fortinet / fortinet.fortios / 2.3.6 / module / fortios_system_fabric_vpn Setup for self orchestrated fabric auto discovery VPN in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_system_fabric_vpn (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fabric_vpn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Setup for self orchestrated fabric auto discovery VPN. fortinet.fortios.fortios_system_fabric_vpn: vdom: "{{ vdom }}" system_fabric_vpn: advertised_subnets: - access: "inbound" bgp_network: "0" firewall_address: "<your_own_value> (source firewall.address.name)" id: "7" policies: "<your_own_value> (source firewall.policy.policyid)" prefix: "<your_own_value>" bgp_as: "0" branch_name: "<your_own_value>" health_checks: "<your_own_value> (source system.sdwan.health-check.name)" loopback_address_block: "<your_own_value>" loopback_advertised_subnet: "0" loopback_interface: "<your_own_value> (source system.interface.name)" overlays: - bgp_neighbor: "<your_own_value> (source router.bgp.neighbor.ip)" bgp_neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)" bgp_neighbor_range: "0" bgp_network: "0" interface: "<your_own_value> (source system.interface.name)" ipsec_phase1: "<your_own_value> (source vpn.ipsec.phase1-interface.name)" name: "default_name_23" overlay_policy: "0" overlay_tunnel_block: "<your_own_value>" remote_gw: "<your_own_value>" route_policy: "0" sdwan_member: "0" policy_rule: "health-check" psksecret: "<your_own_value>" sdwan_zone: "<your_own_value> (source system.sdwan.zone.name)" status: "enable" sync_mode: "enable" vpn_role: "hub"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str system_fabric_vpn: default: null description: - Setup for self orchestrated fabric auto discovery VPN. suboptions: advertised_subnets: description: - Local advertised subnets. elements: dict suboptions: access: choices: - inbound - bidirectional description: - Access policy direction. type: str bgp_network: description: - Underlying BGP network. Source router.bgp.network.id. type: int firewall_address: description: - Underlying firewall address. Source firewall.address.name. type: str id: description: - ID. see <a href='#notes'>Notes</a>. required: true type: int policies: description: - Underlying policies. Source firewall.policy.policyid. elements: int type: list prefix: description: - Network prefix. type: str type: list bgp_as: description: - BGP Router AS number, valid from 1 to 4294967295. type: int branch_name: description: - Branch name. type: str health_checks: description: - Underlying health checks. Source system.sdwan.health-check.name. elements: str type: list loopback_address_block: description: - 'IPv4 address and subnet mask for hub"s loopback address, syntax: X.X.X.X/24.' type: str loopback_advertised_subnet: description: - Loopback advertised subnet reference. Source system.fabric-vpn.advertised-subnets.id. type: int loopback_interface: description: - Loopback interface. Source system.interface.name. type: str overlays: description: - Local overlay interfaces table. elements: dict suboptions: bgp_neighbor: description: - Underlying BGP neighbor entry. Source router.bgp.neighbor.ip. type: str bgp_neighbor_group: description: - Underlying BGP neighbor group entry. Source router.bgp.neighbor-group.name. type: str bgp_neighbor_range: description: - Underlying BGP neighbor range entry. Source router.bgp.neighbor-range.id. type: int bgp_network: description: - Underlying BGP network. Source router.bgp.network.id. type: int interface: description: - Underlying interface name. Source system.interface.name. type: str ipsec_phase1: description: - IPsec interface. Source vpn.ipsec.phase1-interface.name. type: str name: description: - Overlay name. required: true type: str overlay_policy: description: - The overlay policy to allow ADVPN thru traffic. Source firewall.policy.policyid. type: int overlay_tunnel_block: description: - 'IPv4 address and subnet mask for the overlay tunnel , syntax: X.X.X.X/24.' type: str remote_gw: description: - IP address of the hub gateway (Set by hub). type: str route_policy: description: - Underlying router policy. Source router.policy.seq-num. type: int sdwan_member: description: - Reference to SD-WAN member entry. Source system.sdwan.members.seq-num. type: int type: list policy_rule: choices: - health-check - manual - auto description: - Policy creation rule. type: str psksecret: description: - Pre-shared secret for ADVPN. type: str sdwan_zone: description: - Reference to created SD-WAN zone. Source system.sdwan.zone.name. type: str status: choices: - enable - disable description: - Enable/disable Fabric VPN. type: str sync_mode: choices: - enable - disable description: - Setting synchronised by fabric or manual. type: str vpn_role: choices: - hub - spoke description: - Fabric VPN role. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str