Try SpotterConfigure Virtual Access Points
| "added in version" 2.0.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fortinet.fortimanager.fmgr_vap:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen_forticlient_connection: <value in [disable, enable]>
acct_interim_interval: <integer>
alias: <string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen_forticlient_connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct_interim_interval: <integer>
address_group: <string>
alias: <string>
atf_weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
client_count: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
local_switching: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe_groups:
- 19
- 20
- 21
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11ac_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates_11ac_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates_11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11n_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates_11n_ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae_groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae_password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <list or string>
vlan_auto: <value in [disable, enable]>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
mu_mimo: <value in [disable, enable]>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
additional_akms:
- akm6
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- name
- model
- serial-number
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates_11ax_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_list:
-
id: <integer>
mac: <string>
mac_filter_policy: <value in [deny, allow]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
mpsk_key:
-
comment: <string>
concurrent_clients: <string>
key_name: <string>
passphrase: <list or string>
mpsk_schedules: <list or string>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
name: <string>
okc: <value in [disable, enable]>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11ac_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates_11ac_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates_11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11n_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates_11n_ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <string>
vlan_auto: <value in [disable, enable]>
vlan_pool:
-
_wtp_group: <string>
id: <integer>
wtp_group: <string>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
address_group: <string>
atf_weight: <integer>
mu_mimo: <value in [disable, enable]>
owe_groups:
- 19
- 20
- 21
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
sae_groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae_password: <list or string>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
portal_message_overrides:
auth_disclaimer_page: <string>
auth_login_failed_page: <string>
auth_login_page: <string>
auth_reject_page: <string>
additional_akms:
- akm6
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- name
- model
- serial-number
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates_11ax_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
vlan_name:
-
name: <string>
vlan_id: <integer>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
vap:
description: The top level parameters set.
required: false
suboptions:
80211k:
choices:
- disable
- enable
description: Deprecated, please rename it to d80211k. Enable/disable 802.
type: str
80211v:
choices:
- disable
- enable
description: Deprecated, please rename it to d80211v. Enable/disable 802.
type: str
_centmgmt:
choices:
- disable
- enable
description: _Centmgmt.
type: str
_dhcp_svr_id:
description: _Dhcp_Svr_Id.
type: str
_intf_allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
description: _Intf_Allowaccess.
elements: str
type: list
_intf_device-access-list:
description: Deprecated, please rename it to _intf_device_access_list. _Intf_Device-Access-List.
type: str
_intf_device-identification:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_device_identification. _Intf_Device-Identification.
type: str
_intf_device-netscan:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_device_netscan. _Intf_Device-Netscan.
type: str
_intf_dhcp-relay-ip:
description: (list) Deprecated, please rename it to _intf_dhcp_relay_ip. _Intf_Dhcp-Relay-Ip.
type: raw
_intf_dhcp-relay-service:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_dhcp_relay_service. _Intf_Dhcp-Relay-Service.
type: str
_intf_dhcp-relay-type:
choices:
- regular
- ipsec
description: Deprecated, please rename it to _intf_dhcp_relay_type. _Intf_Dhcp-Relay-Type.
type: str
_intf_dhcp6-relay-ip:
description: Deprecated, please rename it to _intf_dhcp6_relay_ip. _Intf_Dhcp6-Relay-Ip.
type: str
_intf_dhcp6-relay-service:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_dhcp6_relay_service. _Intf_Dhcp6-Relay-Service.
type: str
_intf_dhcp6-relay-type:
choices:
- regular
description: Deprecated, please rename it to _intf_dhcp6_relay_type. _Intf_Dhcp6-Relay-Type.
type: str
_intf_ip:
description: _Intf_Ip.
type: str
_intf_ip6-address:
description: Deprecated, please rename it to _intf_ip6_address. _Intf_Ip6-Address.
type: str
_intf_ip6-allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
description: Deprecated, please rename it to _intf_ip6_allowaccess. _Intf_Ip6-Allowaccess.
elements: str
type: list
_intf_listen-forticlient-connection:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_listen_forticlient_connection.
_Intf_Listen-Forticlient-Connection.
type: str
_is_factory_setting:
choices:
- disable
- enable
- ext
description: No description.
type: str
access-control-list:
description: Deprecated, please rename it to access_control_list. Access-control-list
profile name.
type: str
acct-interim-interval:
description: Deprecated, please rename it to acct_interim_interval. WiFi RADIUS
accounting interim interval
type: int
additional-akms:
choices:
- akm6
description: Deprecated, please rename it to additional_akms. Additional AKMs.
elements: str
type: list
address-group:
description: Deprecated, please rename it to address_group. Address group ID.
type: str
address-group-policy:
choices:
- disable
- allow
- deny
description: Deprecated, please rename it to address_group_policy. Configure MAC
address filtering policy for MAC addresses that are in...
type: str
alias:
description: Alias.
type: str
antivirus-profile:
description: Deprecated, please rename it to antivirus_profile. AntiVirus profile
name.
type: str
application-detection-engine:
choices:
- disable
- enable
description: Deprecated, please rename it to application_detection_engine. Enable/disable
application detection engine
type: str
application-dscp-marking:
choices:
- disable
- enable
description: Deprecated, please rename it to application_dscp_marking. Enable/disable
application attribute based DSCP marking
type: str
application-list:
description: Deprecated, please rename it to application_list. Application control
list name.
type: str
application-report-intv:
description: Deprecated, please rename it to application_report_intv. Application
report interval
type: int
atf-weight:
description: Deprecated, please rename it to atf_weight. Airtime weight in percentage
type: int
auth:
choices:
- PSK
- psk
- RADIUS
- radius
- usergroup
description: Authentication protocol.
type: str
auth-cert:
description: Deprecated, please rename it to auth_cert. HTTPS server certificate.
type: str
auth-portal-addr:
description: Deprecated, please rename it to auth_portal_addr. Address of captive
portal.
type: str
beacon-advertising:
choices:
- name
- model
- serial-number
description: Deprecated, please rename it to beacon_advertising.
elements: str
type: list
broadcast-ssid:
choices:
- disable
- enable
description: Deprecated, please rename it to broadcast_ssid. Enable/disable broadcasting
the SSID
type: str
broadcast-suppression:
choices:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
description: Deprecated, please rename it to broadcast_suppression. Optional suppression
of broadcast messages.
elements: str
type: list
bss-color-partial:
choices:
- disable
- enable
description: Deprecated, please rename it to bss_color_partial. Enable/disable
802.
type: str
bstm-disassociation-imminent:
choices:
- disable
- enable
description: Deprecated, please rename it to bstm_disassociation_imminent. Enable/disable
forcing of disassociation after the BSTM requ...
type: str
bstm-load-balancing-disassoc-timer:
description: Deprecated, please rename it to bstm_load_balancing_disassoc_timer.
Time interval for client to voluntarily leave AP befor...
type: int
bstm-rssi-disassoc-timer:
description: Deprecated, please rename it to bstm_rssi_disassoc_timer. Time interval
for client to voluntarily leave AP before forcing ...
type: int
captive-portal-ac-name:
description: Deprecated, please rename it to captive_portal_ac_name. Local-bridging
captive portal ac-name.
type: str
captive-portal-auth-timeout:
description: Deprecated, please rename it to captive_portal_auth_timeout. Hard
timeout - AP will always clear the session after timeout...
type: int
captive-portal-fw-accounting:
choices:
- disable
- enable
description: Deprecated, please rename it to captive_portal_fw_accounting. Enable/disable
RADIUS accounting for captive portal firewall...
type: str
captive-portal-macauth-radius-secret:
description: (list) Deprecated, please rename it to captive_portal_macauth_radius_secret.
Secret key to access the macauth RADIUS server.
type: raw
captive-portal-macauth-radius-server:
description: Deprecated, please rename it to captive_portal_macauth_radius_server.
Captive portal external RADIUS server domain name or...
type: str
captive-portal-radius-secret:
description: (list) Deprecated, please rename it to captive_portal_radius_secret.
Secret key to access the RADIUS server.
type: raw
captive-portal-radius-server:
description: Deprecated, please rename it to captive_portal_radius_server. Captive
portal RADIUS server domain name or IP address.
type: str
captive-portal-session-timeout-interval:
description: Deprecated, please rename it to captive_portal_session_timeout_interval.
Session timeout interval
type: int
dhcp-address-enforcement:
choices:
- disable
- enable
description: Deprecated, please rename it to dhcp_address_enforcement. Enable/disable
DHCP address enforcement
type: str
dhcp-lease-time:
description: Deprecated, please rename it to dhcp_lease_time. DHCP lease time
in seconds for NAT IP address.
type: int
dhcp-option43-insertion:
choices:
- disable
- enable
description: Deprecated, please rename it to dhcp_option43_insertion. Enable/disable
insertion of DHCP option 43
type: str
dhcp-option82-circuit-id-insertion:
choices:
- disable
- style-1
- style-2
- style-3
description: Deprecated, please rename it to dhcp_option82_circuit_id_insertion.
Enable/disable DHCP option 82 circuit-id insert
type: str
dhcp-option82-insertion:
choices:
- disable
- enable
description: Deprecated, please rename it to dhcp_option82_insertion. Enable/disable
DHCP option 82 insert
type: str
dhcp-option82-remote-id-insertion:
choices:
- disable
- style-1
description: Deprecated, please rename it to dhcp_option82_remote_id_insertion.
Enable/disable DHCP option 82 remote-id insert
type: str
dynamic-vlan:
choices:
- disable
- enable
description: Deprecated, please rename it to dynamic_vlan. Enable/disable dynamic
VLAN assignment.
type: str
dynamic_mapping:
description: Dynamic_Mapping.
elements: dict
suboptions:
80211k:
choices:
- disable
- enable
description: Deprecated, please rename it to d80211k. Enable/disable 802.
type: str
80211v:
choices:
- disable
- enable
description: Deprecated, please rename it to d80211v. Enable/disable 802.
type: str
_centmgmt:
choices:
- disable
- enable
description: _Centmgmt.
type: str
_dhcp_svr_id:
description: _Dhcp_Svr_Id.
type: str
_intf_allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
description: _Intf_Allowaccess.
elements: str
type: list
_intf_device-access-list:
description: Deprecated, please rename it to _intf_device_access_list. _Intf_Device-Access-List.
type: str
_intf_device-identification:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_device_identification.
_Intf_Device-Identification.
type: str
_intf_device-netscan:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_device_netscan. _Intf_Device-Netscan.
type: str
_intf_dhcp-relay-ip:
description: (list) Deprecated, please rename it to _intf_dhcp_relay_ip. _Intf_Dhcp-Relay-Ip.
type: raw
_intf_dhcp-relay-service:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_dhcp_relay_service. _Intf_Dhcp-Relay-Service.
type: str
_intf_dhcp-relay-type:
choices:
- regular
- ipsec
description: Deprecated, please rename it to _intf_dhcp_relay_type. _Intf_Dhcp-Relay-Type.
type: str
_intf_dhcp6-relay-ip:
description: Deprecated, please rename it to _intf_dhcp6_relay_ip. _Intf_Dhcp6-Relay-Ip.
type: str
_intf_dhcp6-relay-service:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_dhcp6_relay_service. _Intf_Dhcp6-Relay-Service.
type: str
_intf_dhcp6-relay-type:
choices:
- regular
description: Deprecated, please rename it to _intf_dhcp6_relay_type. _Intf_Dhcp6-Relay-Type.
type: str
_intf_ip:
description: _Intf_Ip.
type: str
_intf_ip6-address:
description: Deprecated, please rename it to _intf_ip6_address. _Intf_Ip6-Address.
type: str
_intf_ip6-allowaccess:
choices:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
description: Deprecated, please rename it to _intf_ip6_allowaccess. _Intf_Ip6-Allowaccess.
elements: str
type: list
_intf_listen-forticlient-connection:
choices:
- disable
- enable
description: Deprecated, please rename it to _intf_listen_forticlient_connection.
_Intf_Listen-Forticlient-Connection.
type: str
_is_factory_setting:
choices:
- disable
- enable
- ext
description: No description.
type: str
_scope:
description: _Scope.
elements: dict
suboptions:
name:
description: Name.
type: str
vdom:
description: Vdom.
type: str
type: list
access-control-list:
description: Deprecated, please rename it to access_control_list. Access-Control-List.
type: str
acct-interim-interval:
description: Deprecated, please rename it to acct_interim_interval. WiFi RADIUS
accounting interim interval
type: int
additional-akms:
choices:
- akm6
description: Deprecated, please rename it to additional_akms. Additional-Akms.
elements: str
type: list
address-group:
description: Deprecated, please rename it to address_group. Address group
ID.
type: str
address-group-policy:
choices:
- disable
- allow
- deny
description: Deprecated, please rename it to address_group_policy. Configure
MAC address filtering policy for MAC addresses tha...
type: str
alias:
description: Alias.
type: str
antivirus-profile:
description: Deprecated, please rename it to antivirus_profile. AntiVirus
profile name.
type: str
application-detection-engine:
choices:
- disable
- enable
description: Deprecated, please rename it to application_detection_engine.
Enable/disable application detection engine
type: str
application-dscp-marking:
choices:
- disable
- enable
description: Deprecated, please rename it to application_dscp_marking. Enable/disable
application attribute based DSCP marking
type: str
application-list:
description: Deprecated, please rename it to application_list. Application
control list name.
type: str
application-report-intv:
description: Deprecated, please rename it to application_report_intv. Application
report interval
type: int
atf-weight:
description: Deprecated, please rename it to atf_weight. Airtime weight in
percentage
type: int
auth:
choices:
- PSK
- psk
- RADIUS
- radius
- usergroup
description: Authentication protocol.
type: str
auth-cert:
description: Deprecated, please rename it to auth_cert. HTTPS server certificate.
type: str
auth-portal-addr:
description: Deprecated, please rename it to auth_portal_addr. Address of
captive portal.
type: str
beacon-advertising:
choices:
- name
- model
- serial-number
description: Deprecated, please rename it to beacon_advertising.
elements: str
type: list
broadcast-ssid:
choices:
- disable
- enable
description: Deprecated, please rename it to broadcast_ssid. Enable/disable
broadcasting the SSID
type: str
broadcast-suppression:
choices:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
description: Deprecated, please rename it to broadcast_suppression. Optional
suppression of broadcast messages.
elements: str
type: list
bss-color-partial:
choices:
- disable
- enable
description: Deprecated, please rename it to bss_color_partial. Bss-Color-Partial.
type: str
bstm-disassociation-imminent:
choices:
- disable
- enable
description: Deprecated, please rename it to bstm_disassociation_imminent.
Enable/disable forcing of disassociation after the B...
type: str
bstm-load-balancing-disassoc-timer:
description: Deprecated, please rename it to bstm_load_balancing_disassoc_timer.
Time interval for client to voluntarily leave ...
type: int
bstm-rssi-disassoc-timer:
description: Deprecated, please rename it to bstm_rssi_disassoc_timer. Time
interval for client to voluntarily leave AP before ...
type: int
captive-portal-ac-name:
description: Deprecated, please rename it to captive_portal_ac_name. Local-bridging
captive portal ac-name.
type: str
captive-portal-auth-timeout:
description: Deprecated, please rename it to captive_portal_auth_timeout.
Captive-Portal-Auth-Timeout.
type: int
captive-portal-fw-accounting:
choices:
- disable
- enable
description: Deprecated, please rename it to captive_portal_fw_accounting.
Enable/disable RADIUS accounting for captive portal ...
type: str
captive-portal-macauth-radius-secret:
description: (list) Deprecated, please rename it to captive_portal_macauth_radius_secret.
Secret key to access the macauth RADI...
type: raw
captive-portal-macauth-radius-server:
description: Deprecated, please rename it to captive_portal_macauth_radius_server.
Captive portal external RADIUS server domain...
type: str
captive-portal-radius-secret:
description: (list) Deprecated, please rename it to captive_portal_radius_secret.
Secret key to access the RADIUS server.
type: raw
captive-portal-radius-server:
description: Deprecated, please rename it to captive_portal_radius_server.
Captive portal RADIUS server domain name or IP address.
type: str
captive-portal-session-timeout-interval:
description: Deprecated, please rename it to captive_portal_session_timeout_interval.
Session timeout interval
type: int
client-count:
description: Deprecated, please rename it to client_count. Client-Count.
type: int
dhcp-address-enforcement:
choices:
- disable
- enable
description: Deprecated, please rename it to dhcp_address_enforcement. Enable/disable
DHCP address enforcement
type: str
dhcp-lease-time:
description: Deprecated, please rename it to dhcp_lease_time. DHCP lease time
in seconds for NAT IP address.
type: int
dhcp-option43-insertion:
choices:
- disable
- enable
description: Deprecated, please rename it to dhcp_option43_insertion. Dhcp-Option43-Insertion.
type: str
dhcp-option82-circuit-id-insertion:
choices:
- disable
- style-1
- style-2
- style-3
description: Deprecated, please rename it to dhcp_option82_circuit_id_insertion.
Enable/disable DHCP option 82 circuit-id insert
type: str
dhcp-option82-insertion:
choices:
- disable
- enable
description: Deprecated, please rename it to dhcp_option82_insertion. Enable/disable
DHCP option 82 insert
type: str
dhcp-option82-remote-id-insertion:
choices:
- disable
- style-1
description: Deprecated, please rename it to dhcp_option82_remote_id_insertion.
Enable/disable DHCP option 82 remote-id insert
type: str
dynamic-vlan:
choices:
- disable
- enable
description: Deprecated, please rename it to dynamic_vlan. Enable/disable
dynamic VLAN assignment.
type: str
eap-reauth:
choices:
- disable
- enable
description: Deprecated, please rename it to eap_reauth. Enable/disable EAP
re-authentication for WPA-Enterprise security.
type: str
eap-reauth-intv:
description: Deprecated, please rename it to eap_reauth_intv. EAP re-authentication
interval
type: int
eapol-key-retries:
choices:
- disable
- enable
description: Deprecated, please rename it to eapol_key_retries. Enable/disable
retransmission of EAPOL-Key frames
type: str
encrypt:
choices:
- TKIP
- AES
- TKIP-AES
description: Encryption protocol to use
type: str
external-fast-roaming:
choices:
- disable
- enable
description: Deprecated, please rename it to external_fast_roaming. Enable/disable
fast roaming or pre-authentication with exte...
type: str
external-logout:
description: Deprecated, please rename it to external_logout. URL of external
authentication logout server.
type: str
external-web:
description: Deprecated, please rename it to external_web. URL of external
authentication web server.
type: str
external-web-format:
choices:
- auto-detect
- no-query-string
- partial-query-string
description: Deprecated, please rename it to external_web_format. URL query
parameter detection
type: str
fast-bss-transition:
choices:
- disable
- enable
description: Deprecated, please rename it to fast_bss_transition. Enable/disable
802.
type: str
fast-roaming:
choices:
- disable
- enable
description: Deprecated, please rename it to fast_roaming. Enable/disable
fast-roaming, or pre-authentication, where supported ...
type: str
ft-mobility-domain:
description: Deprecated, please rename it to ft_mobility_domain. Mobility
domain identifier in FT
type: int
ft-over-ds:
choices:
- disable
- enable
description: Deprecated, please rename it to ft_over_ds. Enable/disable FT
over the Distribution System
type: str
ft-r0-key-lifetime:
description: Deprecated, please rename it to ft_r0_key_lifetime. Lifetime
of the PMK-R0 key in FT, 1-65535 minutes.
type: int
gas-comeback-delay:
description: Deprecated, please rename it to gas_comeback_delay. GAS comeback
delay
type: int
gas-fragmentation-limit:
description: Deprecated, please rename it to gas_fragmentation_limit. GAS
fragmentation limit
type: int
gtk-rekey:
choices:
- disable
- enable
description: Deprecated, please rename it to gtk_rekey. Enable/disable GTK
rekey for WPA security.
type: str
gtk-rekey-intv:
description: Deprecated, please rename it to gtk_rekey_intv. GTK rekey interval
type: int
high-efficiency:
choices:
- disable
- enable
description: Deprecated, please rename it to high_efficiency. Enable/disable
802.
type: str
hotspot20-profile:
description: Deprecated, please rename it to hotspot20_profile. Hotspot 2.
type: str
igmp-snooping:
choices:
- disable
- enable
description: Deprecated, please rename it to igmp_snooping. Enable/disable
IGMP snooping.
type: str
intra-vap-privacy:
choices:
- disable
- enable
description: Deprecated, please rename it to intra_vap_privacy. Enable/disable
blocking communication between clients on the sa...
type: str
ip:
description: IP address and subnet mask for the local standalone NAT subnet.
type: str
ips-sensor:
description: Deprecated, please rename it to ips_sensor. IPS sensor name.
type: str
ipv6-rules:
choices:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
description: Deprecated, please rename it to ipv6_rules. Ipv6-Rules.
elements: str
type: list
key:
description: (list) WEP Key.
type: raw
keyindex:
description: WEP key index
type: int
l3-roaming:
choices:
- disable
- enable
description: Deprecated, please rename it to l3_roaming. Enable/disable layer
3 roaming
type: str
l3-roaming-mode:
choices:
- direct
- indirect
description: Deprecated, please rename it to l3_roaming_mode. Select the way
that layer 3 roaming traffic is passed
type: str
ldpc:
choices:
- disable
- tx
- rx
- rxtx
description: VAP low-density parity-check
type: str
local-authentication:
choices:
- disable
- enable
description: Deprecated, please rename it to local_authentication. Enable/disable
AP local authentication.
type: str
local-bridging:
choices:
- disable
- enable
description: Deprecated, please rename it to local_bridging. Enable/disable
bridging of wireless and Ethernet interfaces on the...
type: str
local-lan:
choices:
- deny
- allow
description: Deprecated, please rename it to local_lan. Allow/deny traffic
destined for a Class A, B, or C private IP address
type: str
local-standalone:
choices:
- disable
- enable
description: Deprecated, please rename it to local_standalone. Enable/disable
AP local standalone
type: str
local-standalone-dns:
choices:
- disable
- enable
description: Deprecated, please rename it to local_standalone_dns. Enable/disable
AP local standalone DNS.
type: str
local-standalone-dns-ip:
description: (list) Deprecated, please rename it to local_standalone_dns_ip.
type: raw
local-standalone-nat:
choices:
- disable
- enable
description: Deprecated, please rename it to local_standalone_nat. Enable/disable
AP local standalone NAT mode.
type: str
local-switching:
choices:
- disable
- enable
description: Deprecated, please rename it to local_switching. Local-Switching.
type: str
mac-auth-bypass:
choices:
- disable
- enable
description: Deprecated, please rename it to mac_auth_bypass. Enable/disable
MAC authentication bypass.
type: str
mac-called-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_called_station_delimiter.
MAC called station delimiter
type: str
mac-calling-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_calling_station_delimiter.
MAC calling station delimiter
type: str
mac-case:
choices:
- uppercase
- lowercase
description: Deprecated, please rename it to mac_case. MAC case
type: str
mac-filter:
choices:
- disable
- enable
description: Deprecated, please rename it to mac_filter. Enable/disable MAC
filtering to block wireless clients by mac address.
type: str
mac-filter-policy-other:
choices:
- deny
- allow
description: Deprecated, please rename it to mac_filter_policy_other. Allow
or block clients with MAC addresses that are not in...
type: str
mac-password-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_password_delimiter. MAC authentication
password delimiter
type: str
mac-username-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_username_delimiter. MAC authentication
username delimiter
type: str
max-clients:
description: Deprecated, please rename it to max_clients. Maximum number of
clients that can connect simultaneously to the VAP
type: int
max-clients-ap:
description: Deprecated, please rename it to max_clients_ap. Maximum number
of clients that can connect simultaneously to the V...
type: int
mbo:
choices:
- disable
- enable
description: Enable/disable Multiband Operation
type: str
mbo-cell-data-conn-pref:
choices:
- excluded
- prefer-not
- prefer-use
description: Deprecated, please rename it to mbo_cell_data_conn_pref. MBO
cell data connection preference
type: str
me-disable-thresh:
description: Deprecated, please rename it to me_disable_thresh. Disable multicast
enhancement when this many clients are receiv...
type: int
mesh-backhaul:
choices:
- disable
- enable
description: Deprecated, please rename it to mesh_backhaul. Enable/disable
using this VAP as a WiFi mesh backhaul
type: str
mpsk:
choices:
- disable
- enable
description: Enable/disable multiple PSK authentication.
type: str
mpsk-concurrent-clients:
description: Deprecated, please rename it to mpsk_concurrent_clients. Maximum
number of concurrent clients that connect using t...
type: int
mpsk-profile:
description: Deprecated, please rename it to mpsk_profile. Mpsk-Profile.
type: str
mu-mimo:
choices:
- disable
- enable
description: Deprecated, please rename it to mu_mimo. Enable/disable Multi-user
MIMO
type: str
multicast-enhance:
choices:
- disable
- enable
description: Deprecated, please rename it to multicast_enhance. Enable/disable
converting multicast to unicast to improve perfo...
type: str
multicast-rate:
choices:
- '0'
- '6000'
- '12000'
- '24000'
description: Deprecated, please rename it to multicast_rate. Multicast rate
type: str
nac:
choices:
- disable
- enable
description: Enable/disable network access control.
type: str
nac-profile:
description: Deprecated, please rename it to nac_profile. NAC profile name.
type: str
neighbor-report-dual-band:
choices:
- disable
- enable
description: Deprecated, please rename it to neighbor_report_dual_band. Enable/disable
dual-band neighbor report
type: str
okc:
choices:
- disable
- enable
description: Enable/disable Opportunistic Key Caching
type: str
osen:
choices:
- disable
- enable
description: Enable/disable OSEN as part of key management
type: str
owe-groups:
choices:
- '19'
- '20'
- '21'
description: Deprecated, please rename it to owe_groups. OWE-Groups.
elements: str
type: list
owe-transition:
choices:
- disable
- enable
description: Deprecated, please rename it to owe_transition. Enable/disable
OWE transition mode support.
type: str
owe-transition-ssid:
description: Deprecated, please rename it to owe_transition_ssid. OWE transition
mode peer SSID.
type: str
passphrase:
description: (list) WPA pre-shared key
type: raw
pmf:
choices:
- disable
- enable
- optional
description: Protected Management Frames
type: str
pmf-assoc-comeback-timeout:
description: Deprecated, please rename it to pmf_assoc_comeback_timeout. Protected
Management Frames
type: int
pmf-sa-query-retry-timeout:
description: Deprecated, please rename it to pmf_sa_query_retry_timeout. Protected
Management Frames
type: int
port-macauth:
choices:
- disable
- radius
- address-group
description: Deprecated, please rename it to port_macauth. Enable/disable
LAN port MAC authentication
type: str
port-macauth-reauth-timeout:
description: Deprecated, please rename it to port_macauth_reauth_timeout.
LAN port MAC authentication re-authentication timeout...
type: int
port-macauth-timeout:
description: Deprecated, please rename it to port_macauth_timeout. LAN port
MAC authentication idle timeout value
type: int
portal-message-override-group:
description: Deprecated, please rename it to portal_message_override_group.
Replacement message group for this VAP
type: str
portal-type:
choices:
- auth
- auth+disclaimer
- disclaimer
- email-collect
- cmcc
- cmcc-macauth
- auth-mac
- external-auth
- external-macauth
description: Deprecated, please rename it to portal_type. Captive portal functionality.
type: str
primary-wag-profile:
description: Deprecated, please rename it to primary_wag_profile. Primary
wireless access gateway profile name.
type: str
probe-resp-suppression:
choices:
- disable
- enable
description: Deprecated, please rename it to probe_resp_suppression. Enable/disable
probe response suppression
type: str
probe-resp-threshold:
description: Deprecated, please rename it to probe_resp_threshold. Minimum
signal level/threshold in dBm required for the AP re...
type: str
ptk-rekey:
choices:
- disable
- enable
description: Deprecated, please rename it to ptk_rekey. Enable/disable PTK
rekey for WPA-Enterprise security.
type: str
ptk-rekey-intv:
description: Deprecated, please rename it to ptk_rekey_intv. PTK rekey interval
type: int
qos-profile:
description: Deprecated, please rename it to qos_profile. Quality of service
profile name.
type: str
quarantine:
choices:
- disable
- enable
description: Enable/disable station quarantine
type: str
radio-2g-threshold:
description: Deprecated, please rename it to radio_2g_threshold. Minimum signal
level/threshold in dBm required for the AP resp...
type: str
radio-5g-threshold:
description: Deprecated, please rename it to radio_5g_threshold. Minimum signal
level/threshold in dBm required for the AP resp...
type: str
radio-sensitivity:
choices:
- disable
- enable
description: Deprecated, please rename it to radio_sensitivity. Enable/disable
software radio sensitivity
type: str
radius-mac-auth:
choices:
- disable
- enable
description: Deprecated, please rename it to radius_mac_auth. Enable/disable
RADIUS-based MAC authentication of clients
type: str
radius-mac-auth-block-interval:
description: Deprecated, please rename it to radius_mac_auth_block_interval.
Dont send RADIUS MAC auth request again if the cli...
type: int
radius-mac-auth-server:
description: Deprecated, please rename it to radius_mac_auth_server. RADIUS-based
MAC authentication server.
type: str
radius-mac-auth-usergroups:
description: (list) Deprecated, please rename it to radius_mac_auth_usergroups.
Selective user groups that are permitted for RA...
type: raw
radius-mac-mpsk-auth:
choices:
- disable
- enable
description: Deprecated, please rename it to radius_mac_mpsk_auth. Enable/disable
RADIUS-based MAC authentication of clients fo...
type: str
radius-mac-mpsk-timeout:
description: Deprecated, please rename it to radius_mac_mpsk_timeout. RADIUS
MAC MPSK cache timeout interval
type: int
radius-server:
description: Deprecated, please rename it to radius_server. RADIUS server
to be used to authenticate WiFi users.
type: str
rates-11a:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Deprecated, please rename it to rates_11a. Allowed data rates
for 802.
elements: str
type: list
rates-11ac-mcs-map:
description: Deprecated, please rename it to rates_11ac_mcs_map. Comma separated
list of max supported VHT MCS for spatial stre...
type: str
rates-11ac-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
description: Deprecated, please rename it to rates_11ac_ss12. Allowed data
rates for 802.
elements: str
type: list
rates-11ac-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
description: Deprecated, please rename it to rates_11ac_ss34. Allowed data
rates for 802.
elements: str
type: list
rates-11ax-mcs-map:
description: Deprecated, please rename it to rates_11ax_mcs_map. Comma separated
list of max supported HE MCS for spatial strea...
type: str
rates-11ax-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
description: Deprecated, please rename it to rates_11ax_ss12.
elements: str
type: list
rates-11ax-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
description: Deprecated, please rename it to rates_11ax_ss34.
elements: str
type: list
rates-11bg:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Deprecated, please rename it to rates_11bg. Allowed data rates
for 802.
elements: str
type: list
rates-11n-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
description: Deprecated, please rename it to rates_11n_ss12. Allowed data
rates for 802.
elements: str
type: list
rates-11n-ss34:
choices:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
description: Deprecated, please rename it to rates_11n_ss34. Allowed data
rates for 802.
elements: str
type: list
roaming-acct-interim-update:
choices:
- disable
- enable
description: Deprecated, please rename it to roaming_acct_interim_update.
Enable/disable using accounting interim update instea...
type: str
sae-groups:
choices:
- '1'
- '2'
- '5'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '27'
- '28'
- '29'
- '30'
- '31'
description: Deprecated, please rename it to sae_groups. SAE-Groups.
elements: str
type: list
sae-h2e-only:
choices:
- disable
- enable
description: Deprecated, please rename it to sae_h2e_only. Use hash-to-element-only
mechanism for PWE derivation
type: str
sae-hnp-only:
choices:
- disable
- enable
description: Deprecated, please rename it to sae_hnp_only. Use hunting-and-pecking-only
mechanism for PWE derivation
type: str
sae-password:
description: (list) Deprecated, please rename it to sae_password. WPA3 SAE
password to be used to authenticate WiFi users.
type: raw
sae-pk:
choices:
- disable
- enable
description: Deprecated, please rename it to sae_pk. Enable/disable WPA3 SAE-PK
type: str
sae-private-key:
description: Deprecated, please rename it to sae_private_key. Private key
used for WPA3 SAE-PK authentication.
type: str
scan-botnet-connections:
choices:
- disable
- block
- monitor
description: Deprecated, please rename it to scan_botnet_connections. Block
or monitor connections to Botnet servers or disable...
type: str
schedule:
description: (list or str) Firewall schedules for enabling this VAP on the
FortiAP.
type: raw
secondary-wag-profile:
description: Deprecated, please rename it to secondary_wag_profile. Secondary
wireless access gateway profile name.
type: str
security:
choices:
- None
- WEP64
- wep64
- WEP128
- wep128
- WPA_PSK
- WPA_RADIUS
- WPA
- WPA2
- WPA2_AUTO
- open
- wpa-personal
- wpa-enterprise
- captive-portal
- wpa-only-personal
- wpa-only-enterprise
- wpa2-only-personal
- wpa2-only-enterprise
- wpa-personal+captive-portal
- wpa-only-personal+captive-portal
- wpa2-only-personal+captive-portal
- osen
- wpa3-enterprise
- sae
- sae-transition
- owe
- wpa3-sae
- wpa3-sae-transition
- wpa3-only-enterprise
- wpa3-enterprise-transition
description: Security mode for the wireless interface
type: str
security-exempt-list:
description: Deprecated, please rename it to security_exempt_list. Optional
security exempt list for captive portal authentication.
type: str
security-obsolete-option:
choices:
- disable
- enable
description: Deprecated, please rename it to security_obsolete_option. Enable/disable
obsolete security options.
type: str
security-redirect-url:
description: Deprecated, please rename it to security_redirect_url. Optional
URL for redirecting users after they pass captive ...
type: str
selected-usergroups:
description: (list or str) Deprecated, please rename it to selected_usergroups.
Selective user groups that are permitted to aut...
type: raw
split-tunneling:
choices:
- disable
- enable
description: Deprecated, please rename it to split_tunneling. Enable/disable
split tunneling
type: str
ssid:
description: IEEE 802.
type: str
sticky-client-remove:
choices:
- disable
- enable
description: Deprecated, please rename it to sticky_client_remove. Sticky-Client-Remove.
type: str
sticky-client-threshold-2g:
description: Deprecated, please rename it to sticky_client_threshold_2g. Sticky-Client-Threshold-2G.
type: str
sticky-client-threshold-5g:
description: Deprecated, please rename it to sticky_client_threshold_5g. Sticky-Client-Threshold-5G.
type: str
sticky-client-threshold-6g:
description: Deprecated, please rename it to sticky_client_threshold_6g. Minimum
signal level/threshold in dBm required for the...
type: str
target-wake-time:
choices:
- disable
- enable
description: Deprecated, please rename it to target_wake_time. Enable/disable
802.
type: str
tkip-counter-measure:
choices:
- disable
- enable
description: Deprecated, please rename it to tkip_counter_measure. Enable/disable
TKIP counter measure.
type: str
tunnel-echo-interval:
description: Deprecated, please rename it to tunnel_echo_interval. The time
interval to send echo to both primary and secondary...
type: int
tunnel-fallback-interval:
description: Deprecated, please rename it to tunnel_fallback_interval. The
time interval for secondary tunnel to fall back to p...
type: int
usergroup:
description: (list or str) Firewall user group to be used to authenticate
WiFi users.
type: raw
utm-log:
choices:
- disable
- enable
description: Deprecated, please rename it to utm_log. Enable/disable UTM logging.
type: str
utm-profile:
description: Deprecated, please rename it to utm_profile. UTM profile name.
type: str
utm-status:
choices:
- disable
- enable
description: Deprecated, please rename it to utm_status. Enable to add one
or more security profiles
type: str
vdom:
description: (list or str) Vdom.
type: raw
vlan-auto:
choices:
- disable
- enable
description: Deprecated, please rename it to vlan_auto. Enable/disable automatic
management of SSID VLAN interface.
type: str
vlan-pooling:
choices:
- wtp-group
- round-robin
- hash
- disable
description: Deprecated, please rename it to vlan_pooling. Enable/disable
VLAN pooling, to allow grouping of multiple wireless ...
type: str
vlanid:
description: Optional VLAN ID.
type: int
voice-enterprise:
choices:
- disable
- enable
description: Deprecated, please rename it to voice_enterprise. Enable/disable
802.
type: str
webfilter-profile:
description: Deprecated, please rename it to webfilter_profile. WebFilter
profile name.
type: str
type: list
eap-reauth:
choices:
- disable
- enable
description: Deprecated, please rename it to eap_reauth. Enable/disable EAP re-authentication
for WPA-Enterprise security.
type: str
eap-reauth-intv:
description: Deprecated, please rename it to eap_reauth_intv. EAP re-authentication
interval
type: int
eapol-key-retries:
choices:
- disable
- enable
description: Deprecated, please rename it to eapol_key_retries. Enable/disable
retransmission of EAPOL-Key frames
type: str
encrypt:
choices:
- TKIP
- AES
- TKIP-AES
description: Encryption protocol to use
type: str
external-fast-roaming:
choices:
- disable
- enable
description: Deprecated, please rename it to external_fast_roaming. Enable/disable
fast roaming or pre-authentication with external APs...
type: str
external-logout:
description: Deprecated, please rename it to external_logout. URL of external
authentication logout server.
type: str
external-web:
description: Deprecated, please rename it to external_web. URL of external authentication
web server.
type: str
external-web-format:
choices:
- auto-detect
- no-query-string
- partial-query-string
description: Deprecated, please rename it to external_web_format. URL query parameter
detection
type: str
fast-bss-transition:
choices:
- disable
- enable
description: Deprecated, please rename it to fast_bss_transition. Enable/disable
802.
type: str
fast-roaming:
choices:
- disable
- enable
description: Deprecated, please rename it to fast_roaming. Enable/disable fast-roaming,
or pre-authentication, where supported by clients
type: str
ft-mobility-domain:
description: Deprecated, please rename it to ft_mobility_domain. Mobility domain
identifier in FT
type: int
ft-over-ds:
choices:
- disable
- enable
description: Deprecated, please rename it to ft_over_ds. Enable/disable FT over
the Distribution System
type: str
ft-r0-key-lifetime:
description: Deprecated, please rename it to ft_r0_key_lifetime. Lifetime of the
PMK-R0 key in FT, 1-65535 minutes.
type: int
gas-comeback-delay:
description: Deprecated, please rename it to gas_comeback_delay. GAS comeback
delay
type: int
gas-fragmentation-limit:
description: Deprecated, please rename it to gas_fragmentation_limit. GAS fragmentation
limit
type: int
gtk-rekey:
choices:
- disable
- enable
description: Deprecated, please rename it to gtk_rekey. Enable/disable GTK rekey
for WPA security.
type: str
gtk-rekey-intv:
description: Deprecated, please rename it to gtk_rekey_intv. GTK rekey interval
type: int
high-efficiency:
choices:
- disable
- enable
description: Deprecated, please rename it to high_efficiency. Enable/disable 802.
type: str
hotspot20-profile:
description: Deprecated, please rename it to hotspot20_profile. Hotspot 2.
type: str
igmp-snooping:
choices:
- disable
- enable
description: Deprecated, please rename it to igmp_snooping. Enable/disable IGMP
snooping.
type: str
intra-vap-privacy:
choices:
- disable
- enable
description: Deprecated, please rename it to intra_vap_privacy. Enable/disable
blocking communication between clients on the same SSID
type: str
ip:
description: IP address and subnet mask for the local standalone NAT subnet.
type: str
ips-sensor:
description: Deprecated, please rename it to ips_sensor. IPS sensor name.
type: str
ipv6-rules:
choices:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
description: Deprecated, please rename it to ipv6_rules. Optional rules of IPv6
packets.
elements: str
type: list
key:
description: (list) WEP Key.
type: raw
keyindex:
description: WEP key index
type: int
l3-roaming:
choices:
- disable
- enable
description: Deprecated, please rename it to l3_roaming. Enable/disable layer
3 roaming
type: str
l3-roaming-mode:
choices:
- direct
- indirect
description: Deprecated, please rename it to l3_roaming_mode. Select the way that
layer 3 roaming traffic is passed
type: str
ldpc:
choices:
- disable
- tx
- rx
- rxtx
description: VAP low-density parity-check
type: str
local-authentication:
choices:
- disable
- enable
description: Deprecated, please rename it to local_authentication. Enable/disable
AP local authentication.
type: str
local-bridging:
choices:
- disable
- enable
description: Deprecated, please rename it to local_bridging. Enable/disable bridging
of wireless and Ethernet interfaces on the FortiAP
type: str
local-lan:
choices:
- deny
- allow
description: Deprecated, please rename it to local_lan. Allow/deny traffic destined
for a Class A, B, or C private IP address
type: str
local-standalone:
choices:
- disable
- enable
description: Deprecated, please rename it to local_standalone. Enable/disable
AP local standalone
type: str
local-standalone-dns:
choices:
- disable
- enable
description: Deprecated, please rename it to local_standalone_dns. Enable/disable
AP local standalone DNS.
type: str
local-standalone-dns-ip:
description: (list) Deprecated, please rename it to local_standalone_dns_ip.
type: raw
local-standalone-nat:
choices:
- disable
- enable
description: Deprecated, please rename it to local_standalone_nat. Enable/disable
AP local standalone NAT mode.
type: str
mac-auth-bypass:
choices:
- disable
- enable
description: Deprecated, please rename it to mac_auth_bypass. Enable/disable MAC
authentication bypass.
type: str
mac-called-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_called_station_delimiter. MAC
called station delimiter
type: str
mac-calling-station-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_calling_station_delimiter. MAC
calling station delimiter
type: str
mac-case:
choices:
- uppercase
- lowercase
description: Deprecated, please rename it to mac_case. MAC case
type: str
mac-filter:
choices:
- disable
- enable
description: Deprecated, please rename it to mac_filter. Enable/disable MAC filtering
to block wireless clients by mac address.
type: str
mac-filter-list:
description: Deprecated, please rename it to mac_filter_list. Mac-Filter-List.
elements: dict
suboptions:
id:
description: ID.
type: int
mac:
description: MAC address.
type: str
mac-filter-policy:
choices:
- deny
- allow
description: Deprecated, please rename it to mac_filter_policy. Deny or allow
the client with this MAC address.
type: str
type: list
mac-filter-policy-other:
choices:
- deny
- allow
description: Deprecated, please rename it to mac_filter_policy_other. Allow or
block clients with MAC addresses that are not in the fil...
type: str
mac-password-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_password_delimiter. MAC authentication
password delimiter
type: str
mac-username-delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description: Deprecated, please rename it to mac_username_delimiter. MAC authentication
username delimiter
type: str
max-clients:
description: Deprecated, please rename it to max_clients. Maximum number of clients
that can connect simultaneously to the VAP
type: int
max-clients-ap:
description: Deprecated, please rename it to max_clients_ap. Maximum number of
clients that can connect simultaneously to each radio
type: int
mbo:
choices:
- disable
- enable
description: Enable/disable Multiband Operation
type: str
mbo-cell-data-conn-pref:
choices:
- excluded
- prefer-not
- prefer-use
description: Deprecated, please rename it to mbo_cell_data_conn_pref. MBO cell
data connection preference
type: str
me-disable-thresh:
description: Deprecated, please rename it to me_disable_thresh. Disable multicast
enhancement when this many clients are receiving mult...
type: int
mesh-backhaul:
choices:
- disable
- enable
description: Deprecated, please rename it to mesh_backhaul. Enable/disable using
this VAP as a WiFi mesh backhaul
type: str
mpsk:
choices:
- disable
- enable
description: Enable/disable multiple pre-shared keys
type: str
mpsk-concurrent-clients:
description: Deprecated, please rename it to mpsk_concurrent_clients. Number of
pre-shared keys
type: int
mpsk-key:
description: Deprecated, please rename it to mpsk_key. Mpsk-Key.
elements: dict
suboptions:
comment:
description: Comment.
type: str
concurrent-clients:
description: Deprecated, please rename it to concurrent_clients. Number of
clients that can connect using this pre-shared key.
type: str
key-name:
description: Deprecated, please rename it to key_name. Pre-shared key name.
type: str
mpsk-schedules:
description: (list or str) Deprecated, please rename it to mpsk_schedules.
Firewall schedule for MPSK passphrase.
type: raw
passphrase:
description: (list) WPA Pre-shared key.
type: raw
type: list
mpsk-profile:
description: Deprecated, please rename it to mpsk_profile. MPSK profile name.
type: str
mu-mimo:
choices:
- disable
- enable
description: Deprecated, please rename it to mu_mimo. Enable/disable Multi-user
MIMO
type: str
multicast-enhance:
choices:
- disable
- enable
description: Deprecated, please rename it to multicast_enhance. Enable/disable
converting multicast to unicast to improve performance
type: str
multicast-rate:
choices:
- '0'
- '6000'
- '12000'
- '24000'
description: Deprecated, please rename it to multicast_rate. Multicast rate
type: str
nac:
choices:
- disable
- enable
description: Enable/disable network access control.
type: str
nac-profile:
description: Deprecated, please rename it to nac_profile. NAC profile name.
type: str
name:
description: Virtual AP name.
required: true
type: str
neighbor-report-dual-band:
choices:
- disable
- enable
description: Deprecated, please rename it to neighbor_report_dual_band. Enable/disable
dual-band neighbor report
type: str
okc:
choices:
- disable
- enable
description: Enable/disable Opportunistic Key Caching
type: str
osen:
choices:
- disable
- enable
description: Enable/disable OSEN as part of key management
type: str
owe-groups:
choices:
- '19'
- '20'
- '21'
description: Deprecated, please rename it to owe_groups. OWE-Groups.
elements: str
type: list
owe-transition:
choices:
- disable
- enable
description: Deprecated, please rename it to owe_transition. Enable/disable OWE
transition mode support.
type: str
owe-transition-ssid:
description: Deprecated, please rename it to owe_transition_ssid. OWE transition
mode peer SSID.
type: str
passphrase:
description: (list) WPA pre-shared key
type: raw
pmf:
choices:
- disable
- enable
- optional
description: Protected Management Frames
type: str
pmf-assoc-comeback-timeout:
description: Deprecated, please rename it to pmf_assoc_comeback_timeout. Protected
Management Frames
type: int
pmf-sa-query-retry-timeout:
description: Deprecated, please rename it to pmf_sa_query_retry_timeout. Protected
Management Frames
type: int
port-macauth:
choices:
- disable
- radius
- address-group
description: Deprecated, please rename it to port_macauth. Enable/disable LAN
port MAC authentication
type: str
port-macauth-reauth-timeout:
description: Deprecated, please rename it to port_macauth_reauth_timeout. LAN
port MAC authentication re-authentication timeout value
type: int
port-macauth-timeout:
description: Deprecated, please rename it to port_macauth_timeout. LAN port MAC
authentication idle timeout value
type: int
portal-message-override-group:
description: Deprecated, please rename it to portal_message_override_group. Replacement
message group for this VAP
type: str
portal-message-overrides:
description: Deprecated, please rename it to portal_message_overrides.
suboptions:
auth-disclaimer-page:
description: Deprecated, please rename it to auth_disclaimer_page. Override
auth-disclaimer-page message with message from port...
type: str
auth-login-failed-page:
description: Deprecated, please rename it to auth_login_failed_page. Override
auth-login-failed-page message with message from ...
type: str
auth-login-page:
description: Deprecated, please rename it to auth_login_page. Override auth-login-page
message with message from portal-message...
type: str
auth-reject-page:
description: Deprecated, please rename it to auth_reject_page. Override auth-reject-page
message with message from portal-messa...
type: str
type: dict
portal-type:
choices:
- auth
- auth+disclaimer
- disclaimer
- email-collect
- cmcc
- cmcc-macauth
- auth-mac
- external-auth
- external-macauth
description: Deprecated, please rename it to portal_type. Captive portal functionality.
type: str
primary-wag-profile:
description: Deprecated, please rename it to primary_wag_profile. Primary wireless
access gateway profile name.
type: str
probe-resp-suppression:
choices:
- disable
- enable
description: Deprecated, please rename it to probe_resp_suppression. Enable/disable
probe response suppression
type: str
probe-resp-threshold:
description: Deprecated, please rename it to probe_resp_threshold. Minimum signal
level/threshold in dBm required for the AP response t...
type: str
ptk-rekey:
choices:
- disable
- enable
description: Deprecated, please rename it to ptk_rekey. Enable/disable PTK rekey
for WPA-Enterprise security.
type: str
ptk-rekey-intv:
description: Deprecated, please rename it to ptk_rekey_intv. PTK rekey interval
type: int
qos-profile:
description: Deprecated, please rename it to qos_profile. Quality of service profile
name.
type: str
quarantine:
choices:
- disable
- enable
description: Enable/disable station quarantine
type: str
radio-2g-threshold:
description: Deprecated, please rename it to radio_2g_threshold. Minimum signal
level/threshold in dBm required for the AP response to ...
type: str
radio-5g-threshold:
description: Deprecated, please rename it to radio_5g_threshold. Minimum signal
level/threshold in dBm required for the AP response to ...
type: str
radio-sensitivity:
choices:
- disable
- enable
description: Deprecated, please rename it to radio_sensitivity. Enable/disable
software radio sensitivity
type: str
radius-mac-auth:
choices:
- disable
- enable
description: Deprecated, please rename it to radius_mac_auth. Enable/disable RADIUS-based
MAC authentication of clients
type: str
radius-mac-auth-block-interval:
description: Deprecated, please rename it to radius_mac_auth_block_interval. Dont
send RADIUS MAC auth request again if the client has ...
type: int
radius-mac-auth-server:
description: Deprecated, please rename it to radius_mac_auth_server. RADIUS-based
MAC authentication server.
type: str
radius-mac-auth-usergroups:
description: (list) Deprecated, please rename it to radius_mac_auth_usergroups.
Selective user groups that are permitted for RADIUS mac...
type: raw
radius-mac-mpsk-auth:
choices:
- disable
- enable
description: Deprecated, please rename it to radius_mac_mpsk_auth. Enable/disable
RADIUS-based MAC authentication of clients for MPSK a...
type: str
radius-mac-mpsk-timeout:
description: Deprecated, please rename it to radius_mac_mpsk_timeout. RADIUS MAC
MPSK cache timeout interval
type: int
radius-server:
description: Deprecated, please rename it to radius_server. RADIUS server to be
used to authenticate WiFi users.
type: str
rates-11a:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Deprecated, please rename it to rates_11a. Allowed data rates for
802.
elements: str
type: list
rates-11ac-mcs-map:
description: Deprecated, please rename it to rates_11ac_mcs_map. Comma separated
list of max supported VHT MCS for spatial streams 1 th...
type: str
rates-11ac-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
description: Deprecated, please rename it to rates_11ac_ss12. Allowed data rates
for 802.
elements: str
type: list
rates-11ac-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
description: Deprecated, please rename it to rates_11ac_ss34. Allowed data rates
for 802.
elements: str
type: list
rates-11ax-mcs-map:
description: Deprecated, please rename it to rates_11ax_mcs_map. Comma separated
list of max supported HE MCS for spatial streams 1 thr...
type: str
rates-11ax-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
description: Deprecated, please rename it to rates_11ax_ss12.
elements: str
type: list
rates-11ax-ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
description: Deprecated, please rename it to rates_11ax_ss34.
elements: str
type: list
rates-11bg:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
- '11'
- 11-basic
description: Deprecated, please rename it to rates_11bg. Allowed data rates for
802.
elements: str
type: list
rates-11n-ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
description: Deprecated, please rename it to rates_11n_ss12. Allowed data rates
for 802.
elements: str
type: list
rates-11n-ss34:
choices:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
description: Deprecated, please rename it to rates_11n_ss34. Allowed data rates
for 802.
elements: str
type: list
roaming-acct-interim-update:
choices:
- disable
- enable
description: Deprecated, please rename it to roaming_acct_interim_update. Enable/disable
using accounting interim update instead of acc...
type: str
sae-groups:
choices:
- '1'
- '2'
- '5'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '27'
- '28'
- '29'
- '30'
- '31'
description: Deprecated, please rename it to sae_groups. SAE-Groups.
elements: str
type: list
sae-h2e-only:
choices:
- disable
- enable
description: Deprecated, please rename it to sae_h2e_only. Use hash-to-element-only
mechanism for PWE derivation
type: str
sae-hnp-only:
choices:
- disable
- enable
description: Deprecated, please rename it to sae_hnp_only. Use hunting-and-pecking-only
mechanism for PWE derivation
type: str
sae-password:
description: (list) Deprecated, please rename it to sae_password. WPA3 SAE password
to be used to authenticate WiFi users.
type: raw
sae-pk:
choices:
- disable
- enable
description: Deprecated, please rename it to sae_pk. Enable/disable WPA3 SAE-PK
type: str
sae-private-key:
description: Deprecated, please rename it to sae_private_key. Private key used
for WPA3 SAE-PK authentication.
type: str
scan-botnet-connections:
choices:
- disable
- block
- monitor
description: Deprecated, please rename it to scan_botnet_connections. Block or
monitor connections to Botnet servers or disable Botnet ...
type: str
schedule:
description: (list or str) VAP schedule name.
type: raw
secondary-wag-profile:
description: Deprecated, please rename it to secondary_wag_profile. Secondary
wireless access gateway profile name.
type: str
security:
choices:
- None
- WEP64
- wep64
- WEP128
- wep128
- WPA_PSK
- WPA_RADIUS
- WPA
- WPA2
- WPA2_AUTO
- open
- wpa-personal
- wpa-enterprise
- captive-portal
- wpa-only-personal
- wpa-only-enterprise
- wpa2-only-personal
- wpa2-only-enterprise
- wpa-personal+captive-portal
- wpa-only-personal+captive-portal
- wpa2-only-personal+captive-portal
- osen
- wpa3-enterprise
- sae
- sae-transition
- owe
- wpa3-sae
- wpa3-sae-transition
- wpa3-only-enterprise
- wpa3-enterprise-transition
description: Security mode for the wireless interface
type: str
security-exempt-list:
description: Deprecated, please rename it to security_exempt_list. Optional security
exempt list for captive portal authentication.
type: str
security-obsolete-option:
choices:
- disable
- enable
description: Deprecated, please rename it to security_obsolete_option. Enable/disable
obsolete security options.
type: str
security-redirect-url:
description: Deprecated, please rename it to security_redirect_url. Optional URL
for redirecting users after they pass captive portal a...
type: str
selected-usergroups:
description: (list or str) Deprecated, please rename it to selected_usergroups.
Selective user groups that are permitted to authenticate.
type: raw
split-tunneling:
choices:
- disable
- enable
description: Deprecated, please rename it to split_tunneling. Enable/disable split
tunneling
type: str
ssid:
description: IEEE 802.
type: str
sticky-client-remove:
choices:
- disable
- enable
description: Deprecated, please rename it to sticky_client_remove. Enable/disable
sticky client remove to maintain good signal level cl...
type: str
sticky-client-threshold-2g:
description: Deprecated, please rename it to sticky_client_threshold_2g. Minimum
signal level/threshold in dBm required for the 2G clie...
type: str
sticky-client-threshold-5g:
description: Deprecated, please rename it to sticky_client_threshold_5g. Minimum
signal level/threshold in dBm required for the 5G clie...
type: str
sticky-client-threshold-6g:
description: Deprecated, please rename it to sticky_client_threshold_6g. Minimum
signal level/threshold in dBm required for the 6G clie...
type: str
target-wake-time:
choices:
- disable
- enable
description: Deprecated, please rename it to target_wake_time. Enable/disable
802.
type: str
tkip-counter-measure:
choices:
- disable
- enable
description: Deprecated, please rename it to tkip_counter_measure. Enable/disable
TKIP counter measure.
type: str
tunnel-echo-interval:
description: Deprecated, please rename it to tunnel_echo_interval. The time interval
to send echo to both primary and secondary tunnel ...
type: int
tunnel-fallback-interval:
description: Deprecated, please rename it to tunnel_fallback_interval. The time
interval for secondary tunnel to fall back to primary t...
type: int
usergroup:
description: (list or str) Firewall user group to be used to authenticate WiFi
users.
type: raw
utm-log:
choices:
- disable
- enable
description: Deprecated, please rename it to utm_log. Enable/disable UTM logging.
type: str
utm-profile:
description: Deprecated, please rename it to utm_profile. UTM profile name.
type: str
utm-status:
choices:
- disable
- enable
description: Deprecated, please rename it to utm_status. Enable to add one or
more security profiles
type: str
vdom:
description: Name of the VDOM that the Virtual AP has been added to.
type: str
vlan-auto:
choices:
- disable
- enable
description: Deprecated, please rename it to vlan_auto. Enable/disable automatic
management of SSID VLAN interface.
type: str
vlan-name:
description: Deprecated, please rename it to vlan_name.
elements: dict
suboptions:
name:
description: VLAN name.
type: str
vlan-id:
description: Deprecated, please rename it to vlan_id. VLAN ID.
type: int
type: list
vlan-pool:
description: Deprecated, please rename it to vlan_pool. Vlan-Pool.
elements: dict
suboptions:
_wtp-group:
description: Deprecated, please rename it to _wtp_group. _Wtp-Group.
type: str
id:
description: ID.
type: int
wtp-group:
description: Deprecated, please rename it to wtp_group. WTP group name.
type: str
type: list
vlan-pooling:
choices:
- wtp-group
- round-robin
- hash
- disable
description: Deprecated, please rename it to vlan_pooling. Enable/disable VLAN
pooling, to allow grouping of multiple wireless controll...
type: str
vlanid:
description: Optional VLAN ID.
type: int
voice-enterprise:
choices:
- disable
- enable
description: Deprecated, please rename it to voice_enterprise. Enable/disable
802.
type: str
webfilter-profile:
description: Deprecated, please rename it to webfilter_profile. WebFilter profile
name.
type: str
type: dict
adom:
description: The parameter (adom) in requested url.
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list