Try SpotterConfigure redundant internet connections using SD-WAN
| "added in version" 2.0.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure redundant internet connections using SD-WAN
fortinet.fortimanager.fmgr_wanprof_system_virtualwanlink:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
wanprof: <your own value>
wanprof_system_virtualwanlink:
fail_detect: <value in [disable, enable]>
health_check:
-
_dynamic_server: <string>
addr_mode: <value in [ipv4, ipv6]>
failtime: <integer>
http_agent: <string>
http_get: <string>
http_match: <string>
interval: <integer>
members: <list or string>
name: <string>
packet_size: <integer>
password: <list or string>
port: <integer>
protocol: <value in [ping, tcp-echo, udp-echo, ...]>
recoverytime: <integer>
security_mode: <value in [none, authentication]>
server: <list or string>
sla:
-
id: <integer>
jitter_threshold: <integer>
latency_threshold: <integer>
link_cost_factor:
- latency
- jitter
- packet-loss
packetloss_threshold: <integer>
threshold_alert_jitter: <integer>
threshold_alert_latency: <integer>
threshold_alert_packetloss: <integer>
threshold_warning_jitter: <integer>
threshold_warning_latency: <integer>
threshold_warning_packetloss: <integer>
update_cascade_interface: <value in [disable, enable]>
update_static_route: <value in [disable, enable]>
internet_service_id: <string>
probe_packets: <value in [disable, enable]>
sla_fail_log_period: <integer>
sla_pass_log_period: <integer>
timeout: <integer>
ha_priority: <integer>
diffservcode: <string>
probe_timeout: <integer>
dns_request_domain: <string>
probe_count: <integer>
system_dns: <value in [disable, enable]>
load_balance_mode: <value in [source-ip-based, weight-based, usage-based, ...]>
members:
-
_dynamic_member: <string>
comment: <string>
gateway: <string>
gateway6: <string>
ingress_spillover_threshold: <integer>
interface: <string>
priority: <integer>
seq_num: <integer>
source: <string>
source6: <string>
spillover_threshold: <integer>
status: <value in [disable, enable]>
volume_ratio: <integer>
weight: <integer>
cost: <integer>
service:
-
addr_mode: <value in [ipv4, ipv6]>
bandwidth_weight: <integer>
default: <value in [disable, enable]>
dscp_forward: <value in [disable, enable]>
dscp_forward_tag: <string>
dscp_reverse: <value in [disable, enable]>
dscp_reverse_tag: <string>
dst: <list or string>
dst_negate: <value in [disable, enable]>
dst6: <list or string>
end_port: <integer>
gateway: <value in [disable, enable]>
groups: <list or string>
health_check: <string>
hold_down_time: <integer>
id: <integer>
internet_service: <value in [disable, enable]>
internet_service_ctrl: <list or integer>
internet_service_ctrl_group: <list or string>
internet_service_custom: <list or string>
internet_service_custom_group: <list or string>
internet_service_group: <list or string>
internet_service_id: <list or string>
jitter_weight: <integer>
latency_weight: <integer>
link_cost_factor: <value in [latency, jitter, packet-loss, ...]>
link_cost_threshold: <integer>
member: <string>
mode: <value in [auto, manual, priority, ...]>
name: <string>
packet_loss_weight: <integer>
priority_members: <list or string>
protocol: <integer>
quality_link: <integer>
route_tag: <integer>
sla:
-
health_check: <string>
id: <integer>
src: <list or string>
src_negate: <value in [disable, enable]>
src6: <list or string>
start_port: <integer>
status: <value in [disable, enable]>
tos: <string>
tos_mask: <string>
users: <list or string>
internet_service_app_ctrl: <list or integer>
internet_service_app_ctrl_group: <list or string>
role: <value in [primary, secondary, standalone]>
sla_compare_method: <value in [order, number]>
standalone_action: <value in [disable, enable]>
input_device: <list or string>
internet_service_name: <string>
input_device_negate: <value in [disable, enable]>
status: <value in [disable, enable]>
neighbor:
-
health_check: <string>
ip: <string>
member: <string>
role: <value in [primary, secondary, standalone]>
sla_id: <integer>
neighbor_hold_boot_time: <integer>
neighbor_hold_down: <value in [disable, enable]>
neighbor_hold_down_time: <integer>
fail_alert_interfaces: <list or string>
adom:
description: The parameter (adom) in requested url.
required: true
type: str
wanprof:
description: The parameter (wanprof) in requested url.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
wanprof_system_virtualwanlink:
description: The top level parameters set.
required: false
suboptions:
fail-alert-interfaces:
description: (list) Deprecated, please rename it to fail_alert_interfaces.
type: raw
fail-detect:
choices:
- disable
- enable
description: Deprecated, please rename it to fail_detect. Enable/disable SD-WAN
Internet connection status checking
type: str
health-check:
description: Deprecated, please rename it to health_check.
elements: dict
suboptions:
_dynamic-server:
description: Deprecated, please rename it to _dynamic_server.
type: str
addr-mode:
choices:
- ipv4
- ipv6
description: Deprecated, please rename it to addr_mode. Address mode
type: str
diffservcode:
description: Differentiated services code point
type: str
dns-request-domain:
description: Deprecated, please rename it to dns_request_domain. Fully qualified
domain name to resolve for the DNS probe.
type: str
failtime:
description: Number of failures before server is considered lost
type: int
ha-priority:
description: Deprecated, please rename it to ha_priority. HA election priority
type: int
http-agent:
description: Deprecated, please rename it to http_agent. String in the http-agent
field in the HTTP header.
type: str
http-get:
description: Deprecated, please rename it to http_get. URL used to communicate
with the server if the protocol if the protocol ...
type: str
http-match:
description: Deprecated, please rename it to http_match. Response string expected
from the server if the protocol is HTTP.
type: str
internet-service-id:
description: Deprecated, please rename it to internet_service_id. Internet
service ID.
type: str
interval:
description: Status check interval, or the time between attempting to connect
to the server
type: int
members:
description: (list or str) Member sequence number list.
type: raw
name:
description: Status check or health check name.
type: str
packet-size:
description: Deprecated, please rename it to packet_size. Packet size of a
twamp test session,
type: int
password:
description: (list) No description.
type: raw
port:
description: Port number used to communicate with the server over the selected
protocol.
type: int
probe-count:
description: Deprecated, please rename it to probe_count. Number of most recent
probes that should be used to calculate latency...
type: int
probe-packets:
choices:
- disable
- enable
description: Deprecated, please rename it to probe_packets. Enable/disable
transmission of probe packets.
type: str
probe-timeout:
description: Deprecated, please rename it to probe_timeout. Time to wait before
a probe packet is considered lost
type: int
protocol:
choices:
- ping
- tcp-echo
- udp-echo
- http
- twamp
- ping6
- dns
description: Protocol used to determine if the FortiGate can communicate with
the server.
type: str
recoverytime:
description: Number of successful responses received before server is considered
recovered
type: int
security-mode:
choices:
- none
- authentication
description: Deprecated, please rename it to security_mode. Twamp controller
security mode.
type: str
server:
description: (list) No description.
type: raw
sla:
description: No description.
elements: dict
suboptions:
id:
description: SLA ID.
type: int
jitter-threshold:
description: Deprecated, please rename it to jitter_threshold. Jitter
for SLA to make decision in milliseconds.
type: int
latency-threshold:
description: Deprecated, please rename it to latency_threshold. Latency
for SLA to make decision in milliseconds.
type: int
link-cost-factor:
choices:
- latency
- jitter
- packet-loss
description: Deprecated, please rename it to link_cost_factor.
elements: str
type: list
packetloss-threshold:
description: Deprecated, please rename it to packetloss_threshold. Packet
loss for SLA to make decision in percentage.
type: int
type: list
sla-fail-log-period:
description: Deprecated, please rename it to sla_fail_log_period. Time interval
in seconds that SLA fail log messages will be g...
type: int
sla-pass-log-period:
description: Deprecated, please rename it to sla_pass_log_period. Time interval
in seconds that SLA pass log messages will be g...
type: int
system-dns:
choices:
- disable
- enable
description: Deprecated, please rename it to system_dns. Enable/disable system
DNS as the probe server.
type: str
threshold-alert-jitter:
description: Deprecated, please rename it to threshold_alert_jitter. Alert
threshold for jitter
type: int
threshold-alert-latency:
description: Deprecated, please rename it to threshold_alert_latency. Alert
threshold for latency
type: int
threshold-alert-packetloss:
description: Deprecated, please rename it to threshold_alert_packetloss. Alert
threshold for packet loss
type: int
threshold-warning-jitter:
description: Deprecated, please rename it to threshold_warning_jitter. Warning
threshold for jitter
type: int
threshold-warning-latency:
description: Deprecated, please rename it to threshold_warning_latency. Warning
threshold for latency
type: int
threshold-warning-packetloss:
description: Deprecated, please rename it to threshold_warning_packetloss.
Warning threshold for packet loss
type: int
timeout:
description: How long to wait before not receiving a reply from the server
to consider the connetion attempt a failure
type: int
update-cascade-interface:
choices:
- disable
- enable
description: Deprecated, please rename it to update_cascade_interface. Enable/disable
update cascade interface.
type: str
update-static-route:
choices:
- disable
- enable
description: Deprecated, please rename it to update_static_route. Enable/disable
updating the static route.
type: str
type: list
load-balance-mode:
choices:
- source-ip-based
- weight-based
- usage-based
- source-dest-ip-based
- measured-volume-based
description: Deprecated, please rename it to load_balance_mode. Algorithm or mode
to use for load balancing Internet traffic to SD-WAN ...
type: str
members:
description: No description.
elements: dict
suboptions:
_dynamic-member:
description: Deprecated, please rename it to _dynamic_member.
type: str
comment:
description: Comments.
type: str
cost:
description: Cost of this interface for services in SLA mode
type: int
gateway:
description: The default gateway for this interface.
type: str
gateway6:
description: IPv6 gateway.
type: str
ingress-spillover-threshold:
description: Deprecated, please rename it to ingress_spillover_threshold.
Ingress spillover threshold for this interface
type: int
interface:
description: Interface name.
type: str
priority:
description: Priority of the interface
type: int
seq-num:
description: Deprecated, please rename it to seq_num. Sequence number
type: int
source:
description: Source IP address used in the health-check packet to the server.
type: str
source6:
description: Source IPv6 address used in the health-check packet to the server.
type: str
spillover-threshold:
description: Deprecated, please rename it to spillover_threshold. Egress spillover
threshold for this interface
type: int
status:
choices:
- disable
- enable
description: Enable/disable this interface in the SD-WAN.
type: str
volume-ratio:
description: Deprecated, please rename it to volume_ratio. Measured volume
ratio
type: int
weight:
description: Weight of this interface for weighted load balancing.
type: int
type: list
neighbor:
description: No description.
elements: dict
suboptions:
health-check:
description: Deprecated, please rename it to health_check. SD-WAN health-check
name.
type: str
ip:
description: IP address of neighbor.
type: str
member:
description: Member sequence number.
type: str
role:
choices:
- primary
- secondary
- standalone
description: Role of neighbor.
type: str
sla-id:
description: Deprecated, please rename it to sla_id. SLA ID.
type: int
type: list
neighbor-hold-boot-time:
description: Deprecated, please rename it to neighbor_hold_boot_time. Waiting
period in seconds when switching from the primary neighbo...
type: int
neighbor-hold-down:
choices:
- disable
- enable
description: Deprecated, please rename it to neighbor_hold_down. Enable/disable
hold switching from the secondary neighbor to the prima...
type: str
neighbor-hold-down-time:
description: Deprecated, please rename it to neighbor_hold_down_time. Waiting
period in seconds when switching from the secondary neigh...
type: int
service:
description: No description.
elements: dict
suboptions:
addr-mode:
choices:
- ipv4
- ipv6
description: Deprecated, please rename it to addr_mode. Address mode
type: str
bandwidth-weight:
description: Deprecated, please rename it to bandwidth_weight. Coefficient
of reciprocal of available bidirectional bandwidth i...
type: int
default:
choices:
- disable
- enable
description: Enable/disable use of SD-WAN as default service.
type: str
dscp-forward:
choices:
- disable
- enable
description: Deprecated, please rename it to dscp_forward. Enable/disable
forward traffic DSCP tag.
type: str
dscp-forward-tag:
description: Deprecated, please rename it to dscp_forward_tag. Forward traffic
DSCP tag.
type: str
dscp-reverse:
choices:
- disable
- enable
description: Deprecated, please rename it to dscp_reverse. Enable/disable
reverse traffic DSCP tag.
type: str
dscp-reverse-tag:
description: Deprecated, please rename it to dscp_reverse_tag. Reverse traffic
DSCP tag.
type: str
dst:
description: (list or str) Destination address name.
type: raw
dst-negate:
choices:
- disable
- enable
description: Deprecated, please rename it to dst_negate. Enable/disable negation
of destination address match.
type: str
dst6:
description: (list or str) Destination address6 name.
type: raw
end-port:
description: Deprecated, please rename it to end_port. End destination port
number.
type: int
gateway:
choices:
- disable
- enable
description: Enable/disable SD-WAN service gateway.
type: str
groups:
description: (list or str) User groups.
type: raw
health-check:
description: Deprecated, please rename it to health_check. Health check.
type: str
hold-down-time:
description: Deprecated, please rename it to hold_down_time. Waiting period
in seconds when switching from the back-up member t...
type: int
id:
description: Priority rule ID
type: int
input-device:
description: (list or str) Deprecated, please rename it to input_device. Source
interface name.
type: raw
input-device-negate:
choices:
- disable
- enable
description: Deprecated, please rename it to input_device_negate. Enable/disable
negation of input device match.
type: str
internet-service:
choices:
- disable
- enable
description: Deprecated, please rename it to internet_service. Enable/disable
use of Internet service for application-based loa...
type: str
internet-service-app-ctrl:
description: (list) Deprecated, please rename it to internet_service_app_ctrl.
type: raw
internet-service-app-ctrl-group:
description: (list or str) Deprecated, please rename it to internet_service_app_ctrl_group.
Application control based Internet ...
type: raw
internet-service-ctrl:
description: (list) Deprecated, please rename it to internet_service_ctrl.
type: raw
internet-service-ctrl-group:
description: (list or str) Deprecated, please rename it to internet_service_ctrl_group.
Control-based Internet Service group list.
type: raw
internet-service-custom:
description: (list or str) Deprecated, please rename it to internet_service_custom.
Custom Internet service name list.
type: raw
internet-service-custom-group:
description: (list or str) Deprecated, please rename it to internet_service_custom_group.
Custom Internet Service group list.
type: raw
internet-service-group:
description: (list or str) Deprecated, please rename it to internet_service_group.
Internet Service group list.
type: raw
internet-service-id:
description: (list or str) Deprecated, please rename it to internet_service_id.
Internet service ID list.
type: raw
internet-service-name:
description: Deprecated, please rename it to internet_service_name. Internet
service name list.
type: str
jitter-weight:
description: Deprecated, please rename it to jitter_weight. Coefficient of
jitter in the formula of custom-profile-1.
type: int
latency-weight:
description: Deprecated, please rename it to latency_weight. Coefficient of
latency in the formula of custom-profile-1.
type: int
link-cost-factor:
choices:
- latency
- jitter
- packet-loss
- inbandwidth
- outbandwidth
- bibandwidth
- custom-profile-1
description: Deprecated, please rename it to link_cost_factor. Link cost factor.
type: str
link-cost-threshold:
description: Deprecated, please rename it to link_cost_threshold. Percentage
threshold change of link cost values that will res...
type: int
member:
description: Member sequence number.
type: str
mode:
choices:
- auto
- manual
- priority
- sla
- load-balance
description: Control how the priority rule sets the priority of interfaces
in the SD-WAN.
type: str
name:
description: Priority rule name.
type: str
packet-loss-weight:
description: Deprecated, please rename it to packet_loss_weight. Coefficient
of packet-loss in the formula of custom-profile-1.
type: int
priority-members:
description: (list or str) Deprecated, please rename it to priority_members.
Member sequence number list.
type: raw
protocol:
description: Protocol number.
type: int
quality-link:
description: Deprecated, please rename it to quality_link. Quality grade.
type: int
role:
choices:
- primary
- secondary
- standalone
description: Service role to work with neighbor.
type: str
route-tag:
description: Deprecated, please rename it to route_tag. IPv4 route map route-tag.
type: int
sla:
description: No description.
elements: dict
suboptions:
health-check:
description: Deprecated, please rename it to health_check. Virtual WAN
Link health-check.
type: str
id:
description: SLA ID.
type: int
type: list
sla-compare-method:
choices:
- order
- number
description: Deprecated, please rename it to sla_compare_method. Method to
compare SLA value for sla and load balance mode.
type: str
src:
description: (list or str) Source address name.
type: raw
src-negate:
choices:
- disable
- enable
description: Deprecated, please rename it to src_negate. Enable/disable negation
of source address match.
type: str
src6:
description: (list or str) Source address6 name.
type: raw
standalone-action:
choices:
- disable
- enable
description: Deprecated, please rename it to standalone_action. Enable/disable
service when selected neighbor role is standalon...
type: str
start-port:
description: Deprecated, please rename it to start_port. Start destination
port number.
type: int
status:
choices:
- disable
- enable
description: Enable/disable SD-WAN service.
type: str
tos:
description: Type of service bit pattern.
type: str
tos-mask:
description: Deprecated, please rename it to tos_mask. Type of service evaluated
bits.
type: str
users:
description: (list or str) User name.
type: raw
type: list
status:
choices:
- disable
- enable
description: Enable/disable SD-WAN.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list