Try SpotterSetup for self orchestrated fabric auto discovery VPN in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fabric_vpn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Setup for self orchestrated fabric auto discovery VPN.
fortinet.fortios.fortios_system_fabric_vpn:
vdom: "{{ vdom }}"
system_fabric_vpn:
advertised_subnets:
-
access: "inbound"
bgp_network: "0"
firewall_address: "<your_own_value> (source firewall.address.name)"
id: "7"
policies: "<your_own_value> (source firewall.policy.policyid)"
prefix: "<your_own_value>"
bgp_as: "0"
branch_name: "<your_own_value>"
health_checks: "<your_own_value> (source system.sdwan.health-check.name)"
loopback_address_block: "<your_own_value>"
loopback_advertised_subnet: "0"
loopback_interface: "<your_own_value> (source system.interface.name)"
overlays:
-
bgp_neighbor: "<your_own_value> (source router.bgp.neighbor.ip)"
bgp_neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
bgp_neighbor_range: "0"
bgp_network: "0"
interface: "<your_own_value> (source system.interface.name)"
ipsec_phase1: "<your_own_value> (source vpn.ipsec.phase1-interface.name)"
name: "default_name_23"
overlay_policy: "0"
overlay_tunnel_block: "<your_own_value>"
remote_gw: "<your_own_value>"
route_policy: "0"
sdwan_member: "0"
policy_rule: "health-check"
psksecret: "<your_own_value>"
sdwan_zone: "<your_own_value> (source system.sdwan.zone.name)"
status: "enable"
sync_mode: "enable"
vpn_role: "hub"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
system_fabric_vpn:
default: null
description:
- Setup for self orchestrated fabric auto discovery VPN.
suboptions:
advertised_subnets:
description:
- Local advertised subnets.
elements: dict
suboptions:
access:
choices:
- inbound
- bidirectional
description:
- Access policy direction.
type: str
bgp_network:
description:
- Underlying BGP network. Source router.bgp.network.id.
type: int
firewall_address:
description:
- Underlying firewall address. Source firewall.address.name.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
policies:
description:
- Underlying policies. Source firewall.policy.policyid.
elements: int
type: list
prefix:
description:
- Network prefix.
type: str
type: list
bgp_as:
description:
- BGP Router AS number, valid from 1 to 4294967295.
type: int
branch_name:
description:
- Branch name.
type: str
health_checks:
description:
- Underlying health checks. Source system.sdwan.health-check.name.
elements: str
type: list
loopback_address_block:
description:
- 'IPv4 address and subnet mask for hub"s loopback address, syntax: X.X.X.X/24.'
type: str
loopback_advertised_subnet:
description:
- Loopback advertised subnet reference. Source system.fabric-vpn.advertised-subnets.id.
type: int
loopback_interface:
description:
- Loopback interface. Source system.interface.name.
type: str
overlays:
description:
- Local overlay interfaces table.
elements: dict
suboptions:
bgp_neighbor:
description:
- Underlying BGP neighbor entry. Source router.bgp.neighbor.ip.
type: str
bgp_neighbor_group:
description:
- Underlying BGP neighbor group entry. Source router.bgp.neighbor-group.name.
type: str
bgp_neighbor_range:
description:
- Underlying BGP neighbor range entry. Source router.bgp.neighbor-range.id.
type: int
bgp_network:
description:
- Underlying BGP network. Source router.bgp.network.id.
type: int
interface:
description:
- Underlying interface name. Source system.interface.name.
type: str
ipsec_phase1:
description:
- IPsec interface. Source vpn.ipsec.phase1-interface.name.
type: str
name:
description:
- Overlay name.
required: true
type: str
overlay_policy:
description:
- The overlay policy to allow ADVPN thru traffic. Source firewall.policy.policyid.
type: int
overlay_tunnel_block:
description:
- 'IPv4 address and subnet mask for the overlay tunnel , syntax: X.X.X.X/24.'
type: str
remote_gw:
description:
- IP address of the hub gateway (Set by hub).
type: str
route_policy:
description:
- Underlying router policy. Source router.policy.seq-num.
type: int
sdwan_member:
description:
- Reference to SD-WAN member entry. Source system.sdwan.members.seq-num.
type: int
type: list
policy_rule:
choices:
- health-check
- manual
- auto
description:
- Policy creation rule.
type: str
psksecret:
description:
- Pre-shared secret for ADVPN.
type: str
sdwan_zone:
description:
- Reference to created SD-WAN zone. Source system.sdwan.zone.name.
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable Fabric VPN.
type: str
sync_mode:
choices:
- enable
- disable
description:
- Setting synchronised by fabric or manual.
type: str
vpn_role:
choices:
- hub
- spoke
description:
- Fabric VPN role.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str