drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_wanprof_system_sdwan Configure redundant internet connections using SD-WAN | "added in version" 2.1.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_wanprof_system_sdwan (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure redundant internet connections using SD-WAN fmgr_wanprof_system_sdwan: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> wanprof: <your own value> wanprof_system_sdwan: duplication: - dstaddr: <value of string> dstaddr6: <value of string> dstintf: <value of string> id: <value of integer> packet-de-duplication: <value in [disable, enable]> packet-duplication: <value in [disable, force, on-demand]> service: <value of string> srcaddr: <value of string> srcaddr6: <value of string> srcintf: <value of string> service-id: <value of string> sla-match-service: <value in [disable, enable]> duplication-max-num: <value of integer> fail-detect: <value in [disable, enable]> health-check: - _dynamic-server: <value of string> addr-mode: <value in [ipv4, ipv6]> diffservcode: <value of string> dns-match-ip: <value of string> dns-request-domain: <value of string> failtime: <value of integer> ftp-file: <value of string> ftp-mode: <value in [passive, port]> ha-priority: <value of integer> http-agent: <value of string> http-get: <value of string> http-match: <value of string> interval: <value of integer> members: <value of string> name: <value of string> packet-size: <value of integer> password: <value of string> port: <value of integer> probe-count: <value of integer> probe-packets: <value in [disable, enable]> probe-timeout: <value of integer> protocol: <value in [ping, tcp-echo, udp-echo, ...]> quality-measured-method: <value in [half-close, half-open]> recoverytime: <value of integer> security-mode: <value in [none, authentication]> server: <value of string> sla: - id: <value of integer> jitter-threshold: <value of integer> latency-threshold: <value of integer> link-cost-factor: - latency - jitter - packet-loss - mos packetloss-threshold: <value of integer> mos-threshold: <value of string> priority-in-sla: <value of integer> priority-out-sla: <value of integer> sla-fail-log-period: <value of integer> sla-pass-log-period: <value of integer> system-dns: <value in [disable, enable]> threshold-alert-jitter: <value of integer> threshold-alert-latency: <value of integer> threshold-alert-packetloss: <value of integer> threshold-warning-jitter: <value of integer> threshold-warning-latency: <value of integer> threshold-warning-packetloss: <value of integer> update-cascade-interface: <value in [disable, enable]> update-static-route: <value in [disable, enable]> user: <value of string> detect-mode: <value in [active, passive, prefer-passive, ...]> mos-codec: <value in [g711, g722, g729]> source: <value of string> vrf: <value of integer> embed-measured-health: <value in [disable, enable]> sla-id-redistribute: <value of integer> class-id: <value of string> source6: <value of string> load-balance-mode: <value in [source-ip-based, weight-based, usage-based, ...]> members: - _dynamic-member: <value of string> comment: <value of string> cost: <value of integer> gateway: <value of string> gateway6: <value of string> ingress-spillover-threshold: <value of integer> interface: <value of string> priority: <value of integer> seq-num: <value of integer> source: <value of string> source6: <value of string> spillover-threshold: <value of integer> status: <value in [disable, enable]> volume-ratio: <value of integer> weight: <value of integer> zone: <value of string> priority6: <value of integer> preferred-source: <value of string> neighbor: - health-check: <value of string> ip: <value of string> member: <value of string> role: <value in [primary, secondary, standalone]> sla-id: <value of integer> minimum-sla-meet-members: <value of integer> mode: <value in [sla, speedtest]> neighbor-hold-boot-time: <value of integer> neighbor-hold-down: <value in [disable, enable]> neighbor-hold-down-time: <value of integer> service: - addr-mode: <value in [ipv4, ipv6]> bandwidth-weight: <value of integer> default: <value in [disable, enable]> dscp-forward: <value in [disable, enable]> dscp-forward-tag: <value of string> dscp-reverse: <value in [disable, enable]> dscp-reverse-tag: <value of string> dst: <value of string> dst-negate: <value in [disable, enable]> dst6: <value of string> end-port: <value of integer> gateway: <value in [disable, enable]> groups: <value of string> hash-mode: <value in [round-robin, source-ip-based, source-dest-ip-based, ...]> health-check: <value of string> hold-down-time: <value of integer> id: <value of integer> input-device: <value of string> input-device-negate: <value in [disable, enable]> internet-service: <value in [disable, enable]> internet-service-app-ctrl: <value of integer> internet-service-app-ctrl-group: <value of string> internet-service-custom: <value of string> internet-service-custom-group: <value of string> internet-service-group: <value of string> internet-service-name: <value of string> jitter-weight: <value of integer> latency-weight: <value of integer> link-cost-factor: <value in [latency, jitter, packet-loss, ...]> link-cost-threshold: <value of integer> minimum-sla-meet-members: <value of integer> mode: <value in [auto, manual, priority, ...]> name: <value of string> packet-loss-weight: <value of integer> priority-members: <value of string> protocol: <value of integer> quality-link: <value of integer> role: <value in [primary, secondary, standalone]> route-tag: <value of integer> sla: - health-check: <value of string> id: <value of integer> sla-compare-method: <value in [order, number]> src: <value of string> src-negate: <value in [disable, enable]> src6: <value of string> standalone-action: <value in [disable, enable]> start-port: <value of integer> status: <value in [disable, enable]> tos: <value of string> tos-mask: <value of string> users: <value of string> tie-break: <value in [zone, cfg-order, fib-best-match, ...]> use-shortcut-sla: <value in [disable, enable]> input-zone: <value of string> internet-service-app-ctrl-category: <value of integer> passive-measurement: <value in [disable, enable]> priority-zone: <value of string> agent-exclusive: <value in [disable, enable]> shortcut: <value in [disable, enable]> shortcut-stickiness: <value in [disable, enable]> status: <value in [disable, enable]> zone: - name: <value of string> service-sla-tie-break: <value in [cfg-order, fib-best-match, input-device]> speedtest-bypass-routing: <value in [disable, enable]> fail-alert-interfaces: <value of string> app-perf-log-period: <value of integer>
adom: description: the parameter (adom) in requested url required: true type: str wanprof: description: the parameter (wanprof) in requested url required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool wanprof_system_sdwan: description: the top level parameters set required: false suboptions: app-perf-log-period: description: Time interval in seconds that applicationperformance logs are generated type: int duplication: description: description elements: dict suboptions: dstaddr: description: Destination address or address group names. type: str dstaddr6: description: Destination address6 or address6 group names. type: str dstintf: description: Outgoing type: str id: description: Duplication rule ID type: int packet-de-duplication: choices: - disable - enable description: Enable/disable discarding of packets that have been duplicated. type: str packet-duplication: choices: - disable - force - on-demand description: Configure packet duplication method. type: str service: description: Service and service group name. type: str service-id: description: SD-WAN service rule ID list. type: str sla-match-service: choices: - disable - enable description: Enable/disable packet duplication matching health-check SLAs in service rule. type: str srcaddr: description: Source address or address group names. type: str srcaddr6: description: Source address6 or address6 group names. type: str srcintf: description: Incoming type: str type: list duplication-max-num: description: Maximum number of interface members a packet is duplicated in the SD-WAN zone type: int fail-alert-interfaces: description: description type: str fail-detect: choices: - disable - enable description: Enable/disable SD-WAN Internet connection status checking type: str health-check: description: description elements: dict suboptions: _dynamic-server: description: no description type: str addr-mode: choices: - ipv4 - ipv6 description: Address mode type: str class-id: description: Traffic class ID. type: str detect-mode: choices: - active - passive - prefer-passive - remote - agent-based description: The mode determining how to detect the server. type: str diffservcode: description: Differentiated services code point type: str dns-match-ip: description: Response IP expected from DNS server if the protocol is DNS. type: str dns-request-domain: description: Fully qualified domain name to resolve for the DNS probe. type: str embed-measured-health: choices: - disable - enable description: Enable/disable embedding measured health information. type: str failtime: description: Number of failures before server is considered lost type: int ftp-file: description: Full path and file name on the FTP server to download for FTP health-check to probe. type: str ftp-mode: choices: - passive - port description: FTP mode. type: str ha-priority: description: HA election priority type: int http-agent: description: String in the http-agent field in the HTTP header. type: str http-get: description: URL used to communicate with the server if the protocol if the protocol is HTTP. type: str http-match: description: Response string expected from the server if the protocol is HTTP. type: str interval: description: Status check interval in milliseconds, or the time between attempting to connect to the server type: int members: description: Member sequence number list. type: str mos-codec: choices: - g711 - g722 - g729 description: Codec to use for MOS calculation type: str name: description: Status check or health check name. type: str packet-size: description: Packet size of a twamp test session, type: int password: description: description type: str port: description: Port number used to communicate with the server over the selected protocol type: int probe-count: description: Number of most recent probes that should be used to calculate latency and jitter type: int probe-packets: choices: - disable - enable description: Enable/disable transmission of probe packets. type: str probe-timeout: description: Time to wait before a probe packet is considered lost type: int protocol: choices: - ping - tcp-echo - udp-echo - http - twamp - ping6 - dns - tcp-connect - ftp description: Protocol used to determine if the FortiGate can communicate with the server. type: str quality-measured-method: choices: - half-close - half-open description: Method to measure the quality of tcp-connect. type: str recoverytime: description: Number of successful responses received before server is considered recovered type: int security-mode: choices: - none - authentication description: Twamp controller security mode. type: str server: description: description type: str sla: description: description elements: dict suboptions: id: description: SLA ID. type: int jitter-threshold: description: Jitter for SLA to make decision in milliseconds. type: int latency-threshold: description: Latency for SLA to make decision in milliseconds. type: int link-cost-factor: choices: - latency - jitter - packet-loss - mos description: description elements: str type: list mos-threshold: description: Minimum Mean Opinion Score for SLA to be marked as pass. type: str packetloss-threshold: description: Packet loss for SLA to make decision in percentage. type: int priority-in-sla: description: Value to be distributed into routing table when in-sla type: int priority-out-sla: description: Value to be distributed into routing table when out-sla type: int type: list sla-fail-log-period: description: Time interval in seconds that SLA fail log messages will be generated type: int sla-id-redistribute: description: Select the ID from the SLA sub-table. type: int sla-pass-log-period: description: Time interval in seconds that SLA pass log messages will be generated type: int source: description: Source IP address used in the health-check packet to the server. type: str source6: description: Source IPv6 addressused in the health-check packet to server. type: str system-dns: choices: - disable - enable description: Enable/disable system DNS as the probe server. type: str threshold-alert-jitter: description: Alert threshold for jitter type: int threshold-alert-latency: description: Alert threshold for latency type: int threshold-alert-packetloss: description: Alert threshold for packet loss type: int threshold-warning-jitter: description: Warning threshold for jitter type: int threshold-warning-latency: description: Warning threshold for latency type: int threshold-warning-packetloss: description: Warning threshold for packet loss type: int update-cascade-interface: choices: - disable - enable description: Enable/disable update cascade interface. type: str update-static-route: choices: - disable - enable description: Enable/disable updating the static route. type: str user: description: The user name to access probe server. type: str vrf: description: Virtual Routing Forwarding ID. type: int type: list load-balance-mode: choices: - source-ip-based - weight-based - usage-based - source-dest-ip-based - measured-volume-based description: Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. type: str members: description: description elements: dict suboptions: _dynamic-member: description: no description type: str comment: description: Comments. type: str cost: description: Cost of this interface for services in SLA mode type: int gateway: description: The default gateway for this interface. type: str gateway6: description: IPv6 gateway. type: str ingress-spillover-threshold: description: Ingress spillover threshold for this interface type: int interface: description: Interface name. type: str preferred-source: description: Preferred source of route for this member. type: str priority: description: Priority of the interface type: int priority6: description: Priority of the interface for IPv6 type: int seq-num: description: Sequence number type: int source: description: Source IP address used in the health-check packet to the server. type: str source6: description: Source IPv6 address used in the health-check packet to the server. type: str spillover-threshold: description: Egress spillover threshold for this interface type: int status: choices: - disable - enable description: Enable/disable this interface in the SD-WAN. type: str volume-ratio: description: Measured volume ratio type: int weight: description: Weight of this interface for weighted load balancing. type: int zone: description: Zone name. type: str type: list neighbor: description: description elements: dict suboptions: health-check: description: SD-WAN health-check name. type: str ip: description: IP/IPv6 address of neighbor. type: str member: description: Member sequence number. type: str minimum-sla-meet-members: description: Minimum number of members which meet SLA when the neighbor is preferred. type: int mode: choices: - sla - speedtest description: What metric to select the neighbor. type: str role: choices: - primary - secondary - standalone description: Role of neighbor. type: str sla-id: description: SLA ID. type: int type: list neighbor-hold-boot-time: description: Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. type: int neighbor-hold-down: choices: - disable - enable description: Enable/disable hold switching from the secondary neighbor to the primary neighbor. type: str neighbor-hold-down-time: description: Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. type: int service: description: description elements: dict suboptions: addr-mode: choices: - ipv4 - ipv6 description: Address mode type: str agent-exclusive: choices: - disable - enable description: Set/unset the service as agent use exclusively. type: str bandwidth-weight: description: Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. type: int default: choices: - disable - enable description: Enable/disable use of SD-WAN as default service. type: str dscp-forward: choices: - disable - enable description: Enable/disable forward traffic DSCP tag. type: str dscp-forward-tag: description: Forward traffic DSCP tag. type: str dscp-reverse: choices: - disable - enable description: Enable/disable reverse traffic DSCP tag. type: str dscp-reverse-tag: description: Reverse traffic DSCP tag. type: str dst: description: Destination address name. type: str dst-negate: choices: - disable - enable description: Enable/disable negation of destination address match. type: str dst6: description: Destination address6 name. type: str end-port: description: End destination port number. type: int gateway: choices: - disable - enable description: Enable/disable SD-WAN service gateway. type: str groups: description: User groups. type: str hash-mode: choices: - round-robin - source-ip-based - source-dest-ip-based - inbandwidth - outbandwidth - bibandwidth description: Hash algorithm for selected priority members for load balance mode. type: str health-check: description: Health check list. type: str hold-down-time: description: Waiting period in seconds when switching from the back-up member to the primary member type: int id: description: SD-WAN rule ID type: int input-device: description: Source interface name. type: str input-device-negate: choices: - disable - enable description: Enable/disable negation of input device match. type: str input-zone: description: description type: str internet-service: choices: - disable - enable description: Enable/disable use of Internet service for application-based load balancing. type: str internet-service-app-ctrl: description: description type: int internet-service-app-ctrl-category: description: description type: int internet-service-app-ctrl-group: description: Application control based Internet Service group list. type: str internet-service-custom: description: Custom Internet service name list. type: str internet-service-custom-group: description: Custom Internet Service group list. type: str internet-service-group: description: Internet Service group list. type: str internet-service-name: description: Internet service name list. type: str jitter-weight: description: Coefficient of jitter in the formula of custom-profile-1. type: int latency-weight: description: Coefficient of latency in the formula of custom-profile-1. type: int link-cost-factor: choices: - latency - jitter - packet-loss - inbandwidth - outbandwidth - bibandwidth - custom-profile-1 description: Link cost factor. type: str link-cost-threshold: description: Percentage threshold change of link cost values that will result in policy route regeneration type: int minimum-sla-meet-members: description: Minimum number of members which meet SLA. type: int mode: choices: - auto - manual - priority - sla - load-balance description: Control how the SD-WAN rule sets the priority of interfaces in the SD-WAN. type: str name: description: SD-WAN rule name. type: str packet-loss-weight: description: Coefficient of packet-loss in the formula of custom-profile-1. type: int passive-measurement: choices: - disable - enable description: Enable/disable passive measurement based on the service criteria. type: str priority-members: description: Member sequence number list. type: str priority-zone: description: description type: str protocol: description: Protocol number. type: int quality-link: description: Quality grade. type: int role: choices: - primary - secondary - standalone description: Service role to work with neighbor. type: str route-tag: description: IPv4 route map route-tag. type: int shortcut: choices: - disable - enable description: Enable/disable shortcut for this service. type: str shortcut-stickiness: choices: - disable - enable description: Enable/disable shortcut-stickiness of ADVPN. type: str sla: description: description elements: dict suboptions: health-check: description: SD-WAN health-check. type: str id: description: SLA ID. type: int type: list sla-compare-method: choices: - order - number description: Method to compare SLA value for SLA mode. type: str src: description: Source address name. type: str src-negate: choices: - disable - enable description: Enable/disable negation of source address match. type: str src6: description: Source address6 name. type: str standalone-action: choices: - disable - enable description: Enable/disable service when selected neighbor role is standalone while service role is not standalone. type: str start-port: description: Start destination port number. type: int status: choices: - disable - enable description: Enable/disable SD-WAN service. type: str tie-break: choices: - zone - cfg-order - fib-best-match - input-device description: Method of selecting member if more than one meets the SLA. type: str tos: description: Type of service bit pattern. type: str tos-mask: description: Type of service evaluated bits. type: str use-shortcut-sla: choices: - disable - enable description: Enable/disable use of ADVPN shortcut for quality comparison. type: str users: description: User name. type: str type: list speedtest-bypass-routing: choices: - disable - enable description: Enable/disable bypass routing when speedtest on a SD-WAN member. type: str status: choices: - disable - enable description: Enable/disable SD-WAN. type: str zone: description: description elements: dict suboptions: name: description: Zone name. type: str service-sla-tie-break: choices: - cfg-order - fib-best-match - input-device description: Method of selecting member if more than one meets the SLA. type: str type: list type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list