices: - disable - enable description: Use hash-to-element-only mechanism for PWE derivation type: str sae-password: description: WPA3 SAE password to be used to authenticate WiFi users. type: str sae-pk: choices: - disable - enable description: Enable/disable WPA3 SAE-PK type: str sae-private-key: description: Private key used for WPA3 SAE-PK authentication. type: str scan-botnet-connections: choices: - disable - block - monitor description: Block or monitor connections to Botnet servers or disable Botnet scanning. type: str schedule: description: Firewall schedules for enabling this VAP on the FortiAP. type: str secondary-wag-profile: description: Secondary wireless access gateway profile name. type: str security: choices: - None - WEP64 - wep64 - WEP128 - wep128 - WPA_PSK - WPA_RADIUS - WPA - WPA2 - WPA2_AUTO - open - wpa-personal - wpa-enterprise - captive-portal - wpa-only-personal - wpa-only-enterprise - wpa2-only-personal - wpa2-only-enterprise - wpa-personal+captive-portal - wpa-only-personal+captive-portal - wpa2-only-personal+captive-portal - osen - wpa3-enterprise - sae - sae-transition - owe - wpa3-sae - wpa3-sae-transition - wpa3-only-enterprise - wpa3-enterprise-transition description: Security mode for the wireless interface type: str security-exempt-list: description: Optional security exempt list for captive portal authentication. type: str security-obsolete-option: choices: - disable - enable description: Enable/disable obsolete security options. type: str security-redirect-url: description: Optional URL for redirecting users after they pass captive portal authentication. type: str selected-usergroups: description: Selective user groups that are permitted to authenticate. type: str split-tunneling: choices: - disable - enable description: Enable/disable split tunneling type: str ssid: description: IEEE 802. type: str sticky-client-remove: choices: - disable - enable description: Sticky-Client-Remove. type: str sticky-client-threshold-2g: description: Sticky-Client-Threshold-2G. type: str sticky-client-threshold-5g: description: Sticky-Client-Threshold-5G. type: str sticky-client-threshold-6g: description: Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP type: str target-wake-time: choices: - disable - enable description: Enable/disable 802. type: str tkip-counter-measure: choices: - disable - enable description: Enable/disable TKIP counter measure. type: str tunnel-echo-interval: description: The time interval to send echo to both primary and secondary tunnel peers type: int tunnel-fallback-interval: description: The time interval for secondary tunnel to fall back to primary tunnel type: int usergroup: description: Firewall user group to be used to authenticate WiFi users. type: str utm-log: choices: - disable - enable description: Enable/disable UTM logging. type: str utm-profile: description: UTM profile name. type: str utm-status: choices: - disable - enable description: Enable to add one or more security profiles type: str vdom: description: Vdom. type: str vlan-auto: choices: - disable - enable description: Enable/disable automatic management of SSID VLAN interface. type: str vlan-pooling: choices: - wtp-group - round-robin - hash - disable description: Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools type: str vlanid: description: Optional VLAN ID. type: int voice-enterprise: choices: - disable - enable description: Enable/disable 802. type: str webfilter-profile: description: WebFilter profile name. type: str type: list eap-reauth: choices: - disable - enable description: Enable/disable EAP re-authentication for WPA-Enterprise security. type: str eap-reauth-intv: description: EAP re-authentication interval type: int eapol-key-retries: choices: - disable - enable description: Enable/disable retransmission of EAPOL-Key frames type: str encrypt: choices: - TKIP - AES - TKIP-AES description: Encryption protocol to use type: str external-fast-roaming: choices: - disable - enable description: Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate type: str external-logout: description: URL of external authentication logout server. type: str external-web: description: URL of external authentication web server. type: str external-web-format: choices: - auto-detect - no-query-string - partial-query-string description: URL query parameter detection type: str fast-bss-transition: choices: - disable - enable description: Enable/disable 802. type: str fast-roaming: choices: - disable - enable description: Enable/disable fast-roaming, or pre-authentication, where supported by clients type: str ft-mobility-domain: description: Mobility domain identifier in FT type: int ft-over-ds: choices: - disable - enable description: Enable/disable FT over the Distribution System type: str ft-r0-key-lifetime: description: Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int gas-comeback-delay: description: GAS comeback delay type: int gas-fragmentation-limit: description: GAS fragmentation limit type: int gtk-rekey: choices: - disable - enable description: Enable/disable GTK rekey for WPA security. type: str gtk-rekey-intv: description: GTK rekey interval type: int high-efficiency: choices: - disable - enable description: Enable/disable 802. type: str hotspot20-profile: description: Hotspot 2. type: str igmp-snooping: choices: - disable - enable description: Enable/disable IGMP snooping. type: str intra-vap-privacy: choices: - disable - enable description: Enable/disable blocking communication between clients on the same SSID type: str ip: description: IP address and subnet mask for the local standalone NAT subnet. type: str ips-sensor: description: IPS sensor name. type: str ipv6-rules: choices: - drop-icmp6ra - drop-icmp6rs - drop-llmnr6 - drop-icmp6mld2 - drop-dhcp6s - drop-dhcp6c - ndp-proxy - drop-ns-dad - drop-ns-nondad description: Optional rules of IPv6 packets. elements: str type: list key: description: WEP Key. type: str keyindex: description: WEP key index type: int l3-roaming: choices: - disable - enable description: Enable/disable layer 3 roaming type: str l3-roaming-mode: choices: - direct - indirect description: Select the way that layer 3 roaming traffic is passed type: str ldpc: choices: - disable - tx - rx - rxtx description: VAP low-density parity-check type: str local-authentication: choices: - disable - enable description: Enable/disable AP local authentication. type: str local-bridging: choices: - disable - enable description: Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP type: str local-lan: choices: - deny - allow description: Allow/deny traffic destined for a Class A, B, or C private IP address type: str local-standalone: choices: - disable - enable description: Enable/disable AP local standalone type: str local-standalone-dns: choices: - disable - enable description: Enable/disable AP local standalone DNS. type: str local-standalone-dns-ip: description: description type: str local-standalone-nat: choices: - disable - enable description: Enable/disable AP local standalone NAT mode. type: str mac-auth-bypass: choices: - disable - enable description: Enable/disable MAC authentication bypass. type: str mac-called-station-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC called station delimiter type: str mac-calling-station-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC calling station delimiter type: str mac-case: choices: - uppercase - lowercase description: MAC case type: str mac-filter: choices: - disable - enable description: Enable/disable MAC filtering to block wireless clients by mac address. type: str mac-filter-list: description: Mac-Filter-List. elements: dict suboptions: id: description: ID. type: int mac: description: MAC address. type: str mac-filter-policy: choices: - deny - allow description: Deny or allow the client with this MAC address. type: str type: list mac-filter-policy-other: choices: - deny - allow description: Allow or block clients with MAC addresses that are not in the filter list. type: str mac-password-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC authentication password delimiter type: str mac-username-delimiter: choices: - hyphen - single-hyphen - colon - none description: MAC authentication username delimiter type: str max-clients: description: Maximum number of clients that can connect simultaneously to the VAP type: int max-clients-ap: description: Maximum number of clients that can connect simultaneously to each radio type: int mbo: choices: - disable - enable description: Enable/disable Multiband Operation type: str mbo-cell-data-conn-pref: choices: - excluded - prefer-not - prefer-use description: MBO cell data connection preference type: str me-disable-thresh: description: Disable multicast enhancement when this many clients are receiving multicast traffic. type: int mesh-backhaul: choices: - disable - enable description: Enable/disable using this VAP as a WiFi mesh backhaul type: str mpsk: choices: - disable - enable description: Enable/disable multiple pre-shared keys type: str mpsk-concurrent-clients: description: Number of pre-shared keys type: int mpsk-key: description: Mpsk-Key. elements: dict suboptions: comment: description: Comment. type: str concurrent-clients: description: Number of clients that can connect using this pre-shared key. type: str key-name: description: Pre-shared key name. type: str mpsk-schedules: description: Firewall schedule for MPSK passphrase. type: str passphrase: description: WPA Pre-shared key. type: str type: list mpsk-profile: description: MPSK profile name. type: str mu-mimo: choices: - disable - enable description: Enable/disable Multi-user MIMO type: str multicast-enhance: choices: - disable - enable description: Enable/disable converting multicast to unicast to improve performance type: str multicast-rate: choices: - '0' - '6000' - '12000' - '24000' description: Multicast rate type: str nac: choices: - disable - enable description: Enable/disable network access control. type: str nac-profile: description: NAC profile name. type: str name: description: Virtual AP name. type: str neighbor-report-dual-band: choices: - disable - enable description: Enable/disable dual-band neighbor report type: str okc: choices: - disable - enable description: Enable/disable Opportunistic Key Caching type: str osen: choices: - disable - enable description: Enable/disable OSEN as part of key management type: str owe-groups: choices: - '19' - '20' - '21' description: OWE-Groups. elements: str type: list owe-transition: choices: - disable - enable description: Enable/disable OWE transition mode support. type: str owe-transition-ssid: description: OWE transition mode peer SSID. type: str passphrase: description: WPA pre-shared key type: str pmf: choices: - disable - enable - optional description: Protected Management Frames type: str pmf-assoc-comeback-timeout: description: Protected Management Frames type: int pmf-sa-query-retry-timeout: description: Protected Management Frames type: int port-macauth: choices: - disable - radius - address-group description: Enable/disable LAN port MAC authentication type: str port-macauth-reauth-timeout: description: LAN port MAC authentication re-authentication timeout value type: int port-macauth-timeout: description: LAN port MAC authentication idle timeout value type: int portal-message-override-group: description: Replacement message group for this VAP type: str portal-message-overrides: description: no description required: false suboptions: auth-disclaimer-page: description: Override auth-disclaimer-page message with message from portal-message-overrides group. type: str auth-login-failed-page: description: Override auth-login-failed-page message with message from portal-message-overrides group. type: str auth-login-page: description: Override auth-login-page message with message from portal-message-overrides group. type: str auth-reject-page: description: Override auth-reject-page message with message from portal-message-overrides group. type: str type: dict portal-type: choices: - auth - auth+disclaimer - disclaimer - email-collect - cmcc - cmcc-macauth - auth-mac - external-auth - external-macauth description: Captive portal functionality. type: str primary-wag-profile: description: Primary wireless access gateway profile name. type: str probe-resp-suppression: choices: - disable - enable description: Enable/disable probe response suppression type: str probe-resp-threshold: description: Minimum signal level/threshold in dBm required for the AP response to probe requests type: str ptk-rekey: choices: - disable - enable description: Enable/disable PTK rekey for WPA-Enterprise security. type: str ptk-rekey-intv: description: PTK rekey interval type: int qos-profile: description: Quality of service profile name. type: str quarantine: choices: - disable - enable description: Enable/disable station quarantine type: str radio-2g-threshold: description: Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. type: str radio-5g-threshold: description: Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band type: str radio-sensitivity: choices: - disable - enable description: Enable/disable software radio sensitivity type: str radius-mac-auth: choices: - disable - enable description: Enable/disable RADIUS-based MAC authentication of clients type: str radius-mac-auth-block-interval: description: Dont send RADIUS MAC auth request again if the client has been rejected within specific interval type: int radius-mac-auth-server: description: RADIUS-based MAC authentication server. type: str radius-mac-auth-usergroups: description: Selective user groups that are permitted for RADIUS mac authentication. type: str radius-mac-mpsk-auth: choices: - disable - enable description: Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication type: str radius-mac-mpsk-timeout: description: RADIUS MAC MPSK cache timeout interval type: int radius-server: description: RADIUS server to be used to authenticate WiFi users. type: str rates-11a: choices: - '1' - 1-basic - '2' - 2-basic - '5.5' - 5.5-basic - '6' - 6-basic - '9' - 9-basic - '12' - 12-basic - '18' - 18-basic - '24' - 24-basic - '36' - 36-basic - '48' - 48-basic - '54' - 54-basic - '11' - 11-basic description: Allowed data rates for 802. elements: str type: list rates-11ac-mcs-map: description: Comma separated list of max supported VHT MCS for spatial streams 1 through 8. type: str rates-11ac-ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/1 - mcs11/1 - mcs10/2 - mcs11/2 description: Allowed data rates for 802. elements: str type: list rates-11ac-ss34: choices: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/3 - mcs11/3 - mcs10/4 - mcs11/4 description: Allowed data rates for 802. elements: str type: list rates-11ax-mcs-map: description: Comma separated list of max supported HE MCS for spatial streams 1 through 8. type: str rates-11ax-ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs10/1 - mcs11/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 description: description elements: str type: list rates-11ax-ss34: choices: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs10/3 - mcs11/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/4 - mcs11/4 description: description elements: str type: list rates-11bg: choices: - '1' - 1-basic - '2' - 2-basic - '5.5' - 5.5-basic - '6' - 6-basic - '9' - 9-basic - '12' - 12-basic - '18' - 18-basic - '24' - 24-basic - '36' - 36-basic - '48' - 48-basic - '54' - 54-basic - '11' - 11-basic description: Allowed data rates for 802. elements: str type: list rates-11n-ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 - mcs12/2 - mcs13/2 - mcs14/2 - mcs15/2 description: Allowed data rates for 802. elements: str type: list rates-11n-ss34: choices: - mcs16/3 - mcs17/3 - mcs18/3 - mcs19/3 - mcs20/3 - mcs21/3 - mcs22/3 - mcs23/3 - mcs24/4 - mcs25/4 - mcs26/4 - mcs27/4 - mcs28/4 - mcs29/4 - mcs30/4 - mcs31/4 description: Allowed data rates for 802. elements: str type: list sae-groups: choices: - '1' - '2' - '5' - '14' - '15' - '16' - '17' - '18' - '19' - '20' - '21' - '27' - '28' - '29' - '30' - '31' description: SAE-Groups. elements: str type: list sae-h2e-only: choices: - disable - enable description: Use hash-to-element-only mechanism for PWE derivation type: str sae-password: description: WPA3 SAE password to be used to authenticate WiFi users. type: str sae-pk: choices: - disable - enable description: Enable/disable WPA3 SAE-PK type: str sae-private-key: description: Private key used for WPA3 SAE-PK authentication. type: str scan-botnet-connections: choices: - disable - block - monitor description: Block or monitor connections to Botnet servers or disable Botnet scanning. type: str schedule: description: VAP schedule name. type: str secondary-wag-profile: description: Secondary wireless access gateway profile name. type: str security: choices: - None - WEP64 - wep64 - WEP128 - wep128 - WPA_PSK - WPA_RADIUS - WPA - WPA2 - WPA2_AUTO - open - wpa-personal - wpa-enterprise - captive-portal - wpa-only-personal - wpa-only-enterprise - wpa2-only-personal - wpa2-only-enterprise - wpa-personal+captive-portal - wpa-only-personal+captive-portal - wpa2-only-personal+captive-portal - osen - wpa3-enterprise - sae - sae-transition - owe - wpa3-sae - wpa3-sae-transition - wpa3-only-enterprise - wpa3-enterprise-transition description: Security mode for the wireless interface type: str security-exempt-list: description: Optional security exempt list for captive portal authentication. type: str security-obsolete-option: choices: - disable - enable description: Enable/disable obsolete security options. type: str security-redirect-url: description: Optional URL for redirecting users after they pass captive portal authentication. type: str selected-usergroups: description: Selective user groups that are permitted to authenticate. type: str split-tunneling: choices: - disable - enable description: Enable/disable split tunneling type: str ssid: description: IEEE 802. type: str sticky-client-remove: choices: - disable - enable description: Enable/disable sticky client remove to maintain good signal level clients in SSID. type: str sticky-client-threshold-2g: description: Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP type: str sticky-client-threshold-5g: description: Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP type: str sticky-client-threshold-6g: description: Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP type: str target-wake-time: choices: - disable - enable description: Enable/disable 802. type: str tkip-counter-measure: choices: - disable - enable description: Enable/disable TKIP counter measure. type: str tunnel-echo-interval: description: The time interval to send echo to both primary and secondary tunnel peers type: int tunnel-fallback-interval: description: The time interval for secondary tunnel to fall back to primary tunnel type: int usergroup: description: Firewall user group to be used to authenticate WiFi users. type: str utm-log: choices: - disable - enable description: Enable/disable UTM logging. type: str utm-profile: description: UTM profile name. type: str utm-status: choices: - disable - enable description: Enable to add one or more security profiles type: str vdom: description: Name of the VDOM that the Virtual AP has been added to. type: str vlan-auto: choices: - disable - enable description: Enable/disable automatic management of SSID VLAN interface. type: str vlan-name: description: description elements: dict suboptions: name: description: VLAN name. type: str vlan-id: description: VLAN ID. type: int type: list vlan-pool: description: Vlan-Pool. elements: dict suboptions: _wtp-group: description: _Wtp-Group. type: str id: description: ID. type: int wtp-group: description: WTP group name. type: str type: list vlan-pooling: choices: - wtp-group - round-robin - hash - disable description: Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools type: str vlanid: description: Optional VLAN ID. type: int voice-enterprise: choices: - disable - enable description: Enable/disable 802. type: str webfilter-profile: description: WebFilter profile name. type: str type: dict adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list