Try SpotterConfigure router multicast in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and multicast category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure router multicast.
fortinet.fortios.fortios_router_multicast:
vdom: "{{ vdom }}"
router_multicast:
interface:
-
bfd: "enable"
cisco_exclude_genid: "enable"
dr_priority: "1"
hello_holdtime: "105"
hello_interval: "30"
igmp:
access_group: "<your_own_value> (source router.access-list.name)"
immediate_leave_group: "<your_own_value> (source router.access-list.name)"
last_member_query_count: "2"
last_member_query_interval: "1000"
query_interval: "125"
query_max_response_time: "10"
query_timeout: "255"
router_alert_check: "enable"
version: "3"
join_group:
-
address: "<your_own_value>"
multicast_flow: "<your_own_value> (source router.multicast-flow.name)"
name: "default_name_22 (source system.interface.name)"
neighbour_filter: "<your_own_value> (source router.access-list.name)"
passive: "enable"
pim_mode: "sparse-mode"
propagation_delay: "500"
rp_candidate: "enable"
rp_candidate_group: "<your_own_value> (source router.access-list.name)"
rp_candidate_interval: "60"
rp_candidate_priority: "192"
rpf_nbr_fail_back: "enable"
rpf_nbr_fail_back_filter: "<your_own_value> (source router.access-list.name)"
state_refresh_interval: "60"
static_group: "<your_own_value> (source router.multicast-flow.name)"
ttl_threshold: "1"
multicast_routing: "enable"
pim_sm_global:
accept_register_list: "<your_own_value> (source router.access-list.name)"
accept_source_list: "<your_own_value> (source router.access-list.name)"
bsr_allow_quick_refresh: "enable"
bsr_candidate: "enable"
bsr_hash: "10"
bsr_interface: "<your_own_value> (source system.interface.name)"
bsr_priority: "0"
cisco_crp_prefix: "enable"
cisco_ignore_rp_set_priority: "enable"
cisco_register_checksum: "enable"
cisco_register_checksum_group: "<your_own_value> (source router.access-list.name)"
join_prune_holdtime: "210"
message_interval: "60"
null_register_retries: "1"
pim_use_sdwan: "enable"
register_rate_limit: "0"
register_rp_reachability: "enable"
register_source: "disable"
register_source_interface: "<your_own_value> (source system.interface.name)"
register_source_ip: "<your_own_value>"
register_supression: "60"
rp_address:
-
group: "<your_own_value> (source router.access-list.name)"
id: "61"
ip_address: "<your_own_value>"
rp_register_keepalive: "185"
spt_threshold: "enable"
spt_threshold_group: "<your_own_value> (source router.access-list.name)"
ssm: "enable"
ssm_range: "<your_own_value> (source router.access-list.name)"
route_limit: "2147483647"
route_threshold: ""
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
router_multicast:
default: null
description:
- Configure router multicast.
suboptions:
interface:
description:
- PIM interfaces.
elements: dict
suboptions:
bfd:
choices:
- enable
- disable
description:
- Enable/disable Protocol Independent Multicast (PIM) Bidirectional Forwarding
Detection (BFD).
type: str
cisco_exclude_genid:
choices:
- enable
- disable
description:
- Exclude GenID from hello packets (compatibility with old Cisco IOS).
type: str
dr_priority:
description:
- DR election priority.
type: int
hello_holdtime:
description:
- Time before old neighbor information expires (0 - 65535 sec).
type: int
hello_interval:
description:
- Interval between sending PIM hello messages (0 - 65535 sec).
type: int
igmp:
description:
- IGMP configuration options.
suboptions:
access_group:
description:
- Groups IGMP hosts are allowed to join. Source router.access-list.name.
type: str
immediate_leave_group:
description:
- Groups to drop membership for immediately after receiving IGMPv2 leave.
Source router.access-list.name.
type: str
last_member_query_count:
description:
- Number of group specific queries before removing group (2 - 7).
type: int
last_member_query_interval:
description:
- Timeout between IGMPv2 leave and removing group (1 - 65535 msec).
type: int
query_interval:
description:
- Interval between queries to IGMP hosts (1 - 65535 sec).
type: int
query_max_response_time:
description:
- Maximum time to wait for a IGMP query response (1 - 25 sec).
type: int
query_timeout:
description:
- Timeout between queries before becoming querying unit for network (60
- 900).
type: int
router_alert_check:
choices:
- enable
- disable
description:
- Enable/disable require IGMP packets contain router alert option.
type: str
version:
choices:
- '3'
- '2'
- '1'
description:
- Maximum version of IGMP to support.
type: str
type: dict
join_group:
description:
- Join multicast groups.
elements: dict
suboptions:
address:
description:
- Multicast group IP address.
required: true
type: str
type: list
multicast_flow:
description:
- Acceptable source for multicast group. Source router.multicast-flow.name.
type: str
name:
description:
- Interface name. Source system.interface.name.
required: true
type: str
neighbour_filter:
description:
- Routers acknowledged as neighbor routers. Source router.access-list.name.
type: str
passive:
choices:
- enable
- disable
description:
- Enable/disable listening to IGMP but not participating in PIM.
type: str
pim_mode:
choices:
- sparse-mode
- dense-mode
description:
- PIM operation mode.
type: str
propagation_delay:
description:
- Delay flooding packets on this interface (100 - 5000 msec).
type: int
rp_candidate:
choices:
- enable
- disable
description:
- Enable/disable compete to become RP in elections.
type: str
rp_candidate_group:
description:
- Multicast groups managed by this RP. Source router.access-list.name.
type: str
rp_candidate_interval:
description:
- RP candidate advertisement interval (1 - 16383 sec).
type: int
rp_candidate_priority:
description:
- Router"s priority as RP.
type: int
rpf_nbr_fail_back:
choices:
- enable
- disable
description:
- Enable/disable fail back for RPF neighbor query.
type: str
rpf_nbr_fail_back_filter:
description:
- Filter for fail back RPF neighbors. Source router.access-list.name.
type: str
state_refresh_interval:
description:
- Interval between sending state-refresh packets (1 - 100 sec).
type: int
static_group:
description:
- Statically set multicast groups to forward out. Source router.multicast-flow.name.
type: str
ttl_threshold:
description:
- Minimum TTL of multicast packets that will be forwarded (applied only to
new multicast routes) (1 - 255).
type: int
type: list
multicast_routing:
choices:
- enable
- disable
description:
- Enable/disable IP multicast routing.
type: str
pim_sm_global:
description:
- PIM sparse-mode global settings.
suboptions:
accept_register_list:
description:
- Sources allowed to register packets with this Rendezvous Point (RP). Source
router.access-list.name.
type: str
accept_source_list:
description:
- Sources allowed to send multicast traffic. Source router.access-list.name.
type: str
bsr_allow_quick_refresh:
choices:
- enable
- disable
description:
- Enable/disable accept BSR quick refresh packets from neighbors.
type: str
bsr_candidate:
choices:
- enable
- disable
description:
- Enable/disable allowing this router to become a bootstrap router (BSR).
type: str
bsr_hash:
description:
- BSR hash length (0 - 32).
type: int
bsr_interface:
description:
- Interface to advertise as candidate BSR. Source system.interface.name.
type: str
bsr_priority:
description:
- BSR priority (0 - 255).
type: int
cisco_crp_prefix:
choices:
- enable
- disable
description:
- Enable/disable making candidate RP compatible with old Cisco IOS.
type: str
cisco_ignore_rp_set_priority:
choices:
- enable
- disable
description:
- Use only hash for RP selection (compatibility with old Cisco IOS).
type: str
cisco_register_checksum:
choices:
- enable
- disable
description:
- Checksum entire register packet(for old Cisco IOS compatibility).
type: str
cisco_register_checksum_group:
description:
- Cisco register checksum only these groups. Source router.access-list.name.
type: str
join_prune_holdtime:
description:
- Join/prune holdtime (1 - 65535).
type: int
message_interval:
description:
- Period of time between sending periodic PIM join/prune messages in seconds
(1 - 65535).
type: int
null_register_retries:
description:
- Maximum retries of null register (1 - 20).
type: int
pim_use_sdwan:
choices:
- enable
- disable
description:
- Enable/disable use of SDWAN when checking RPF neighbor and sending of REG
packet.
type: str
register_rate_limit:
description:
- Limit of packets/sec per source registered through this RP (0 - 65535).
type: int
register_rp_reachability:
choices:
- enable
- disable
description:
- Enable/disable check RP is reachable before registering packets.
type: str
register_source:
choices:
- disable
- interface
- ip-address
description:
- Override source address in register packets.
type: str
register_source_interface:
description:
- Override with primary interface address. Source system.interface.name.
type: str
register_source_ip:
description:
- Override with local IP address.
type: str
register_supression:
description:
- Period of time to honor register-stop message (1 - 65535 sec).
type: int
rp_address:
description:
- Statically configure RP addresses.
elements: dict
suboptions:
group:
description:
- Groups to use this RP. Source router.access-list.name.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
ip_address:
description:
- RP router address.
type: str
type: list
rp_register_keepalive:
description:
- Timeout for RP receiving data on (S,G) tree (1 - 65535 sec).
type: int
spt_threshold:
choices:
- enable
- disable
description:
- Enable/disable switching to source specific trees.
type: str
spt_threshold_group:
description:
- Groups allowed to switch to source tree. Source router.access-list.name.
type: str
ssm:
choices:
- enable
- disable
description:
- Enable/disable source specific multicast.
type: str
ssm_range:
description:
- Groups allowed to source specific multicast. Source router.access-list.name.
type: str
type: dict
route_limit:
description:
- Maximum number of multicast routes.
type: int
route_threshold:
description:
- Generate warnings when the number of multicast routes exceeds this number, must
not be greater than route-limit.
type: int
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str