Try SpotterConfigure redundant internet connections using SD-WAN
| "added in version" 2.1.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure redundant internet connections using SD-WAN
fmgr_wanprof_system_sdwan:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
wanprof: <your own value>
wanprof_system_sdwan:
duplication:
-
dstaddr: <value of string>
dstaddr6: <value of string>
dstintf: <value of string>
id: <value of integer>
packet-de-duplication: <value in [disable, enable]>
packet-duplication: <value in [disable, force, on-demand]>
service: <value of string>
srcaddr: <value of string>
srcaddr6: <value of string>
srcintf: <value of string>
service-id: <value of string>
sla-match-service: <value in [disable, enable]>
duplication-max-num: <value of integer>
fail-detect: <value in [disable, enable]>
health-check:
-
_dynamic-server: <value of string>
addr-mode: <value in [ipv4, ipv6]>
diffservcode: <value of string>
dns-match-ip: <value of string>
dns-request-domain: <value of string>
failtime: <value of integer>
ftp-file: <value of string>
ftp-mode: <value in [passive, port]>
ha-priority: <value of integer>
http-agent: <value of string>
http-get: <value of string>
http-match: <value of string>
interval: <value of integer>
members: <value of string>
name: <value of string>
packet-size: <value of integer>
password: <value of string>
port: <value of integer>
probe-count: <value of integer>
probe-packets: <value in [disable, enable]>
probe-timeout: <value of integer>
protocol: <value in [ping, tcp-echo, udp-echo, ...]>
quality-measured-method: <value in [half-close, half-open]>
recoverytime: <value of integer>
security-mode: <value in [none, authentication]>
server: <value of string>
sla:
-
id: <value of integer>
jitter-threshold: <value of integer>
latency-threshold: <value of integer>
link-cost-factor:
- latency
- jitter
- packet-loss
- mos
packetloss-threshold: <value of integer>
mos-threshold: <value of string>
priority-in-sla: <value of integer>
priority-out-sla: <value of integer>
sla-fail-log-period: <value of integer>
sla-pass-log-period: <value of integer>
system-dns: <value in [disable, enable]>
threshold-alert-jitter: <value of integer>
threshold-alert-latency: <value of integer>
threshold-alert-packetloss: <value of integer>
threshold-warning-jitter: <value of integer>
threshold-warning-latency: <value of integer>
threshold-warning-packetloss: <value of integer>
update-cascade-interface: <value in [disable, enable]>
update-static-route: <value in [disable, enable]>
user: <value of string>
detect-mode: <value in [active, passive, prefer-passive, ...]>
mos-codec: <value in [g711, g722, g729]>
source: <value of string>
vrf: <value of integer>
embed-measured-health: <value in [disable, enable]>
sla-id-redistribute: <value of integer>
class-id: <value of string>
source6: <value of string>
load-balance-mode: <value in [source-ip-based, weight-based, usage-based, ...]>
members:
-
_dynamic-member: <value of string>
comment: <value of string>
cost: <value of integer>
gateway: <value of string>
gateway6: <value of string>
ingress-spillover-threshold: <value of integer>
interface: <value of string>
priority: <value of integer>
seq-num: <value of integer>
source: <value of string>
source6: <value of string>
spillover-threshold: <value of integer>
status: <value in [disable, enable]>
volume-ratio: <value of integer>
weight: <value of integer>
zone: <value of string>
priority6: <value of integer>
preferred-source: <value of string>
neighbor:
-
health-check: <value of string>
ip: <value of string>
member: <value of string>
role: <value in [primary, secondary, standalone]>
sla-id: <value of integer>
minimum-sla-meet-members: <value of integer>
mode: <value in [sla, speedtest]>
neighbor-hold-boot-time: <value of integer>
neighbor-hold-down: <value in [disable, enable]>
neighbor-hold-down-time: <value of integer>
service:
-
addr-mode: <value in [ipv4, ipv6]>
bandwidth-weight: <value of integer>
default: <value in [disable, enable]>
dscp-forward: <value in [disable, enable]>
dscp-forward-tag: <value of string>
dscp-reverse: <value in [disable, enable]>
dscp-reverse-tag: <value of string>
dst: <value of string>
dst-negate: <value in [disable, enable]>
dst6: <value of string>
end-port: <value of integer>
gateway: <value in [disable, enable]>
groups: <value of string>
hash-mode: <value in [round-robin, source-ip-based, source-dest-ip-based, ...]>
health-check: <value of string>
hold-down-time: <value of integer>
id: <value of integer>
input-device: <value of string>
input-device-negate: <value in [disable, enable]>
internet-service: <value in [disable, enable]>
internet-service-app-ctrl: <value of integer>
internet-service-app-ctrl-group: <value of string>
internet-service-custom: <value of string>
internet-service-custom-group: <value of string>
internet-service-group: <value of string>
internet-service-name: <value of string>
jitter-weight: <value of integer>
latency-weight: <value of integer>
link-cost-factor: <value in [latency, jitter, packet-loss, ...]>
link-cost-threshold: <value of integer>
minimum-sla-meet-members: <value of integer>
mode: <value in [auto, manual, priority, ...]>
name: <value of string>
packet-loss-weight: <value of integer>
priority-members: <value of string>
protocol: <value of integer>
quality-link: <value of integer>
role: <value in [primary, secondary, standalone]>
route-tag: <value of integer>
sla:
-
health-check: <value of string>
id: <value of integer>
sla-compare-method: <value in [order, number]>
src: <value of string>
src-negate: <value in [disable, enable]>
src6: <value of string>
standalone-action: <value in [disable, enable]>
start-port: <value of integer>
status: <value in [disable, enable]>
tos: <value of string>
tos-mask: <value of string>
users: <value of string>
tie-break: <value in [zone, cfg-order, fib-best-match, ...]>
use-shortcut-sla: <value in [disable, enable]>
input-zone: <value of string>
internet-service-app-ctrl-category: <value of integer>
passive-measurement: <value in [disable, enable]>
priority-zone: <value of string>
agent-exclusive: <value in [disable, enable]>
shortcut: <value in [disable, enable]>
shortcut-stickiness: <value in [disable, enable]>
status: <value in [disable, enable]>
zone:
-
name: <value of string>
service-sla-tie-break: <value in [cfg-order, fib-best-match, input-device]>
speedtest-bypass-routing: <value in [disable, enable]>
fail-alert-interfaces: <value of string>
app-perf-log-period: <value of integer>
adom:
description: the parameter (adom) in requested url
required: true
type: str
wanprof:
description: the parameter (wanprof) in requested url
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
wanprof_system_sdwan:
description: the top level parameters set
required: false
suboptions:
app-perf-log-period:
description: Time interval in seconds that applicationperformance logs are generated
type: int
duplication:
description: description
elements: dict
suboptions:
dstaddr:
description: Destination address or address group names.
type: str
dstaddr6:
description: Destination address6 or address6 group names.
type: str
dstintf:
description: Outgoing
type: str
id:
description: Duplication rule ID
type: int
packet-de-duplication:
choices:
- disable
- enable
description: Enable/disable discarding of packets that have been duplicated.
type: str
packet-duplication:
choices:
- disable
- force
- on-demand
description: Configure packet duplication method.
type: str
service:
description: Service and service group name.
type: str
service-id:
description: SD-WAN service rule ID list.
type: str
sla-match-service:
choices:
- disable
- enable
description: Enable/disable packet duplication matching health-check SLAs
in service rule.
type: str
srcaddr:
description: Source address or address group names.
type: str
srcaddr6:
description: Source address6 or address6 group names.
type: str
srcintf:
description: Incoming
type: str
type: list
duplication-max-num:
description: Maximum number of interface members a packet is duplicated in the
SD-WAN zone
type: int
fail-alert-interfaces:
description: description
type: str
fail-detect:
choices:
- disable
- enable
description: Enable/disable SD-WAN Internet connection status checking
type: str
health-check:
description: description
elements: dict
suboptions:
_dynamic-server:
description: no description
type: str
addr-mode:
choices:
- ipv4
- ipv6
description: Address mode
type: str
class-id:
description: Traffic class ID.
type: str
detect-mode:
choices:
- active
- passive
- prefer-passive
- remote
- agent-based
description: The mode determining how to detect the server.
type: str
diffservcode:
description: Differentiated services code point
type: str
dns-match-ip:
description: Response IP expected from DNS server if the protocol is DNS.
type: str
dns-request-domain:
description: Fully qualified domain name to resolve for the DNS probe.
type: str
embed-measured-health:
choices:
- disable
- enable
description: Enable/disable embedding measured health information.
type: str
failtime:
description: Number of failures before server is considered lost
type: int
ftp-file:
description: Full path and file name on the FTP server to download for FTP
health-check to probe.
type: str
ftp-mode:
choices:
- passive
- port
description: FTP mode.
type: str
ha-priority:
description: HA election priority
type: int
http-agent:
description: String in the http-agent field in the HTTP header.
type: str
http-get:
description: URL used to communicate with the server if the protocol if the
protocol is HTTP.
type: str
http-match:
description: Response string expected from the server if the protocol is HTTP.
type: str
interval:
description: Status check interval in milliseconds, or the time between attempting
to connect to the server
type: int
members:
description: Member sequence number list.
type: str
mos-codec:
choices:
- g711
- g722
- g729
description: Codec to use for MOS calculation
type: str
name:
description: Status check or health check name.
type: str
packet-size:
description: Packet size of a twamp test session,
type: int
password:
description: description
type: str
port:
description: Port number used to communicate with the server over the selected
protocol
type: int
probe-count:
description: Number of most recent probes that should be used to calculate
latency and jitter
type: int
probe-packets:
choices:
- disable
- enable
description: Enable/disable transmission of probe packets.
type: str
probe-timeout:
description: Time to wait before a probe packet is considered lost
type: int
protocol:
choices:
- ping
- tcp-echo
- udp-echo
- http
- twamp
- ping6
- dns
- tcp-connect
- ftp
description: Protocol used to determine if the FortiGate can communicate with
the server.
type: str
quality-measured-method:
choices:
- half-close
- half-open
description: Method to measure the quality of tcp-connect.
type: str
recoverytime:
description: Number of successful responses received before server is considered
recovered
type: int
security-mode:
choices:
- none
- authentication
description: Twamp controller security mode.
type: str
server:
description: description
type: str
sla:
description: description
elements: dict
suboptions:
id:
description: SLA ID.
type: int
jitter-threshold:
description: Jitter for SLA to make decision in milliseconds.
type: int
latency-threshold:
description: Latency for SLA to make decision in milliseconds.
type: int
link-cost-factor:
choices:
- latency
- jitter
- packet-loss
- mos
description: description
elements: str
type: list
mos-threshold:
description: Minimum Mean Opinion Score for SLA to be marked as pass.
type: str
packetloss-threshold:
description: Packet loss for SLA to make decision in percentage.
type: int
priority-in-sla:
description: Value to be distributed into routing table when in-sla
type: int
priority-out-sla:
description: Value to be distributed into routing table when out-sla
type: int
type: list
sla-fail-log-period:
description: Time interval in seconds that SLA fail log messages will be generated
type: int
sla-id-redistribute:
description: Select the ID from the SLA sub-table.
type: int
sla-pass-log-period:
description: Time interval in seconds that SLA pass log messages will be generated
type: int
source:
description: Source IP address used in the health-check packet to the server.
type: str
source6:
description: Source IPv6 addressused in the health-check packet to server.
type: str
system-dns:
choices:
- disable
- enable
description: Enable/disable system DNS as the probe server.
type: str
threshold-alert-jitter:
description: Alert threshold for jitter
type: int
threshold-alert-latency:
description: Alert threshold for latency
type: int
threshold-alert-packetloss:
description: Alert threshold for packet loss
type: int
threshold-warning-jitter:
description: Warning threshold for jitter
type: int
threshold-warning-latency:
description: Warning threshold for latency
type: int
threshold-warning-packetloss:
description: Warning threshold for packet loss
type: int
update-cascade-interface:
choices:
- disable
- enable
description: Enable/disable update cascade interface.
type: str
update-static-route:
choices:
- disable
- enable
description: Enable/disable updating the static route.
type: str
user:
description: The user name to access probe server.
type: str
vrf:
description: Virtual Routing Forwarding ID.
type: int
type: list
load-balance-mode:
choices:
- source-ip-based
- weight-based
- usage-based
- source-dest-ip-based
- measured-volume-based
description: Algorithm or mode to use for load balancing Internet traffic to SD-WAN
members.
type: str
members:
description: description
elements: dict
suboptions:
_dynamic-member:
description: no description
type: str
comment:
description: Comments.
type: str
cost:
description: Cost of this interface for services in SLA mode
type: int
gateway:
description: The default gateway for this interface.
type: str
gateway6:
description: IPv6 gateway.
type: str
ingress-spillover-threshold:
description: Ingress spillover threshold for this interface
type: int
interface:
description: Interface name.
type: str
preferred-source:
description: Preferred source of route for this member.
type: str
priority:
description: Priority of the interface
type: int
priority6:
description: Priority of the interface for IPv6
type: int
seq-num:
description: Sequence number
type: int
source:
description: Source IP address used in the health-check packet to the server.
type: str
source6:
description: Source IPv6 address used in the health-check packet to the server.
type: str
spillover-threshold:
description: Egress spillover threshold for this interface
type: int
status:
choices:
- disable
- enable
description: Enable/disable this interface in the SD-WAN.
type: str
volume-ratio:
description: Measured volume ratio
type: int
weight:
description: Weight of this interface for weighted load balancing.
type: int
zone:
description: Zone name.
type: str
type: list
neighbor:
description: description
elements: dict
suboptions:
health-check:
description: SD-WAN health-check name.
type: str
ip:
description: IP/IPv6 address of neighbor.
type: str
member:
description: Member sequence number.
type: str
minimum-sla-meet-members:
description: Minimum number of members which meet SLA when the neighbor is
preferred.
type: int
mode:
choices:
- sla
- speedtest
description: What metric to select the neighbor.
type: str
role:
choices:
- primary
- secondary
- standalone
description: Role of neighbor.
type: str
sla-id:
description: SLA ID.
type: int
type: list
neighbor-hold-boot-time:
description: Waiting period in seconds when switching from the primary neighbor
to the secondary neighbor from the neighbor start.
type: int
neighbor-hold-down:
choices:
- disable
- enable
description: Enable/disable hold switching from the secondary neighbor to the
primary neighbor.
type: str
neighbor-hold-down-time:
description: Waiting period in seconds when switching from the secondary neighbor
to the primary neighbor when hold-down is disabled.
type: int
service:
description: description
elements: dict
suboptions:
addr-mode:
choices:
- ipv4
- ipv6
description: Address mode
type: str
agent-exclusive:
choices:
- disable
- enable
description: Set/unset the service as agent use exclusively.
type: str
bandwidth-weight:
description: Coefficient of reciprocal of available bidirectional bandwidth
in the formula of custom-profile-1.
type: int
default:
choices:
- disable
- enable
description: Enable/disable use of SD-WAN as default service.
type: str
dscp-forward:
choices:
- disable
- enable
description: Enable/disable forward traffic DSCP tag.
type: str
dscp-forward-tag:
description: Forward traffic DSCP tag.
type: str
dscp-reverse:
choices:
- disable
- enable
description: Enable/disable reverse traffic DSCP tag.
type: str
dscp-reverse-tag:
description: Reverse traffic DSCP tag.
type: str
dst:
description: Destination address name.
type: str
dst-negate:
choices:
- disable
- enable
description: Enable/disable negation of destination address match.
type: str
dst6:
description: Destination address6 name.
type: str
end-port:
description: End destination port number.
type: int
gateway:
choices:
- disable
- enable
description: Enable/disable SD-WAN service gateway.
type: str
groups:
description: User groups.
type: str
hash-mode:
choices:
- round-robin
- source-ip-based
- source-dest-ip-based
- inbandwidth
- outbandwidth
- bibandwidth
description: Hash algorithm for selected priority members for load balance
mode.
type: str
health-check:
description: Health check list.
type: str
hold-down-time:
description: Waiting period in seconds when switching from the back-up member
to the primary member
type: int
id:
description: SD-WAN rule ID
type: int
input-device:
description: Source interface name.
type: str
input-device-negate:
choices:
- disable
- enable
description: Enable/disable negation of input device match.
type: str
input-zone:
description: description
type: str
internet-service:
choices:
- disable
- enable
description: Enable/disable use of Internet service for application-based
load balancing.
type: str
internet-service-app-ctrl:
description: description
type: int
internet-service-app-ctrl-category:
description: description
type: int
internet-service-app-ctrl-group:
description: Application control based Internet Service group list.
type: str
internet-service-custom:
description: Custom Internet service name list.
type: str
internet-service-custom-group:
description: Custom Internet Service group list.
type: str
internet-service-group:
description: Internet Service group list.
type: str
internet-service-name:
description: Internet service name list.
type: str
jitter-weight:
description: Coefficient of jitter in the formula of custom-profile-1.
type: int
latency-weight:
description: Coefficient of latency in the formula of custom-profile-1.
type: int
link-cost-factor:
choices:
- latency
- jitter
- packet-loss
- inbandwidth
- outbandwidth
- bibandwidth
- custom-profile-1
description: Link cost factor.
type: str
link-cost-threshold:
description: Percentage threshold change of link cost values that will result
in policy route regeneration
type: int
minimum-sla-meet-members:
description: Minimum number of members which meet SLA.
type: int
mode:
choices:
- auto
- manual
- priority
- sla
- load-balance
description: Control how the SD-WAN rule sets the priority of interfaces in
the SD-WAN.
type: str
name:
description: SD-WAN rule name.
type: str
packet-loss-weight:
description: Coefficient of packet-loss in the formula of custom-profile-1.
type: int
passive-measurement:
choices:
- disable
- enable
description: Enable/disable passive measurement based on the service criteria.
type: str
priority-members:
description: Member sequence number list.
type: str
priority-zone:
description: description
type: str
protocol:
description: Protocol number.
type: int
quality-link:
description: Quality grade.
type: int
role:
choices:
- primary
- secondary
- standalone
description: Service role to work with neighbor.
type: str
route-tag:
description: IPv4 route map route-tag.
type: int
shortcut:
choices:
- disable
- enable
description: Enable/disable shortcut for this service.
type: str
shortcut-stickiness:
choices:
- disable
- enable
description: Enable/disable shortcut-stickiness of ADVPN.
type: str
sla:
description: description
elements: dict
suboptions:
health-check:
description: SD-WAN health-check.
type: str
id:
description: SLA ID.
type: int
type: list
sla-compare-method:
choices:
- order
- number
description: Method to compare SLA value for SLA mode.
type: str
src:
description: Source address name.
type: str
src-negate:
choices:
- disable
- enable
description: Enable/disable negation of source address match.
type: str
src6:
description: Source address6 name.
type: str
standalone-action:
choices:
- disable
- enable
description: Enable/disable service when selected neighbor role is standalone
while service role is not standalone.
type: str
start-port:
description: Start destination port number.
type: int
status:
choices:
- disable
- enable
description: Enable/disable SD-WAN service.
type: str
tie-break:
choices:
- zone
- cfg-order
- fib-best-match
- input-device
description: Method of selecting member if more than one meets the SLA.
type: str
tos:
description: Type of service bit pattern.
type: str
tos-mask:
description: Type of service evaluated bits.
type: str
use-shortcut-sla:
choices:
- disable
- enable
description: Enable/disable use of ADVPN shortcut for quality comparison.
type: str
users:
description: User name.
type: str
type: list
speedtest-bypass-routing:
choices:
- disable
- enable
description: Enable/disable bypass routing when speedtest on a SD-WAN member.
type: str
status:
choices:
- disable
- enable
description: Enable/disable SD-WAN.
type: str
zone:
description: description
elements: dict
suboptions:
name:
description: Zone name.
type: str
service-sla-tie-break:
choices:
- cfg-order
- fib-best-match
- input-device
description: Method of selecting member if more than one meets the SLA.
type: str
type: list
type: dict
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list