Try SpotterConfigure Virtual Access Points
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fmgr_vap:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
acct-interim-interval: <value of integer>
alias: <value of string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
acct-interim-interval: <value of integer>
address-group: <value of string>
alias: <value of string>
atf-weight: <value of integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
client-count: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
mu-mimo: <value in [disable, enable]>
_intf_device-access-list: <value of string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <value of string>
secondary-wag-profile: <value of string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <value of integer>
tunnel-fallback-interval: <value of integer>
access-control-list: <value of string>
captive-portal-auth-timeout: <value of integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <value of string>
sticky-client-threshold-5g: <value of string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <value of string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <value of integer>
port-macauth-timeout: <value of integer>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <value of integer>
bstm-rssi-disassoc-timer: <value of integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <value of integer>
gas-fragmentation-limit: <value of integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <value of string>
neighbor-report-dual-band: <value in [disable, enable]>
address-group-policy: <value in [disable, allow, deny]>
antivirus-profile: <value of string>
application-detection-engine: <value in [disable, enable]>
application-list: <value of string>
application-report-intv: <value of integer>
auth-cert: <value of string>
auth-portal-addr: <value of string>
beacon-advertising:
- name
- model
- serial-number
ips-sensor: <value of string>
l3-roaming: <value in [disable, enable]>
local-standalone-dns: <value in [disable, enable]>
local-standalone-dns-ip: <value of string>
osen: <value in [disable, enable]>
radius-mac-mpsk-auth: <value in [disable, enable]>
radius-mac-mpsk-timeout: <value of integer>
rates-11ax-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates-11ax-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan-botnet-connections: <value in [disable, block, monitor]>
utm-log: <value in [disable, enable]>
utm-status: <value in [disable, enable]>
webfilter-profile: <value of string>
sae-h2e-only: <value in [disable, enable]>
sae-pk: <value in [disable, enable]>
sae-private-key: <value of string>
sticky-client-threshold-6g: <value of string>
application-dscp-marking: <value in [disable, enable]>
l3-roaming-mode: <value in [direct, indirect]>
rates-11ac-mcs-map: <value of string>
rates-11ax-mcs-map: <value of string>
captive-portal-fw-accounting: <value in [disable, enable]>
radius-mac-auth-block-interval: <value of integer>
_is_factory_setting: <value in [disable, enable, ext]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-list:
-
id: <value of integer>
mac: <value of string>
mac-filter-policy: <value in [deny, allow]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
mpsk-key:
-
comment: <value of string>
concurrent-clients: <value of string>
key-name: <value of string>
passphrase: <value of string>
mpsk-schedules: <value of string>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
name: <value of string>
okc: <value in [disable, enable]>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pool:
-
_wtp-group: <value of string>
id: <value of integer>
wtp-group: <value of string>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
address-group: <value of string>
atf-weight: <value of integer>
mu-mimo: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
_intf_device-access-list: <value of string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <value of string>
secondary-wag-profile: <value of string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <value of integer>
tunnel-fallback-interval: <value of integer>
access-control-list: <value of string>
captive-portal-auth-timeout: <value of integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <value of string>
sticky-client-threshold-5g: <value of string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <value of string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <value of integer>
port-macauth-timeout: <value of integer>
portal-message-overrides:
auth-disclaimer-page: <value of string>
auth-login-failed-page: <value of string>
auth-login-page: <value of string>
auth-reject-page: <value of string>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <value of integer>
bstm-rssi-disassoc-timer: <value of integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <value of integer>
gas-fragmentation-limit: <value of integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <value of string>
neighbor-report-dual-band: <value in [disable, enable]>
address-group-policy: <value in [disable, allow, deny]>
antivirus-profile: <value of string>
application-detection-engine: <value in [disable, enable]>
application-list: <value of string>
application-report-intv: <value of integer>
auth-cert: <value of string>
auth-portal-addr: <value of string>
beacon-advertising:
- name
- model
- serial-number
ips-sensor: <value of string>
l3-roaming: <value in [disable, enable]>
local-standalone-dns: <value in [disable, enable]>
local-standalone-dns-ip: <value of string>
osen: <value in [disable, enable]>
radius-mac-mpsk-auth: <value in [disable, enable]>
radius-mac-mpsk-timeout: <value of integer>
rates-11ax-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates-11ax-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan-botnet-connections: <value in [disable, block, monitor]>
utm-log: <value in [disable, enable]>
utm-status: <value in [disable, enable]>
vlan-name:
-
name: <value of string>
vlan-id: <value of integer>
webfilter-profile: <value of string>
sae-h2e-only: <value in [disable, enable]>
sae-pk: <value in [disable, enable]>
sae-private-key: <value of string>
sticky-client-threshold-6g: <value of string>
application-dscp-marking: <value in [disable, enable]>
l3-roaming-mode: <value in [direct, indirect]>
rates-11ac-mcs-map: <value of string>
rates-11ax-mcs-map: <value of string>
captive-portal-fw-accounting: <value in [disable, enable]>
radius-mac-auth-block-interval: <value of integer>
_is_factory_setting: <value in [disable, enable, ext]>
vap:
description: the top level parameters set
required: false
suboptions:
_centmgmt:
choices:
- disable
- enable
description: _Centmgmt.
type: str
_dhcp_svr_id:
description: _Dhcp_Svr_Id.
type: str
_intf_allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
description: _Intf_Allowaccess.
elements: str
type: list
_intf_device-access-list:
description: _Intf_Device-Access-List.
type: str
_intf_device-identification:
choices:
- disable
- enable
description: _Intf_Device-Identification.
type: str
_intf_device-netscan:
choices:
- disable
- enable
description: _Intf_Device-Netscan.
type: str
_intf_dhcp-relay-ip:
description: _Intf_Dhcp-Relay-Ip.
type: str
_intf_dhcp-relay-service:
choices:
- disable
- enable
description: _Intf_Dhcp-Relay-Service.
type: str
_intf_dhcp-relay-type:
choices:
- regular
- ipsec
description: _Intf_Dhcp-Relay-Type.
type: str
_intf_dhcp6-relay-ip:
description: _Intf_Dhcp6-Relay-Ip.
type: str
_intf_dhcp6-relay-service:
choices:
- disable
- enable
description: _Intf_Dhcp6-Relay-Service.
type: str
_intf_dhcp6-relay-type:
choices:
- regular
description: _Intf_Dhcp6-Relay-Type.
type: str
_intf_ip:
description: _Intf_Ip.
type: str
_intf_ip6-address:
description: _Intf_Ip6-Address.
type: str
_intf_ip6-allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
description: _Intf_Ip6-Allowaccess.
elements: str
type: list
_intf_listen-forticlient-connection:
choices:
- disable
- enable
description: _Intf_Listen-Forticlient-Connection.
type: str
_is_factory_setting:
choices:
- disable
- enable
- ext
description: no description
type: str
access-control-list:
description: access-control-list profile name.
type: str
acct-interim-interval:
description: WiFi RADIUS accounting interim interval
type: int
additional-akms:
choices:
- akm6
description: Additional AKMs.
elements: str
type: list
address-group:
description: Address group ID.
type: str
address-group-policy:
choices:
- disable
- allow
- deny
description: Configure MAC address filtering policy for MAC addresses that are
in the address-group.
type: str
alias:
description: Alias.
type: str
antivirus-profile:
description: AntiVirus profile name.
type: str
application-detection-engine:
choices:
- disable
- enable
description: Enable/disable application detection engine
type: str
application-dscp-marking:
choices:
- disable
- enable
description: Enable/disable application attribute based DSCP marking
type: str
application-list:
description: Application control list name.
type: str
application-report-intv:
description: Application report interval
type: int
atf-weight:
description: Airtime weight in percentage
type: int
auth:
choices:
- PSK
- psk
- RADIUS
- radius
- usergroup
description: Authentication protocol.
type: str
auth-cert:
description: HTTPS server certificate.
type: str
auth-portal-addr:
description: Address of captive portal.
type: str
beacon-advertising:
choices:
- name
- model
- serial-number
description: description
elements: str
type: list
broadcast-ssid:
choices:
- disable
- enable
description: Enable/disable broadcasting the SSID
type: str
broadcast-suppression:
choices:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
description: Optional suppression of broadcast messages.
elements: str
type: list
bss-color-partial:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
bstm-disassociation-imminent:
choices:
- disable
- enable
description: Enable/disable forcing of disassociation after the BSTM request timer
has been reached
type: str
bstm-load-balancing-disassoc-timer:
description: Time interval for client to voluntarily leave AP before forcing a
disassociation due to AP load-balancing
type: int
bstm-rssi-disassoc-timer:
description: Time interval for client to voluntarily leave AP before forcing a
disassociation due to low RSSI
type: int
captive-portal-ac-name:
description: Local-bridging captive portal ac-name.
type: str
captive-portal-auth-timeout:
description: Hard timeout - AP will always clear the session after timeout regardless
of traffic
type: int
captive-portal-fw-accounting:
choices:
- disable
- enable
description: Enable/disable RADIUS accounting for captive portal firewall authentication
session.
type: str
captive-portal-macauth-radius-secret:
description: Secret key to access the macauth RADIUS server.
type: str
captive-portal-macauth-radius-server:
description: Captive portal external RADIUS server domain name or IP address.
type: str
captive-portal-radius-secret:
description: Secret key to access the RADIUS server.
type: str
captive-portal-radius-server:
description: Captive portal RADIUS server domain name or IP address.
type: str
captive-portal-session-timeout-interval:
description: Session timeout interval
type: int
dhcp-address-enforcement:
choices:
- disable
- enable
description: Enable/disable DHCP address enforcement
type: str
dhcp-lease-time:
description: DHCP lease time in seconds for NAT IP address.
type: int
dhcp-option43-insertion:
choices:
- disable
- enable
description: Enable/disable insertion of DHCP option 43
type: str
dhcp-option82-circuit-id-insertion:
choices:
- disable
- style-1
- style-2
- style-3
description: Enable/disable DHCP option 82 circuit-id insert
type: str
dhcp-option82-insertion:
choices:
- disable
- enable
description: Enable/disable DHCP option 82 insert
type: str
dhcp-option82-remote-id-insertion:
choices:
- disable
- style-1
description: Enable/disable DHCP option 82 remote-id insert
type: str
dynamic-vlan:
choices:
- disable
- enable
description: Enable/disable dynamic VLAN assignment.
type: str
dynamic_mapping:
description: Dynamic_Mapping.
elements: dict
suboptions:
_centmgmt:
choices:
- disable
- enable
description: _Centmgmt.
type: str
_dhcp_svr_id:
description: _Dhcp_Svr_Id.
type: str
_intf_allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
description: _Intf_Allowaccess.
elements: str
type: list
_intf_device-access-list:
description: _Intf_Device-Access-List.
type: str
_intf_device-identification:
choices:
- disable
- enable
description: _Intf_Device-Identification.
type: str
_intf_device-netscan:
choices:
- disable
- enable
description: _Intf_Device-Netscan.
type: str
_intf_dhcp-relay-ip:
description: _Intf_Dhcp-Relay-Ip.
type: str
_intf_dhcp-relay-service:
choices:
- disable
- enable
description: _Intf_Dhcp-Relay-Service.
type: str
_intf_dhcp-relay-type:
choices:
- regular
- ipsec
description: _Intf_Dhcp-Relay-Type.
type: str
_intf_dhcp6-relay-ip:
description: _Intf_Dhcp6-Relay-Ip.
type: str
_intf_dhcp6-relay-service:
choices:
- disable
- enable
description: _Intf_Dhcp6-Relay-Service.
type: str
_intf_dhcp6-relay-type:
choices:
- regular
description: _Intf_Dhcp6-Relay-Type.
type: str
_intf_ip:
description: _Intf_Ip.
type: str
_intf_ip6-address:
description: _Intf_Ip6-Address.
type: str
_intf_ip6-allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
description: _Intf_Ip6-Allowaccess.
elements: str
type: list
_intf_listen-forticlient-connection:
choices:
- disable
- enable
description: _Intf_Listen-Forticlient-Connection.
type: str
_is_factory_setting:
choices:
- disable
- enable
- ext
description: no description
type: str
_scope:
description: _Scope.
elements: dict
suboptions:
name:
description: Name.
type: str
vdom:
description: Vdom.
type: str
type: list
access-control-list:
description: Access-Control-List.
type: str
acct-interim-interval:
description: WiFi RADIUS accounting interim interval
type: int
additional-akms:
choices:
- akm6
description: Additional-Akms.
elements: str
type: list
address-group:
description: Address group ID.
type: str
address-group-policy:
choices:
- disable
- allow
- deny
description: Configure MAC address filtering policy for MAC addresses that
are in the address-group.
type: str
alias:
description: Alias.
type: str
antivirus-profile:
description: AntiVirus profile name.
type: str
application-detection-engine:
choices:
- disable
- enable
description: Enable/disable application detection engine
type: str
application-dscp-marking:
choices:
- disable
- enable
description: Enable/disable application attribute based DSCP marking
type: str
application-list:
description: Application control list name.
type: str
application-report-intv:
description: Application report interval
type: int
atf-weight:
description: Airtime weight in percentage
type: int
auth:
choices:
- PSK
- psk
- RADIUS
- radius
- usergroup
description: Authentication protocol.
type: str
auth-cert:
description: HTTPS server certificate.
type: str
auth-portal-addr:
description: Address of captive portal.
type: str
beacon-advertising:
choices:
- name
- model
- serial-number
description: description
elements: str
type: list
broadcast-ssid:
choices:
- disable
- enable
description: Enable/disable broadcasting the SSID
type: str
broadcast-suppression:
choices:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
description: Optional suppression of broadcast messages.
elements: str
type: list
bss-color-partial:
choices:
- disable
- enable
description: Bss-Color-Partial.
type: str
bstm-disassociation-imminent:
choices:
- disable
- enable
description: Enable/disable forcing of disassociation after the BSTM request
timer has been reached
type: str
bstm-load-balancing-disassoc-timer:
description: Time interval for client to voluntarily leave AP before forcing
a disassociation due to AP load-balancing
type: int
bstm-rssi-disassoc-timer:
description: Time interval for client to voluntarily leave AP before forcing
a disassociation due to low RSSI
type: int
captive-portal-ac-name:
description: Local-bridging captive portal ac-name.
type: str
captive-portal-auth-timeout:
description: Captive-Portal-Auth-Timeout.
type: int
captive-portal-fw-accounting:
choices:
- disable
- enable
description: Enable/disable RADIUS accounting for captive portal firewall
authentication session.
type: str
captive-portal-macauth-radius-secret:
description: Secret key to access the macauth RADIUS server.
type: str
captive-portal-macauth-radius-server:
description: Captive portal external RADIUS server domain name or IP address.
type: str
captive-portal-radius-secret:
description: Secret key to access the RADIUS server.
type: str
captive-portal-radius-server:
description: Captive portal RADIUS server domain name or IP address.
type: str
captive-portal-session-timeout-interval:
description: Session timeout interval
type: int
client-count:
description: Client-Count.
type: int
dhcp-address-enforcement:
choices:
- disable
- enable
description: Enable/disable DHCP address enforcement
type: str
dhcp-lease-time:
description: DHCP lease time in seconds for NAT IP address.
type: int
dhcp-option43-insertion:
choices:
- disable
- enable
description: Dhcp-Option43-Insertion.
type: str
dhcp-option82-circuit-id-insertion:
choices:
- disable
- style-1
- style-2
- style-3
description: Enable/disable DHCP option 82 circuit-id insert
type: str
dhcp-option82-insertion:
choices:
- disable
- enable
description: Enable/disable DHCP option 82 insert
type: str
dhcp-option82-remote-id-insertion:
choices:
- disable
- style-1
description: Enable/disable DHCP option 82 remote-id insert
type: str
dynamic-vlan:
choices:
- disable
- enable
description: Enable/disable dynamic VLAN assignment.
type: str
eap-reauth:
choices:
- disable
- enable
description: Enable/disable EAP re-authentication for WPA-Enterprise security.
type: str
eap-reauth-intv:
description: EAP re-authentication interval
type: int
eapol-key-retries:
choices:
- disable
- enable
description: Enable/disable retransmission of EAPOL-Key frames
type: str
encrypt:
choices:
- TKIP
- AES
- TKIP-AES
description: Encryption protocol to use
type: str
external-fast-roaming:
choices:
- disable
- enable
description: Enable/disable fast roaming or pre-authentication with external
APs not managed by the FortiGate
type: str
external-logout:
description: URL of external authentication logout server.
type: str
external-web:
description: URL of external authentication web server.
type: str
external-web-format:
choices:
- auto-detect
- no-query-string
- partial-query-string
description: URL query parameter detection
type: str
fast-bss-transition:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
fast-roaming:
choices:
- disable
- enable
description: Enable/disable fast-roaming, or pre-authentication, where supported
by clients
type: str
ft-mobility-domain:
description: Mobility domain identifier in FT
type: int
ft-over-ds:
choices:
- disable
- enable
description: Enable/disable FT over the Distribution System
type: str
ft-r0-key-lifetime:
description: Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
type: int
gas-comeback-delay:
description: GAS comeback delay
type: int
gas-fragmentation-limit:
description: GAS fragmentation limit
type: int
gtk-rekey:
choices:
- disable
- enable
description: Enable/disable GTK rekey for WPA security.
type: str
gtk-rekey-intv:
description: GTK rekey interval
type: int
high-efficiency:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
hotspot20-profile:
description: Hotspot 2.
type: str
igmp-snooping:
choices:
- disable
- enable
description: Enable/disable IGMP snooping.
type: str
intra-vap-privacy:
choices:
- disable
- enable
description: Enable/disable blocking communication between clients on the
same SSID
type: str
ip:
description: IP address and subnet mask for the local standalone NAT subnet.
type: str
ips-sensor:
description: IPS sensor name.
type: str
ipv6-rules:
choices:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
description: Ipv6-Rules.
elements: str
type: list
key:
description: WEP Key.
type: str
keyindex:
description: WEP key index
type: int
l3-roaming:
choices:
- disable
- enable
description: Enable/disable layer 3 roaming
type: str
l3-roaming-mode:
choices:
- direct
- indirect
description: Select the way that layer 3 roaming traffic is passed
type: str
ldpc:
choices:
- disable
- tx
- rx
- rxtx
description: VAP low-density parity-check
type: str
local-authentication:
choices:
- disable
- enable
description: Enable/disable AP local authentication.
type: str
local-bridging:
choices:
- disable
- enable
description: Enable/disable bridging of wireless and Ethernet interfaces on
the FortiAP
type: str
local-lan:
choices:
- deny
- allow
description: Allow/deny traffic destined for a Class A, B, or C private IP
address
type: str
local-standalone:
choices:
- disable
- enable
description: Enable/disable AP local standalone
type: str
local-standalone-dns:
choices:
- disable
- enable
description: Enable/disable AP local standalone DNS.
type: str
local-standalone-dns-ip:
description: description
type: str
local-standalone-nat:
choices:
- disable
- enable
description: Enable/disable AP local standalone NAT mode.
type: str
local-switching:
choices:
- disable
- enable
description: Local-Switching.
type: str
mac-auth-bypass:
choices:
- disable
- enable
description: Enable/disable MAC authentication bypass.
type: str
mac-called-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC called station delimiter
type: str
mac-calling-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC calling station delimiter
type: str
mac-case:
choices:
- uppercase
- lowercase
description: MAC case
type: str
mac-filter:
choices:
- disable
- enable
description: Enable/disable MAC filtering to block wireless clients by mac
address.
type: str
mac-filter-policy-other:
choices:
- deny
- allow
description: Allow or block clients with MAC addresses that are not in the
filter list.
type: str
mac-password-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC authentication password delimiter
type: str
mac-username-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC authentication username delimiter
type: str
max-clients:
description: Maximum number of clients that can connect simultaneously to
the VAP
type: int
max-clients-ap:
description: Maximum number of clients that can connect simultaneously to
the VAP per AP radio
type: int
mbo:
choices:
- disable
- enable
description: Enable/disable Multiband Operation
type: str
mbo-cell-data-conn-pref:
choices:
- excluded
- prefer-not
- prefer-use
description: MBO cell data connection preference
type: str
me-disable-thresh:
description: Disable multicast enhancement when this many clients are receiving
multicast traffic.
type: int
mesh-backhaul:
choices:
- disable
- enable
description: Enable/disable using this VAP as a WiFi mesh backhaul
type: str
mpsk:
choices:
- disable
- enable
description: Enable/disable multiple PSK authentication.
type: str
mpsk-concurrent-clients:
description: Maximum number of concurrent clients that connect using the same
passphrase in multiple PSK authentication
type: int
mpsk-profile:
description: Mpsk-Profile.
type: str
mu-mimo:
choices:
- disable
- enable
description: Enable/disable Multi-user MIMO
type: str
multicast-enhance:
choices:
- disable
- enable
description: Enable/disable converting multicast to unicast to improve performance
type: str
multicast-rate:
choices:
- '0'
- '6000'
- '12000'
- '24000'
description: Multicast rate
type: str
nac:
choices:
- disable
- enable
description: Enable/disable network access control.
type: str
nac-profile:
description: NAC profile name.
type: str
neighbor-report-dual-band:
choices:
- disable
- enable
description: Enable/disable dual-band neighbor report
type: str
okc:
choices:
- disable
- enable
description: Enable/disable Opportunistic Key Caching
type: str
osen:
choices:
- disable
- enable
description: Enable/disable OSEN as part of key management
type: str
owe-groups:
choices:
- '19'
- '20'
- '21'
description: OWE-Groups.
elements: str
type: list
owe-transition:
choices:
- disable
- enable
description: Enable/disable OWE transition mode support.
type: str
owe-transition-ssid:
description: OWE transition mode peer SSID.
type: str
passphrase:
description: WPA pre-shared key
type: str
pmf:
choices:
- disable
- enable
- optional
description: Protected Management Frames
type: str
pmf-assoc-comeback-timeout:
description: Protected Management Frames
type: int
pmf-sa-query-retry-timeout:
description: Protected Management Frames
type: int
port-macauth:
choices:
- disable
- radius
- address-group
description: Enable/disable LAN port MAC authentication
type: str
port-macauth-reauth-timeout:
description: LAN port MAC authentication re-authentication timeout value
type: int
port-macauth-timeout:
description: LAN port MAC authentication idle timeout value
type: int
portal-message-override-group:
description: Replacement message group for this VAP
type: str
portal-type:
choices:
- auth
- auth+disclaimer
- disclaimer
- email-collect
- cmcc
- cmcc-macauth
- auth-mac
- external-auth
- external-macauth
description: Captive portal functionality.
type: str
primary-wag-profile:
description: Primary wireless access gateway profile name.
type: str
probe-resp-suppression:
choices:
- disable
- enable
description: Enable/disable probe response suppression
type: str
probe-resp-threshold:
description: Minimum signal level/threshold in dBm required for the AP response
to probe requests
type: str
ptk-rekey:
choices:
- disable
- enable
description: Enable/disable PTK rekey for WPA-Enterprise security.
type: str
ptk-rekey-intv:
description: PTK rekey interval
type: int
qos-profile:
description: Quality of service profile name.
type: str
quarantine:
choices:
- disable
- enable
description: Enable/disable station quarantine
type: str
radio-2g-threshold:
description: Minimum signal level/threshold in dBm required for the AP response
to receive a packet in 2.
type: str
radio-5g-threshold:
description: Minimum signal level/threshold in dBm required for the AP response
to receive a packet in 5G band
type: str
radio-sensitivity:
choices:
- disable
- enable
description: Enable/disable software radio sensitivity
type: str
radius-mac-auth:
choices:
- disable
- enable
description: Enable/disable RADIUS-based MAC authentication of clients
type: str
radius-mac-auth-block-interval:
description: Dont send RADIUS MAC auth request again if the client has been
rejected within specific interval
type: int
radius-mac-auth-server:
description: RADIUS-based MAC authentication server.
type: str
radius-mac-auth-usergroups:
description: Selective user groups that are permitted for RADIUS mac authentication.
type: str
radius-mac-mpsk-auth:
choices:
- disable
- enable
description: Enable/disable RADIUS-based MAC authentication of clients for
MPSK authentication
type: str
radius-mac-mpsk-timeout:
description: RADIUS MAC MPSK cache timeout interval
type: int
radius-server:
description: RADIUS server to be used to authenticate WiFi users.
type: str
rates-11a:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Allowed data rates for 802.
elements: str
type: list
rates-11ac-mcs-map:
description: Comma separated list of max supported VHT MCS for spatial streams
1 through 8.
type: str
rates-11ac-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
description: Allowed data rates for 802.
elements: str
type: list
rates-11ac-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
description: Allowed data rates for 802.
elements: str
type: list
rates-11ax-mcs-map:
description: Comma separated list of max supported HE MCS for spatial streams
1 through 8.
type: str
rates-11ax-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
description: description
elements: str
type: list
rates-11ax-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
description: description
elements: str
type: list
rates-11bg:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Allowed data rates for 802.
elements: str
type: list
rates-11n-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
description: Allowed data rates for 802.
elements: str
type: list
rates-11n-ss34:
choices:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
description: Allowed data rates for 802.
elements: str
type: list
sae-groups:
choices:
- '1'
- '2'
- '5'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '27'
- '28'
- '29'
- '30'
- '31'
description: SAE-Groups.
elements: str
type: list
sae-h2e-only:
choices:
- disable
- enable
description: Use hash-to-element-only mechanism for PWE derivation
type: str
sae-password:
description: WPA3 SAE password to be used to authenticate WiFi users.
type: str
sae-pk:
choices:
- disable
- enable
description: Enable/disable WPA3 SAE-PK
type: str
sae-private-key:
description: Private key used for WPA3 SAE-PK authentication.
type: str
scan-botnet-connections:
choices:
- disable
- block
- monitor
description: Block or monitor connections to Botnet servers or disable Botnet
scanning.
type: str
schedule:
description: Firewall schedules for enabling this VAP on the FortiAP.
type: str
secondary-wag-profile:
description: Secondary wireless access gateway profile name.
type: str
security:
choices:
- None
- WEP64
- wep64
- WEP128
- wep128
- WPA_PSK
- WPA_RADIUS
- WPA
- WPA2
- WPA2_AUTO
- open
- wpa-personal
- wpa-enterprise
- captive-portal
- wpa-only-personal
- wpa-only-enterprise
- wpa2-only-personal
- wpa2-only-enterprise
- wpa-personal+captive-portal
- wpa-only-personal+captive-portal
- wpa2-only-personal+captive-portal
- osen
- wpa3-enterprise
- sae
- sae-transition
- owe
- wpa3-sae
- wpa3-sae-transition
- wpa3-only-enterprise
- wpa3-enterprise-transition
description: Security mode for the wireless interface
type: str
security-exempt-list:
description: Optional security exempt list for captive portal authentication.
type: str
security-obsolete-option:
choices:
- disable
- enable
description: Enable/disable obsolete security options.
type: str
security-redirect-url:
description: Optional URL for redirecting users after they pass captive portal
authentication.
type: str
selected-usergroups:
description: Selective user groups that are permitted to authenticate.
type: str
split-tunneling:
choices:
- disable
- enable
description: Enable/disable split tunneling
type: str
ssid:
description: IEEE 802.
type: str
sticky-client-remove:
choices:
- disable
- enable
description: Sticky-Client-Remove.
type: str
sticky-client-threshold-2g:
description: Sticky-Client-Threshold-2G.
type: str
sticky-client-threshold-5g:
description: Sticky-Client-Threshold-5G.
type: str
sticky-client-threshold-6g:
description: Minimum signal level/threshold in dBm required for the 6G client
to be serviced by the AP
type: str
target-wake-time:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
tkip-counter-measure:
choices:
- disable
- enable
description: Enable/disable TKIP counter measure.
type: str
tunnel-echo-interval:
description: The time interval to send echo to both primary and secondary
tunnel peers
type: int
tunnel-fallback-interval:
description: The time interval for secondary tunnel to fall back to primary
tunnel
type: int
usergroup:
description: Firewall user group to be used to authenticate WiFi users.
type: str
utm-log:
choices:
- disable
- enable
description: Enable/disable UTM logging.
type: str
utm-profile:
description: UTM profile name.
type: str
utm-status:
choices:
- disable
- enable
description: Enable to add one or more security profiles
type: str
vdom:
description: Vdom.
type: str
vlan-auto:
choices:
- disable
- enable
description: Enable/disable automatic management of SSID VLAN interface.
type: str
vlan-pooling:
choices:
- wtp-group
- round-robin
- hash
- disable
description: Enable/disable VLAN pooling, to allow grouping of multiple wireless
controller VLANs into VLAN pools
type: str
vlanid:
description: Optional VLAN ID.
type: int
voice-enterprise:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
webfilter-profile:
description: WebFilter profile name.
type: str
type: list
eap-reauth:
choices:
- disable
- enable
description: Enable/disable EAP re-authentication for WPA-Enterprise security.
type: str
eap-reauth-intv:
description: EAP re-authentication interval
type: int
eapol-key-retries:
choices:
- disable
- enable
description: Enable/disable retransmission of EAPOL-Key frames
type: str
encrypt:
choices:
- TKIP
- AES
- TKIP-AES
description: Encryption protocol to use
type: str
external-fast-roaming:
choices:
- disable
- enable
description: Enable/disable fast roaming or pre-authentication with external APs
not managed by the FortiGate
type: str
external-logout:
description: URL of external authentication logout server.
type: str
external-web:
description: URL of external authentication web server.
type: str
external-web-format:
choices:
- auto-detect
- no-query-string
- partial-query-string
description: URL query parameter detection
type: str
fast-bss-transition:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
fast-roaming:
choices:
- disable
- enable
description: Enable/disable fast-roaming, or pre-authentication, where supported
by clients
type: str
ft-mobility-domain:
description: Mobility domain identifier in FT
type: int
ft-over-ds:
choices:
- disable
- enable
description: Enable/disable FT over the Distribution System
type: str
ft-r0-key-lifetime:
description: Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
type: int
gas-comeback-delay:
description: GAS comeback delay
type: int
gas-fragmentation-limit:
description: GAS fragmentation limit
type: int
gtk-rekey:
choices:
- disable
- enable
description: Enable/disable GTK rekey for WPA security.
type: str
gtk-rekey-intv:
description: GTK rekey interval
type: int
high-efficiency:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
hotspot20-profile:
description: Hotspot 2.
type: str
igmp-snooping:
choices:
- disable
- enable
description: Enable/disable IGMP snooping.
type: str
intra-vap-privacy:
choices:
- disable
- enable
description: Enable/disable blocking communication between clients on the same
SSID
type: str
ip:
description: IP address and subnet mask for the local standalone NAT subnet.
type: str
ips-sensor:
description: IPS sensor name.
type: str
ipv6-rules:
choices:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
description: Optional rules of IPv6 packets.
elements: str
type: list
key:
description: WEP Key.
type: str
keyindex:
description: WEP key index
type: int
l3-roaming:
choices:
- disable
- enable
description: Enable/disable layer 3 roaming
type: str
l3-roaming-mode:
choices:
- direct
- indirect
description: Select the way that layer 3 roaming traffic is passed
type: str
ldpc:
choices:
- disable
- tx
- rx
- rxtx
description: VAP low-density parity-check
type: str
local-authentication:
choices:
- disable
- enable
description: Enable/disable AP local authentication.
type: str
local-bridging:
choices:
- disable
- enable
description: Enable/disable bridging of wireless and Ethernet interfaces on the
FortiAP
type: str
local-lan:
choices:
- deny
- allow
description: Allow/deny traffic destined for a Class A, B, or C private IP address
type: str
local-standalone:
choices:
- disable
- enable
description: Enable/disable AP local standalone
type: str
local-standalone-dns:
choices:
- disable
- enable
description: Enable/disable AP local standalone DNS.
type: str
local-standalone-dns-ip:
description: description
type: str
local-standalone-nat:
choices:
- disable
- enable
description: Enable/disable AP local standalone NAT mode.
type: str
mac-auth-bypass:
choices:
- disable
- enable
description: Enable/disable MAC authentication bypass.
type: str
mac-called-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC called station delimiter
type: str
mac-calling-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC calling station delimiter
type: str
mac-case:
choices:
- uppercase
- lowercase
description: MAC case
type: str
mac-filter:
choices:
- disable
- enable
description: Enable/disable MAC filtering to block wireless clients by mac address.
type: str
mac-filter-list:
description: Mac-Filter-List.
elements: dict
suboptions:
id:
description: ID.
type: int
mac:
description: MAC address.
type: str
mac-filter-policy:
choices:
- deny
- allow
description: Deny or allow the client with this MAC address.
type: str
type: list
mac-filter-policy-other:
choices:
- deny
- allow
description: Allow or block clients with MAC addresses that are not in the filter
list.
type: str
mac-password-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC authentication password delimiter
type: str
mac-username-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: MAC authentication username delimiter
type: str
max-clients:
description: Maximum number of clients that can connect simultaneously to the
VAP
type: int
max-clients-ap:
description: Maximum number of clients that can connect simultaneously to each
radio
type: int
mbo:
choices:
- disable
- enable
description: Enable/disable Multiband Operation
type: str
mbo-cell-data-conn-pref:
choices:
- excluded
- prefer-not
- prefer-use
description: MBO cell data connection preference
type: str
me-disable-thresh:
description: Disable multicast enhancement when this many clients are receiving
multicast traffic.
type: int
mesh-backhaul:
choices:
- disable
- enable
description: Enable/disable using this VAP as a WiFi mesh backhaul
type: str
mpsk:
choices:
- disable
- enable
description: Enable/disable multiple pre-shared keys
type: str
mpsk-concurrent-clients:
description: Number of pre-shared keys
type: int
mpsk-key:
description: Mpsk-Key.
elements: dict
suboptions:
comment:
description: Comment.
type: str
concurrent-clients:
description: Number of clients that can connect using this pre-shared key.
type: str
key-name:
description: Pre-shared key name.
type: str
mpsk-schedules:
description: Firewall schedule for MPSK passphrase.
type: str
passphrase:
description: WPA Pre-shared key.
type: str
type: list
mpsk-profile:
description: MPSK profile name.
type: str
mu-mimo:
choices:
- disable
- enable
description: Enable/disable Multi-user MIMO
type: str
multicast-enhance:
choices:
- disable
- enable
description: Enable/disable converting multicast to unicast to improve performance
type: str
multicast-rate:
choices:
- '0'
- '6000'
- '12000'
- '24000'
description: Multicast rate
type: str
nac:
choices:
- disable
- enable
description: Enable/disable network access control.
type: str
nac-profile:
description: NAC profile name.
type: str
name:
description: Virtual AP name.
type: str
neighbor-report-dual-band:
choices:
- disable
- enable
description: Enable/disable dual-band neighbor report
type: str
okc:
choices:
- disable
- enable
description: Enable/disable Opportunistic Key Caching
type: str
osen:
choices:
- disable
- enable
description: Enable/disable OSEN as part of key management
type: str
owe-groups:
choices:
- '19'
- '20'
- '21'
description: OWE-Groups.
elements: str
type: list
owe-transition:
choices:
- disable
- enable
description: Enable/disable OWE transition mode support.
type: str
owe-transition-ssid:
description: OWE transition mode peer SSID.
type: str
passphrase:
description: WPA pre-shared key
type: str
pmf:
choices:
- disable
- enable
- optional
description: Protected Management Frames
type: str
pmf-assoc-comeback-timeout:
description: Protected Management Frames
type: int
pmf-sa-query-retry-timeout:
description: Protected Management Frames
type: int
port-macauth:
choices:
- disable
- radius
- address-group
description: Enable/disable LAN port MAC authentication
type: str
port-macauth-reauth-timeout:
description: LAN port MAC authentication re-authentication timeout value
type: int
port-macauth-timeout:
description: LAN port MAC authentication idle timeout value
type: int
portal-message-override-group:
description: Replacement message group for this VAP
type: str
portal-message-overrides:
description: no description
required: false
suboptions:
auth-disclaimer-page:
description: Override auth-disclaimer-page message with message from portal-message-overrides
group.
type: str
auth-login-failed-page:
description: Override auth-login-failed-page message with message from portal-message-overrides
group.
type: str
auth-login-page:
description: Override auth-login-page message with message from portal-message-overrides
group.
type: str
auth-reject-page:
description: Override auth-reject-page message with message from portal-message-overrides
group.
type: str
type: dict
portal-type:
choices:
- auth
- auth+disclaimer
- disclaimer
- email-collect
- cmcc
- cmcc-macauth
- auth-mac
- external-auth
- external-macauth
description: Captive portal functionality.
type: str
primary-wag-profile:
description: Primary wireless access gateway profile name.
type: str
probe-resp-suppression:
choices:
- disable
- enable
description: Enable/disable probe response suppression
type: str
probe-resp-threshold:
description: Minimum signal level/threshold in dBm required for the AP response
to probe requests
type: str
ptk-rekey:
choices:
- disable
- enable
description: Enable/disable PTK rekey for WPA-Enterprise security.
type: str
ptk-rekey-intv:
description: PTK rekey interval
type: int
qos-profile:
description: Quality of service profile name.
type: str
quarantine:
choices:
- disable
- enable
description: Enable/disable station quarantine
type: str
radio-2g-threshold:
description: Minimum signal level/threshold in dBm required for the AP response
to receive a packet in 2.
type: str
radio-5g-threshold:
description: Minimum signal level/threshold in dBm required for the AP response
to receive a packet in 5G band
type: str
radio-sensitivity:
choices:
- disable
- enable
description: Enable/disable software radio sensitivity
type: str
radius-mac-auth:
choices:
- disable
- enable
description: Enable/disable RADIUS-based MAC authentication of clients
type: str
radius-mac-auth-block-interval:
description: Dont send RADIUS MAC auth request again if the client has been rejected
within specific interval
type: int
radius-mac-auth-server:
description: RADIUS-based MAC authentication server.
type: str
radius-mac-auth-usergroups:
description: Selective user groups that are permitted for RADIUS mac authentication.
type: str
radius-mac-mpsk-auth:
choices:
- disable
- enable
description: Enable/disable RADIUS-based MAC authentication of clients for MPSK
authentication
type: str
radius-mac-mpsk-timeout:
description: RADIUS MAC MPSK cache timeout interval
type: int
radius-server:
description: RADIUS server to be used to authenticate WiFi users.
type: str
rates-11a:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Allowed data rates for 802.
elements: str
type: list
rates-11ac-mcs-map:
description: Comma separated list of max supported VHT MCS for spatial streams
1 through 8.
type: str
rates-11ac-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
description: Allowed data rates for 802.
elements: str
type: list
rates-11ac-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
description: Allowed data rates for 802.
elements: str
type: list
rates-11ax-mcs-map:
description: Comma separated list of max supported HE MCS for spatial streams
1 through 8.
type: str
rates-11ax-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
description: description
elements: str
type: list
rates-11ax-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
description: description
elements: str
type: list
rates-11bg:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Allowed data rates for 802.
elements: str
type: list
rates-11n-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
description: Allowed data rates for 802.
elements: str
type: list
rates-11n-ss34:
choices:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
description: Allowed data rates for 802.
elements: str
type: list
sae-groups:
choices:
- '1'
- '2'
- '5'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '27'
- '28'
- '29'
- '30'
- '31'
description: SAE-Groups.
elements: str
type: list
sae-h2e-only:
choices:
- disable
- enable
description: Use hash-to-element-only mechanism for PWE derivation
type: str
sae-password:
description: WPA3 SAE password to be used to authenticate WiFi users.
type: str
sae-pk:
choices:
- disable
- enable
description: Enable/disable WPA3 SAE-PK
type: str
sae-private-key:
description: Private key used for WPA3 SAE-PK authentication.
type: str
scan-botnet-connections:
choices:
- disable
- block
- monitor
description: Block or monitor connections to Botnet servers or disable Botnet
scanning.
type: str
schedule:
description: VAP schedule name.
type: str
secondary-wag-profile:
description: Secondary wireless access gateway profile name.
type: str
security:
choices:
- None
- WEP64
- wep64
- WEP128
- wep128
- WPA_PSK
- WPA_RADIUS
- WPA
- WPA2
- WPA2_AUTO
- open
- wpa-personal
- wpa-enterprise
- captive-portal
- wpa-only-personal
- wpa-only-enterprise
- wpa2-only-personal
- wpa2-only-enterprise
- wpa-personal+captive-portal
- wpa-only-personal+captive-portal
- wpa2-only-personal+captive-portal
- osen
- wpa3-enterprise
- sae
- sae-transition
- owe
- wpa3-sae
- wpa3-sae-transition
- wpa3-only-enterprise
- wpa3-enterprise-transition
description: Security mode for the wireless interface
type: str
security-exempt-list:
description: Optional security exempt list for captive portal authentication.
type: str
security-obsolete-option:
choices:
- disable
- enable
description: Enable/disable obsolete security options.
type: str
security-redirect-url:
description: Optional URL for redirecting users after they pass captive portal
authentication.
type: str
selected-usergroups:
description: Selective user groups that are permitted to authenticate.
type: str
split-tunneling:
choices:
- disable
- enable
description: Enable/disable split tunneling
type: str
ssid:
description: IEEE 802.
type: str
sticky-client-remove:
choices:
- disable
- enable
description: Enable/disable sticky client remove to maintain good signal level
clients in SSID.
type: str
sticky-client-threshold-2g:
description: Minimum signal level/threshold in dBm required for the 2G client
to be serviced by the AP
type: str
sticky-client-threshold-5g:
description: Minimum signal level/threshold in dBm required for the 5G client
to be serviced by the AP
type: str
sticky-client-threshold-6g:
description: Minimum signal level/threshold in dBm required for the 6G client
to be serviced by the AP
type: str
target-wake-time:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
tkip-counter-measure:
choices:
- disable
- enable
description: Enable/disable TKIP counter measure.
type: str
tunnel-echo-interval:
description: The time interval to send echo to both primary and secondary tunnel
peers
type: int
tunnel-fallback-interval:
description: The time interval for secondary tunnel to fall back to primary tunnel
type: int
usergroup:
description: Firewall user group to be used to authenticate WiFi users.
type: str
utm-log:
choices:
- disable
- enable
description: Enable/disable UTM logging.
type: str
utm-profile:
description: UTM profile name.
type: str
utm-status:
choices:
- disable
- enable
description: Enable to add one or more security profiles
type: str
vdom:
description: Name of the VDOM that the Virtual AP has been added to.
type: str
vlan-auto:
choices:
- disable
- enable
description: Enable/disable automatic management of SSID VLAN interface.
type: str
vlan-name:
description: description
elements: dict
suboptions:
name:
description: VLAN name.
type: str
vlan-id:
description: VLAN ID.
type: int
type: list
vlan-pool:
description: Vlan-Pool.
elements: dict
suboptions:
_wtp-group:
description: _Wtp-Group.
type: str
id:
description: ID.
type: int
wtp-group:
description: WTP group name.
type: str
type: list
vlan-pooling:
choices:
- wtp-group
- round-robin
- hash
- disable
description: Enable/disable VLAN pooling, to allow grouping of multiple wireless
controller VLANs into VLAN pools
type: str
vlanid:
description: Optional VLAN ID.
type: int
voice-enterprise:
choices:
- disable
- enable
description: Enable/disable 802.
type: str
webfilter-profile:
description: WebFilter profile name.
type: str
type: dict
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list