fortinet / fortinet.fortios / 1.1.7 / module / fortios_system_settings Configure VDOM settings in Fortinet's FortiOS and FortiGate. | "added in version" 2.8 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_system_settings (1.1.7) — module
Install with ansible-galaxy collection install fortinet.fortios:==1.1.7
collections: - name: fortinet.fortios version: 1.1.7
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.4.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure VDOM settings. fortios_system_settings: vdom: "{{ vdom }}" system_settings: allow_linkdown_path: "enable" allow_subnet_overlap: "enable" asymroute: "enable" asymroute_icmp: "enable" asymroute6: "enable" asymroute6_icmp: "enable" auxiliary_session: "enable" bfd: "enable" bfd_desired_min_tx: "11" bfd_detect_mult: "12" bfd_dont_enforce_src_port: "enable" bfd_required_min_rx: "14" block_land_attack: "disable" central_nat: "enable" comments: "<your_own_value>" consolidated_firewall_mode: "<your_own_value>" default_voip_alg_mode: "proxy-based" deny_tcp_with_icmp: "enable" device: "<your_own_value> (source system.interface.name)" dhcp_proxy: "enable" dhcp_server_ip: "<your_own_value>" dhcp6_server_ip: "<your_own_value>" discovered_device_timeout: "25" ecmp_max_paths: "26" email_portal_check_dns: "disable" firewall_session_dirty: "check-all" fw_session_hairpin: "enable" gateway: "<your_own_value>" gateway6: "<your_own_value>" gui_advanced_policy: "enable" gui_allow_unnamed_policy: "enable" gui_antivirus: "enable" gui_ap_profile: "enable" gui_application_control: "enable" gui_default_policy_columns: - name: "default_name_38" gui_dhcp_advanced: "enable" gui_dns_database: "enable" gui_dnsfilter: "enable" gui_domain_ip_reputation: "enable" gui_dos_policy: "enable" gui_dynamic_profile_display: "enable" gui_dynamic_routing: "enable" gui_email_collection: "enable" gui_endpoint_control: "enable" gui_endpoint_control_advanced: "enable" gui_explicit_proxy: "enable" gui_fortiap_split_tunneling: "enable" gui_fortiextender_controller: "enable" gui_icap: "enable" gui_implicit_policy: "enable" gui_ips: "enable" gui_load_balance: "enable" gui_local_in_policy: "enable" gui_local_reports: "enable" gui_multicast_policy: "enable" gui_multiple_interface_policy: "enable" gui_multiple_utm_profiles: "enable" gui_nat46_64: "enable" gui_object_colors: "enable" gui_policy_based_ipsec: "enable" gui_policy_disclaimer: "enable" gui_replacement_message_groups: "enable" gui_spamfilter: "enable" gui_sslvpn_personal_bookmarks: "enable" gui_sslvpn_realms: "enable" gui_switch_controller: "enable" gui_threat_weight: "enable" gui_traffic_shaping: "enable" gui_voip_profile: "enable" gui_vpn: "enable" gui_waf_profile: "enable" gui_wan_load_balancing: "enable" gui_wanopt_cache: "enable" gui_webfilter: "enable" gui_webfilter_advanced: "enable" gui_wireless_controller: "enable" http_external_dest: "fortiweb" ike_dn_format: "with-space" ike_quick_crash_detect: "enable" ike_session_resume: "enable" ip: "<your_own_value>" ip6: "<your_own_value>" link_down_access: "enable" lldp_reception: "enable" lldp_transmission: "enable" mac_ttl: "89" manageip: "<your_own_value>" manageip6: "<your_own_value>" multicast_forward: "enable" multicast_skip_policy: "enable" multicast_ttl_notchange: "enable" ngfw_mode: "profile-based" opmode: "nat" prp_trailer_action: "enable" sccp_port: "98" sctp_session_without_init: "enable" ses_denied_traffic: "enable" sip_expectation: "enable" sip_nat_trace: "enable" sip_ssl_port: "103" sip_tcp_port: "104" sip_udp_port: "105" snat_hairpin_traffic: "enable" status: "enable" strict_src_check: "enable" tcp_session_without_syn: "enable" utf8_spam_tagging: "enable" v4_ecmp_mode: "source-ip-based" vpn_stats_log: "ipsec" vpn_stats_period: "113" wccp_cache_engine: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str system_settings: default: null description: - Configure VDOM settings. suboptions: allow_linkdown_path: choices: - enable - disable description: - Enable/disable link down path. type: str allow_subnet_overlap: choices: - enable - disable description: - Enable/disable allowing interface subnets to use overlapping IP addresses. type: str asymroute: choices: - enable - disable description: - Enable/disable IPv4 asymmetric routing. type: str asymroute6: choices: - enable - disable description: - Enable/disable asymmetric IPv6 routing. type: str asymroute6_icmp: choices: - enable - disable description: - Enable/disable asymmetric ICMPv6 routing. type: str asymroute_icmp: choices: - enable - disable description: - Enable/disable ICMP asymmetric routing. type: str auxiliary_session: choices: - enable - disable description: - Enable/disable auxiliary session. type: str bfd: choices: - enable - disable description: - Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. type: str bfd_desired_min_tx: description: - BFD desired minimal transmit interval (1 - 100000 ms). type: int bfd_detect_mult: description: - BFD detection multiplier (1 - 50). type: int bfd_dont_enforce_src_port: choices: - enable - disable description: - Enable to not enforce verifying the source port of BFD Packets. type: str bfd_required_min_rx: description: - BFD required minimal receive interval (1 - 100000 ms). type: int block_land_attack: choices: - disable - enable description: - Enable/disable blocking of land attacks. type: str central_nat: choices: - enable - disable description: - Enable/disable central NAT. type: str comments: description: - VDOM comments. type: str consolidated_firewall_mode: description: - Consolidated firewall mode. type: str default_voip_alg_mode: choices: - proxy-based - kernel-helper-based description: - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn"t include a VoIP profile. type: str deny_tcp_with_icmp: choices: - enable - disable description: - Enable/disable denying TCP by sending an ICMP communication prohibited packet. type: str device: description: - Interface to use for management access for NAT mode. Source system.interface.name. type: str dhcp6_server_ip: description: - DHCPv6 server IPv6 address. type: str dhcp_proxy: choices: - enable - disable description: - Enable/disable the DHCP Proxy. type: str dhcp_server_ip: description: - DHCP Server IPv4 address. type: str discovered_device_timeout: description: - Timeout for discovered devices (1 - 365 days). type: int ecmp_max_paths: description: - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 255). type: int email_portal_check_dns: choices: - disable - enable description: - Enable/disable using DNS to validate email addresses collected by a captive portal. type: str firewall_session_dirty: choices: - check-all - check-new - check-policy-option description: - Select how to manage sessions affected by firewall policy configuration changes. type: str fw_session_hairpin: choices: - enable - disable description: - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. type: str gateway: description: - Transparent mode IPv4 default gateway IP address. type: str gateway6: description: - Transparent mode IPv4 default gateway IP address. type: str gui_advanced_policy: choices: - enable - disable description: - Enable/disable advanced policy configuration on the GUI. type: str gui_allow_unnamed_policy: choices: - enable - disable description: - Enable/disable the requirement for policy naming on the GUI. type: str gui_antivirus: choices: - enable - disable description: - Enable/disable AntiVirus on the GUI. type: str gui_ap_profile: choices: - enable - disable description: - Enable/disable FortiAP profiles on the GUI. type: str gui_application_control: choices: - enable - disable description: - Enable/disable application control on the GUI. type: str gui_default_policy_columns: description: - Default columns to display for policy lists on GUI. suboptions: name: description: - Select column name. required: true type: str type: list gui_dhcp_advanced: choices: - enable - disable description: - Enable/disable advanced DHCP options on the GUI. type: str gui_dns_database: choices: - enable - disable description: - Enable/disable DNS database settings on the GUI. type: str gui_dnsfilter: choices: - enable - disable description: - Enable/disable DNS Filtering on the GUI. type: str gui_domain_ip_reputation: choices: - enable - disable description: - Enable/disable Domain and IP Reputation on the GUI. type: str gui_dos_policy: choices: - enable - disable description: - Enable/disable DoS policies on the GUI. type: str gui_dynamic_profile_display: choices: - enable - disable description: - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. type: str gui_dynamic_routing: choices: - enable - disable description: - Enable/disable dynamic routing on the GUI. type: str gui_email_collection: choices: - enable - disable description: - Enable/disable email collection on the GUI. type: str gui_endpoint_control: choices: - enable - disable description: - Enable/disable endpoint control on the GUI. type: str gui_endpoint_control_advanced: choices: - enable - disable description: - Enable/disable advanced endpoint control options on the GUI. type: str gui_explicit_proxy: choices: - enable - disable description: - Enable/disable the explicit proxy on the GUI. type: str gui_fortiap_split_tunneling: choices: - enable - disable description: - Enable/disable FortiAP split tunneling on the GUI. type: str gui_fortiextender_controller: choices: - enable - disable description: - Enable/disable FortiExtender on the GUI. type: str gui_icap: choices: - enable - disable description: - Enable/disable ICAP on the GUI. type: str gui_implicit_policy: choices: - enable - disable description: - Enable/disable implicit firewall policies on the GUI. type: str gui_ips: choices: - enable - disable description: - Enable/disable IPS on the GUI. type: str gui_load_balance: choices: - enable - disable description: - Enable/disable server load balancing on the GUI. type: str gui_local_in_policy: choices: - enable - disable description: - Enable/disable Local-In policies on the GUI. type: str gui_local_reports: choices: - enable - disable description: - Enable/disable local reports on the GUI. type: str gui_multicast_policy: choices: - enable - disable description: - Enable/disable multicast firewall policies on the GUI. type: str gui_multiple_interface_policy: choices: - enable - disable description: - Enable/disable adding multiple interfaces to a policy on the GUI. type: str gui_multiple_utm_profiles: choices: - enable - disable description: - Enable/disable multiple UTM profiles on the GUI. type: str gui_nat46_64: choices: - enable - disable description: - Enable/disable NAT46 and NAT64 settings on the GUI. type: str gui_object_colors: choices: - enable - disable description: - Enable/disable object colors on the GUI. type: str gui_policy_based_ipsec: choices: - enable - disable description: - Enable/disable policy-based IPsec VPN on the GUI. type: str gui_policy_disclaimer: choices: - enable - disable description: - Enable/disable policy disclaimer on the GUI. type: str gui_replacement_message_groups: choices: - enable - disable description: - Enable/disable replacement message groups on the GUI. type: str gui_spamfilter: choices: - enable - disable description: - Enable/disable Antispam on the GUI. type: str gui_sslvpn_personal_bookmarks: choices: - enable - disable description: - Enable/disable SSL-VPN personal bookmark management on the GUI. type: str gui_sslvpn_realms: choices: - enable - disable description: - Enable/disable SSL-VPN realms on the GUI. type: str gui_switch_controller: choices: - enable - disable description: - Enable/disable the switch controller on the GUI. type: str gui_threat_weight: choices: - enable - disable description: - Enable/disable threat weight on the GUI. type: str gui_traffic_shaping: choices: - enable - disable description: - Enable/disable traffic shaping on the GUI. type: str gui_voip_profile: choices: - enable - disable description: - Enable/disable VoIP profiles on the GUI. type: str gui_vpn: choices: - enable - disable description: - Enable/disable VPN tunnels on the GUI. type: str gui_waf_profile: choices: - enable - disable description: - Enable/disable Web Application Firewall on the GUI. type: str gui_wan_load_balancing: choices: - enable - disable description: - Enable/disable SD-WAN on the GUI. type: str gui_wanopt_cache: choices: - enable - disable description: - Enable/disable WAN Optimization and Web Caching on the GUI. type: str gui_webfilter: choices: - enable - disable description: - Enable/disable Web filtering on the GUI. type: str gui_webfilter_advanced: choices: - enable - disable description: - Enable/disable advanced web filtering on the GUI. type: str gui_wireless_controller: choices: - enable - disable description: - Enable/disable the wireless controller on the GUI. type: str http_external_dest: choices: - fortiweb - forticache description: - Offload HTTP traffic to FortiWeb or FortiCache. type: str ike_dn_format: choices: - with-space - no-space description: - Configure IKE ASN.1 Distinguished Name format conventions. type: str ike_quick_crash_detect: choices: - enable - disable description: - Enable/disable IKE quick crash detection (RFC 6290). type: str ike_session_resume: choices: - enable - disable description: - Enable/disable IKEv2 session resumption (RFC 5723). type: str ip: description: - IP address and netmask. type: str ip6: description: - IPv6 address prefix for NAT mode. type: str link_down_access: choices: - enable - disable description: - Enable/disable link down access traffic. type: str lldp_reception: choices: - enable - disable - global description: - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. type: str lldp_transmission: choices: - enable - disable - global description: - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. type: str mac_ttl: description: - Duration of MAC addresses in Transparent mode (300 - 8640000 sec). type: int manageip: description: - Transparent mode IPv4 management IP address and netmask. type: str manageip6: description: - Transparent mode IPv6 management IP address and netmask. type: str multicast_forward: choices: - enable - disable description: - Enable/disable multicast forwarding. type: str multicast_skip_policy: choices: - enable - disable description: - Enable/disable allowing multicast traffic through the FortiGate without a policy check. type: str multicast_ttl_notchange: choices: - enable - disable description: - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. type: str ngfw_mode: choices: - profile-based - policy-based description: - Next Generation Firewall (NGFW) mode. type: str opmode: choices: - nat - transparent description: - Firewall operation mode (NAT or Transparent). type: str prp_trailer_action: choices: - enable - disable description: - Enable/disable action to take on PRP trailer. type: str sccp_port: description: - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535). type: int sctp_session_without_init: choices: - enable - disable description: - Enable/disable SCTP session creation without SCTP INIT. type: str ses_denied_traffic: choices: - enable - disable description: - Enable/disable including denied session in the session table. type: str sip_expectation: choices: - enable - disable description: - Enable/disable the SIP kernel session helper to create an expectation for port 5060. type: str sip_nat_trace: choices: - enable - disable description: - Enable/disable recording the original SIP source IP address when NAT is used. type: str sip_ssl_port: description: - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535). type: int sip_tcp_port: description: - TCP port the SIP proxy monitors for SIP traffic (0 - 65535). type: int sip_udp_port: description: - UDP port the SIP proxy monitors for SIP traffic (0 - 65535). type: int snat_hairpin_traffic: choices: - enable - disable description: - Enable/disable source NAT (SNAT) for hairpin traffic. type: str status: choices: - enable - disable description: - Enable/disable this VDOM. type: str strict_src_check: choices: - enable - disable description: - Enable/disable strict source verification. type: str tcp_session_without_syn: choices: - enable - disable description: - Enable/disable allowing TCP session without SYN flags. type: str utf8_spam_tagging: choices: - enable - disable description: - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. type: str v4_ecmp_mode: choices: - source-ip-based - weight-based - usage-based - source-dest-ip-based description: - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. type: str vpn_stats_log: choices: - ipsec - pptp - l2tp - ssl description: - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. type: str vpn_stats_period: description: - Period to send VPN log statistics (0 or 60 - 86400 sec). type: int wccp_cache_engine: choices: - enable - disable description: - Enable/disable WCCP cache engine. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str