Try SpotterConfigure redundant internet connections using SD-WAN
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure redundant internet connections using SD-WAN
fmgr_wanprof_system_virtualwanlink:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
wanprof: <your own value>
wanprof_system_virtualwanlink:
fail-detect: <value in [disable, enable]>
health-check:
-
_dynamic-server: <value of string>
addr-mode: <value in [ipv4, ipv6]>
failtime: <value of integer>
http-agent: <value of string>
http-get: <value of string>
http-match: <value of string>
interval: <value of integer>
members: <value of string>
name: <value of string>
packet-size: <value of integer>
password: <value of string>
port: <value of integer>
protocol: <value in [ping, tcp-echo, udp-echo, ...]>
recoverytime: <value of integer>
security-mode: <value in [none, authentication]>
server: <value of string>
sla:
-
id: <value of integer>
jitter-threshold: <value of integer>
latency-threshold: <value of integer>
link-cost-factor:
- latency
- jitter
- packet-loss
packetloss-threshold: <value of integer>
threshold-alert-jitter: <value of integer>
threshold-alert-latency: <value of integer>
threshold-alert-packetloss: <value of integer>
threshold-warning-jitter: <value of integer>
threshold-warning-latency: <value of integer>
threshold-warning-packetloss: <value of integer>
update-cascade-interface: <value in [disable, enable]>
update-static-route: <value in [disable, enable]>
internet-service-id: <value of string>
probe-packets: <value in [disable, enable]>
sla-fail-log-period: <value of integer>
sla-pass-log-period: <value of integer>
timeout: <value of integer>
ha-priority: <value of integer>
diffservcode: <value of string>
probe-timeout: <value of integer>
dns-request-domain: <value of string>
probe-count: <value of integer>
system-dns: <value in [disable, enable]>
load-balance-mode: <value in [source-ip-based, weight-based, usage-based, ...]>
members:
-
_dynamic-member: <value of string>
comment: <value of string>
gateway: <value of string>
gateway6: <value of string>
ingress-spillover-threshold: <value of integer>
interface: <value of string>
priority: <value of integer>
seq-num: <value of integer>
source: <value of string>
source6: <value of string>
spillover-threshold: <value of integer>
status: <value in [disable, enable]>
volume-ratio: <value of integer>
weight: <value of integer>
cost: <value of integer>
service:
-
addr-mode: <value in [ipv4, ipv6]>
bandwidth-weight: <value of integer>
default: <value in [disable, enable]>
dscp-forward: <value in [disable, enable]>
dscp-forward-tag: <value of string>
dscp-reverse: <value in [disable, enable]>
dscp-reverse-tag: <value of string>
dst: <value of string>
dst-negate: <value in [disable, enable]>
dst6: <value of string>
end-port: <value of integer>
gateway: <value in [disable, enable]>
groups: <value of string>
health-check: <value of string>
hold-down-time: <value of integer>
id: <value of integer>
internet-service: <value in [disable, enable]>
internet-service-ctrl: <value of integer>
internet-service-ctrl-group: <value of string>
internet-service-custom: <value of string>
internet-service-custom-group: <value of string>
internet-service-group: <value of string>
internet-service-id: <value of string>
jitter-weight: <value of integer>
latency-weight: <value of integer>
link-cost-factor: <value in [latency, jitter, packet-loss, ...]>
link-cost-threshold: <value of integer>
member: <value of string>
mode: <value in [auto, manual, priority, ...]>
name: <value of string>
packet-loss-weight: <value of integer>
priority-members: <value of string>
protocol: <value of integer>
quality-link: <value of integer>
route-tag: <value of integer>
sla:
-
health-check: <value of string>
id: <value of integer>
src: <value of string>
src-negate: <value in [disable, enable]>
src6: <value of string>
start-port: <value of integer>
status: <value in [disable, enable]>
tos: <value of string>
tos-mask: <value of string>
users: <value of string>
internet-service-app-ctrl: <value of integer>
internet-service-app-ctrl-group: <value of string>
role: <value in [primary, secondary, standalone]>
sla-compare-method: <value in [order, number]>
standalone-action: <value in [disable, enable]>
input-device: <value of string>
internet-service-name: <value of string>
input-device-negate: <value in [disable, enable]>
status: <value in [disable, enable]>
neighbor:
-
health-check: <value of string>
ip: <value of string>
member: <value of string>
role: <value in [primary, secondary, standalone]>
sla-id: <value of integer>
neighbor-hold-boot-time: <value of integer>
neighbor-hold-down: <value in [disable, enable]>
neighbor-hold-down-time: <value of integer>
fail-alert-interfaces: <value of string>
adom:
description: the parameter (adom) in requested url
required: true
type: str
wanprof:
description: the parameter (wanprof) in requested url
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
wanprof_system_virtualwanlink:
description: the top level parameters set
required: false
suboptions:
fail-alert-interfaces:
description: description
type: str
fail-detect:
choices:
- disable
- enable
description: Enable/disable SD-WAN Internet connection status checking
type: str
health-check:
description: description
elements: dict
suboptions:
_dynamic-server:
description: no description
type: str
addr-mode:
choices:
- ipv4
- ipv6
description: Address mode
type: str
diffservcode:
description: Differentiated services code point
type: str
dns-request-domain:
description: Fully qualified domain name to resolve for the DNS probe.
type: str
failtime:
description: Number of failures before server is considered lost
type: int
ha-priority:
description: HA election priority
type: int
http-agent:
description: String in the http-agent field in the HTTP header.
type: str
http-get:
description: URL used to communicate with the server if the protocol if the
protocol is HTTP.
type: str
http-match:
description: Response string expected from the server if the protocol is HTTP.
type: str
internet-service-id:
description: Internet service ID.
type: str
interval:
description: Status check interval, or the time between attempting to connect
to the server
type: int
members:
description: Member sequence number list.
type: str
name:
description: Status check or health check name.
type: str
packet-size:
description: Packet size of a twamp test session,
type: int
password:
description: description
type: str
port:
description: Port number used to communicate with the server over the selected
protocol.
type: int
probe-count:
description: Number of most recent probes that should be used to calculate
latency and jitter
type: int
probe-packets:
choices:
- disable
- enable
description: Enable/disable transmission of probe packets.
type: str
probe-timeout:
description: Time to wait before a probe packet is considered lost
type: int
protocol:
choices:
- ping
- tcp-echo
- udp-echo
- http
- twamp
- ping6
- dns
description: Protocol used to determine if the FortiGate can communicate with
the server.
type: str
recoverytime:
description: Number of successful responses received before server is considered
recovered
type: int
security-mode:
choices:
- none
- authentication
description: Twamp controller security mode.
type: str
server:
description: description
type: str
sla:
description: description
elements: dict
suboptions:
id:
description: SLA ID.
type: int
jitter-threshold:
description: Jitter for SLA to make decision in milliseconds.
type: int
latency-threshold:
description: Latency for SLA to make decision in milliseconds.
type: int
link-cost-factor:
choices:
- latency
- jitter
- packet-loss
description: description
elements: str
type: list
packetloss-threshold:
description: Packet loss for SLA to make decision in percentage.
type: int
type: list
sla-fail-log-period:
description: Time interval in seconds that SLA fail log messages will be generated
type: int
sla-pass-log-period:
description: Time interval in seconds that SLA pass log messages will be generated
type: int
system-dns:
choices:
- disable
- enable
description: Enable/disable system DNS as the probe server.
type: str
threshold-alert-jitter:
description: Alert threshold for jitter
type: int
threshold-alert-latency:
description: Alert threshold for latency
type: int
threshold-alert-packetloss:
description: Alert threshold for packet loss
type: int
threshold-warning-jitter:
description: Warning threshold for jitter
type: int
threshold-warning-latency:
description: Warning threshold for latency
type: int
threshold-warning-packetloss:
description: Warning threshold for packet loss
type: int
timeout:
description: How long to wait before not receiving a reply from the server
to consider the connetion attempt a failure
type: int
update-cascade-interface:
choices:
- disable
- enable
description: Enable/disable update cascade interface.
type: str
update-static-route:
choices:
- disable
- enable
description: Enable/disable updating the static route.
type: str
type: list
load-balance-mode:
choices:
- source-ip-based
- weight-based
- usage-based
- source-dest-ip-based
- measured-volume-based
description: Algorithm or mode to use for load balancing Internet traffic to SD-WAN
members.
type: str
members:
description: description
elements: dict
suboptions:
_dynamic-member:
description: no description
type: str
comment:
description: Comments.
type: str
cost:
description: Cost of this interface for services in SLA mode
type: int
gateway:
description: The default gateway for this interface.
type: str
gateway6:
description: IPv6 gateway.
type: str
ingress-spillover-threshold:
description: Ingress spillover threshold for this interface
type: int
interface:
description: Interface name.
type: str
priority:
description: Priority of the interface
type: int
seq-num:
description: Sequence number
type: int
source:
description: Source IP address used in the health-check packet to the server.
type: str
source6:
description: Source IPv6 address used in the health-check packet to the server.
type: str
spillover-threshold:
description: Egress spillover threshold for this interface
type: int
status:
choices:
- disable
- enable
description: Enable/disable this interface in the SD-WAN.
type: str
volume-ratio:
description: Measured volume ratio
type: int
weight:
description: Weight of this interface for weighted load balancing.
type: int
type: list
neighbor:
description: description
elements: dict
suboptions:
health-check:
description: SD-WAN health-check name.
type: str
ip:
description: IP address of neighbor.
type: str
member:
description: Member sequence number.
type: str
role:
choices:
- primary
- secondary
- standalone
description: Role of neighbor.
type: str
sla-id:
description: SLA ID.
type: int
type: list
neighbor-hold-boot-time:
description: Waiting period in seconds when switching from the primary neighbor
to the secondary neighbor from the neighbor start.
type: int
neighbor-hold-down:
choices:
- disable
- enable
description: Enable/disable hold switching from the secondary neighbor to the
primary neighbor.
type: str
neighbor-hold-down-time:
description: Waiting period in seconds when switching from the secondary neighbor
to the primary neighbor when hold-down is disabled.
type: int
service:
description: description
elements: dict
suboptions:
addr-mode:
choices:
- ipv4
- ipv6
description: Address mode
type: str
bandwidth-weight:
description: Coefficient of reciprocal of available bidirectional bandwidth
in the formula of custom-profile-1.
type: int
default:
choices:
- disable
- enable
description: Enable/disable use of SD-WAN as default service.
type: str
dscp-forward:
choices:
- disable
- enable
description: Enable/disable forward traffic DSCP tag.
type: str
dscp-forward-tag:
description: Forward traffic DSCP tag.
type: str
dscp-reverse:
choices:
- disable
- enable
description: Enable/disable reverse traffic DSCP tag.
type: str
dscp-reverse-tag:
description: Reverse traffic DSCP tag.
type: str
dst:
description: Destination address name.
type: str
dst-negate:
choices:
- disable
- enable
description: Enable/disable negation of destination address match.
type: str
dst6:
description: Destination address6 name.
type: str
end-port:
description: End destination port number.
type: int
gateway:
choices:
- disable
- enable
description: Enable/disable SD-WAN service gateway.
type: str
groups:
description: User groups.
type: str
health-check:
description: Health check.
type: str
hold-down-time:
description: Waiting period in seconds when switching from the back-up member
to the primary member
type: int
id:
description: Priority rule ID
type: int
input-device:
description: Source interface name.
type: str
input-device-negate:
choices:
- disable
- enable
description: Enable/disable negation of input device match.
type: str
internet-service:
choices:
- disable
- enable
description: Enable/disable use of Internet service for application-based
load balancing.
type: str
internet-service-app-ctrl:
description: description
type: int
internet-service-app-ctrl-group:
description: Application control based Internet Service group list.
type: str
internet-service-ctrl:
description: description
type: int
internet-service-ctrl-group:
description: Control-based Internet Service group list.
type: str
internet-service-custom:
description: Custom Internet service name list.
type: str
internet-service-custom-group:
description: Custom Internet Service group list.
type: str
internet-service-group:
description: Internet Service group list.
type: str
internet-service-id:
description: Internet service ID list.
type: str
internet-service-name:
description: Internet service name list.
type: str
jitter-weight:
description: Coefficient of jitter in the formula of custom-profile-1.
type: int
latency-weight:
description: Coefficient of latency in the formula of custom-profile-1.
type: int
link-cost-factor:
choices:
- latency
- jitter
- packet-loss
- inbandwidth
- outbandwidth
- bibandwidth
- custom-profile-1
description: Link cost factor.
type: str
link-cost-threshold:
description: Percentage threshold change of link cost values that will result
in policy route regeneration
type: int
member:
description: Member sequence number.
type: str
mode:
choices:
- auto
- manual
- priority
- sla
- load-balance
description: Control how the priority rule sets the priority of interfaces
in the SD-WAN.
type: str
name:
description: Priority rule name.
type: str
packet-loss-weight:
description: Coefficient of packet-loss in the formula of custom-profile-1.
type: int
priority-members:
description: Member sequence number list.
type: str
protocol:
description: Protocol number.
type: int
quality-link:
description: Quality grade.
type: int
role:
choices:
- primary
- secondary
- standalone
description: Service role to work with neighbor.
type: str
route-tag:
description: IPv4 route map route-tag.
type: int
sla:
description: description
elements: dict
suboptions:
health-check:
description: Virtual WAN Link health-check.
type: str
id:
description: SLA ID.
type: int
type: list
sla-compare-method:
choices:
- order
- number
description: Method to compare SLA value for sla and load balance mode.
type: str
src:
description: Source address name.
type: str
src-negate:
choices:
- disable
- enable
description: Enable/disable negation of source address match.
type: str
src6:
description: Source address6 name.
type: str
standalone-action:
choices:
- disable
- enable
description: Enable/disable service when selected neighbor role is standalone
while service role is not standalone.
type: str
start-port:
description: Start destination port number.
type: int
status:
choices:
- disable
- enable
description: Enable/disable SD-WAN service.
type: str
tos:
description: Type of service bit pattern.
type: str
tos-mask:
description: Type of service evaluated bits.
type: str
users:
description: User name.
type: str
type: list
status:
choices:
- disable
- enable
description: Enable/disable SD-WAN.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list