Try SpotterConfigure redundant Internet connections with multiple outbound links and health-check profiles in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sdwan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure redundant Internet connections with multiple outbound links and health-check profiles.
fortinet.fortios.fortios_system_sdwan:
vdom: "{{ vdom }}"
system_sdwan:
app_perf_log_period: "0"
duplication:
-
dstaddr:
-
name: "default_name_6 (source firewall.address.name firewall.addrgrp.name)"
dstaddr6:
-
name: "default_name_8 (source firewall.address6.name firewall.addrgrp6.name)"
dstintf:
-
name: "default_name_10 (source system.interface.name system.zone.name system.sdwan.zone.name)"
id: "11"
packet_de_duplication: "enable"
packet_duplication: "disable"
service:
-
name: "default_name_15 (source firewall.service.custom.name firewall.service.group.name)"
service_id:
-
id: "17 (source system.sdwan.service.id)"
sla_match_service: "enable"
srcaddr:
-
name: "default_name_20 (source firewall.address.name firewall.addrgrp.name)"
srcaddr6:
-
name: "default_name_22 (source firewall.address6.name firewall.addrgrp6.name)"
srcintf:
-
name: "default_name_24 (source system.interface.name system.zone.name system.sdwan.zone.name)"
duplication_max_num: "2"
fail_alert_interfaces:
-
name: "default_name_27 (source system.interface.name)"
fail_detect: "enable"
health_check:
-
addr_mode: "ipv4"
class_id: "0"
detect_mode: "active"
diffservcode: "<your_own_value>"
dns_match_ip: "<your_own_value>"
dns_request_domain: "<your_own_value>"
embed_measured_health: "enable"
failtime: "5"
ftp_file: "<your_own_value>"
ftp_mode: "passive"
ha_priority: "1"
http_agent: "<your_own_value>"
http_get: "<your_own_value>"
http_match: "<your_own_value>"
interval: "500"
members:
-
seq_num: "<you_own_value>"
mos_codec: "g711"
name: "default_name_48"
packet_size: "124"
password: "<your_own_value>"
port: "0"
probe_count: "30"
probe_packets: "disable"
probe_timeout: "500"
protocol: "ping"
quality_measured_method: "half-open"
recoverytime: "5"
security_mode: "none"
server: "192.168.100.40"
sla:
-
id: "61"
jitter_threshold: "5"
latency_threshold: "5"
link_cost_factor: "latency"
mos_threshold: "<your_own_value>"
packetloss_threshold: "0"
priority_in_sla: "0"
priority_out_sla: "0"
sla_fail_log_period: "0"
sla_id_redistribute: "0"
sla_pass_log_period: "0"
source: "<your_own_value>"
source6: "<your_own_value>"
system_dns: "disable"
threshold_alert_jitter: "0"
threshold_alert_latency: "0"
threshold_alert_packetloss: "0"
threshold_warning_jitter: "0"
threshold_warning_latency: "0"
threshold_warning_packetloss: "0"
update_cascade_interface: "enable"
update_static_route: "enable"
user: "<your_own_value>"
vrf: "0"
load_balance_mode: "source-ip-based"
members:
-
comment: "Comments."
cost: "0"
gateway: "<your_own_value>"
gateway6: "<your_own_value>"
ingress_spillover_threshold: "0"
interface: "<your_own_value> (source system.interface.name)"
preferred_source: "<your_own_value>"
priority: "1"
priority6: "1024"
seq_num: "<you_own_value>"
source: "<your_own_value>"
source6: "<your_own_value>"
spillover_threshold: "0"
status: "disable"
transport_group: "0"
volume_ratio: "1"
weight: "1"
zone: "<your_own_value> (source system.sdwan.zone.name)"
neighbor:
-
health_check: "<your_own_value> (source system.sdwan.health-check.name)"
ip: "<your_own_value> (source router.bgp.neighbor-group.name router.bgp.neighbor.ip)"
member:
-
seq_num: "<you_own_value>"
minimum_sla_meet_members: "1"
mode: "sla"
role: "standalone"
service_id: "0"
sla_id: "0"
neighbor_hold_boot_time: "0"
neighbor_hold_down: "enable"
neighbor_hold_down_time: "0"
service:
-
addr_mode: "ipv4"
agent_exclusive: "enable"
bandwidth_weight: "0"
default: "enable"
dscp_forward: "enable"
dscp_forward_tag: "<your_own_value>"
dscp_reverse: "enable"
dscp_reverse_tag: "<your_own_value>"
dst:
-
name: "default_name_128 (source firewall.address.name firewall.addrgrp.name)"
dst_negate: "enable"
dst6:
-
name: "default_name_131 (source firewall.address6.name firewall.addrgrp6.name)"
end_port: "65535"
end_src_port: "65535"
gateway: "enable"
groups:
-
name: "default_name_136 (source user.group.name)"
hash_mode: "round-robin"
health_check:
-
name: "default_name_139 (source system.sdwan.health-check.name)"
hold_down_time: "0"
id: "141"
input_device:
-
name: "default_name_143 (source system.interface.name)"
input_device_negate: "enable"
input_zone:
-
name: "default_name_146 (source system.sdwan.zone.name)"
internet_service: "enable"
internet_service_app_ctrl:
-
id: "149"
internet_service_app_ctrl_category:
-
id: "151"
internet_service_app_ctrl_group:
-
name: "default_name_153 (source application.group.name)"
internet_service_custom:
-
name: "default_name_155 (source firewall.internet-service-custom.name)"
internet_service_custom_group:
-
name: "default_name_157 (source firewall.internet-service-custom-group.name)"
internet_service_group:
-
name: "default_name_159 (source firewall.internet-service-group.name)"
internet_service_name:
-
name: "default_name_161 (source firewall.internet-service-name.name)"
jitter_weight: "0"
latency_weight: "0"
link_cost_factor: "latency"
link_cost_threshold: "10"
load_balance: "enable"
minimum_sla_meet_members: "0"
mode: "auto"
name: "default_name_169"
packet_loss_weight: "0"
passive_measurement: "enable"
priority_members:
-
seq_num: "<you_own_value>"
priority_zone:
-
name: "default_name_175 (source system.sdwan.zone.name)"
protocol: "0"
quality_link: "0"
role: "standalone"
route_tag: "0"
shortcut: "enable"
shortcut_priority: "enable"
shortcut_stickiness: "enable"
sla:
-
health_check: "<your_own_value> (source system.sdwan.health-check.name)"
id: "185"
sla_compare_method: "order"
sla_stickiness: "enable"
src:
-
name: "default_name_189 (source firewall.address.name firewall.addrgrp.name)"
src_negate: "enable"
src6:
-
name: "default_name_192 (source firewall.address6.name firewall.addrgrp6.name)"
standalone_action: "enable"
start_port: "1"
start_src_port: "1"
status: "enable"
tie_break: "zone"
tos: "<your_own_value>"
tos_mask: "<your_own_value>"
use_shortcut_sla: "enable"
users:
-
name: "default_name_202 (source user.local.name)"
zone_mode: "enable"
speedtest_bypass_routing: "disable"
status: "disable"
zone:
-
advpn_health_check: "<your_own_value> (source system.sdwan.health-check.name)"
advpn_select: "enable"
minimum_sla_meet_members: "1"
name: "default_name_210"
service_sla_tie_break: "cfg-order"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
system_sdwan:
default: null
description:
- Configure redundant Internet connections with multiple outbound links and health-check
profiles.
suboptions:
app_perf_log_period:
description:
- Time interval in seconds that application performance logs are generated (0
- 3600).
type: int
duplication:
description:
- Create SD-WAN duplication rule.
elements: dict
suboptions:
dstaddr:
description:
- Destination address or address group names.
elements: dict
suboptions:
name:
description:
- Address or address group name. Source firewall.address.name firewall.addrgrp.name.
required: true
type: str
type: list
dstaddr6:
description:
- Destination address6 or address6 group names.
elements: dict
suboptions:
name:
description:
- Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
required: true
type: str
type: list
dstintf:
description:
- Outgoing (egress) interfaces or zones.
elements: dict
suboptions:
name:
description:
- Interface, zone or SDWAN zone name. Source system.interface.name system.zone.name
system.sdwan.zone.name.
required: true
type: str
type: list
id:
description:
- Duplication rule ID (1 - 255). see <a href='#notes'>Notes</a>.
required: true
type: int
packet_de_duplication:
choices:
- enable
- disable
description:
- Enable/disable discarding of packets that have been duplicated.
type: str
packet_duplication:
choices:
- disable
- force
- on-demand
description:
- Configure packet duplication method.
type: str
service:
description:
- Service and service group name.
elements: dict
suboptions:
name:
description:
- Service and service group name. Source firewall.service.custom.name
firewall.service.group.name.
required: true
type: str
type: list
service_id:
description:
- SD-WAN service rule ID list.
elements: dict
suboptions:
id:
description:
- SD-WAN service rule ID. see <a href='#notes'>Notes</a>. Source system.sdwan.service.id.
required: true
type: int
type: list
sla_match_service:
choices:
- enable
- disable
description:
- Enable/disable packet duplication matching health-check SLAs in service
rule.
type: str
srcaddr:
description:
- Source address or address group names.
elements: dict
suboptions:
name:
description:
- Address or address group name. Source firewall.address.name firewall.addrgrp.name.
required: true
type: str
type: list
srcaddr6:
description:
- Source address6 or address6 group names.
elements: dict
suboptions:
name:
description:
- Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
required: true
type: str
type: list
srcintf:
description:
- Incoming (ingress) interfaces or zones.
elements: dict
suboptions:
name:
description:
- Interface, zone or SDWAN zone name. Source system.interface.name system.zone.name
system.sdwan.zone.name.
required: true
type: str
type: list
type: list
duplication_max_num:
description:
- Maximum number of interface members a packet is duplicated in the SD-WAN zone
(2 - 4).
type: int
fail_alert_interfaces:
description:
- Physical interfaces that will be alerted.
elements: dict
suboptions:
name:
description:
- Physical interface name. Source system.interface.name.
required: true
type: str
type: list
fail_detect:
choices:
- enable
- disable
description:
- Enable/disable SD-WAN Internet connection status checking (failure detection).
type: str
health_check:
description:
- SD-WAN status checking or health checking. Identify a server on the Internet
and determine how SD-WAN verifies that the FortiGate can communicate with it.
elements: dict
suboptions:
addr_mode:
choices:
- ipv4
- ipv6
description:
- Address mode (IPv4 or IPv6).
type: str
class_id:
description:
- Traffic class ID. Source firewall.traffic-class.class-id.
type: int
detect_mode:
choices:
- active
- passive
- prefer-passive
- remote
- agent-based
description:
- The mode determining how to detect the server.
type: str
diffservcode:
description:
- Differentiated services code point (DSCP) in the IP header of the probe
packet.
type: str
dns_match_ip:
description:
- Response IP expected from DNS server if the protocol is DNS.
type: str
dns_request_domain:
description:
- Fully qualified domain name to resolve for the DNS probe.
type: str
embed_measured_health:
choices:
- enable
- disable
description:
- Enable/disable embedding measured health information.
type: str
failtime:
description:
- Number of failures before server is considered lost (1 - 3600).
type: int
ftp_file:
description:
- Full path and file name on the FTP server to download for FTP health-check
to probe.
type: str
ftp_mode:
choices:
- passive
- port
description:
- FTP mode.
type: str
ha_priority:
description:
- HA election priority (1 - 50).
type: int
http_agent:
description:
- String in the http-agent field in the HTTP header.
type: str
http_get:
description:
- URL used to communicate with the server if the protocol if the protocol
is HTTP.
type: str
http_match:
description:
- Response string expected from the server if the protocol is HTTP.
type: str
interval:
description:
- Status check interval in milliseconds, or the time between attempting to
connect to the server (20 - 3600*1000 msec).
type: int
members:
description:
- Member sequence number list.
elements: dict
suboptions:
seq_num:
description:
- Member sequence number. see <a href='#notes'>Notes</a>. Source system.sdwan.members.seq-num.
required: true
type: int
type: list
mos_codec:
choices:
- g711
- g722
- g729
description:
- Codec to use for MOS calculation .
type: str
name:
description:
- Status check or health check name.
required: true
type: str
packet_size:
description:
- Packet size of a TWAMP test session. (124/158 - 1024)
type: int
password:
description:
- TWAMP controller password in authentication mode.
type: str
port:
description:
- Port number used to communicate with the server over the selected protocol
(0 - 65535).
type: int
probe_count:
description:
- Number of most recent probes that should be used to calculate latency and
jitter (5 - 30).
type: int
probe_packets:
choices:
- disable
- enable
description:
- Enable/disable transmission of probe packets.
type: str
probe_timeout:
description:
- Time to wait before a probe packet is considered lost (20 - 3600*1000 msec).
type: int
protocol:
choices:
- ping
- tcp-echo
- udp-echo
- http
- https
- twamp
- dns
- tcp-connect
- ftp
- ping6
description:
- Protocol used to determine if the FortiGate can communicate with the server.
type: str
quality_measured_method:
choices:
- half-open
- half-close
description:
- Method to measure the quality of tcp-connect.
type: str
recoverytime:
description:
- Number of successful responses received before server is considered recovered
(1 - 3600).
type: int
security_mode:
choices:
- none
- authentication
description:
- Twamp controller security mode.
type: str
server:
description:
- IP address or FQDN name of the server.
elements: str
type: list
sla:
description:
- Service level agreement (SLA).
elements: dict
suboptions:
id:
description:
- SLA ID. see <a href='#notes'>Notes</a>.
required: true
type: int
jitter_threshold:
description:
- Jitter for SLA to make decision in milliseconds. (0 - 10000000).
type: int
latency_threshold:
description:
- Latency for SLA to make decision in milliseconds. (0 - 10000000).
type: int
link_cost_factor:
choices:
- latency
- jitter
- packet-loss
- mos
description:
- Criteria on which to base link selection.
elements: str
type: list
mos_threshold:
description:
- Minimum Mean Opinion Score for SLA to be marked as pass. (1.0 - 5.0).
type: str
packetloss_threshold:
description:
- Packet loss for SLA to make decision in percentage. (0 - 100).
type: int
priority_in_sla:
description:
- Value to be distributed into routing table when in-sla (0 - 65535).
type: int
priority_out_sla:
description:
- Value to be distributed into routing table when out-sla (0 - 65535).
type: int
type: list
sla_fail_log_period:
description:
- Time interval in seconds that SLA fail log messages will be generated (0
- 3600).
type: int
sla_id_redistribute:
description:
- Select the ID from the SLA sub-table. The selected SLA"s priority value
will be distributed into the routing table (0 - 32).
type: int
sla_pass_log_period:
description:
- Time interval in seconds that SLA pass log messages will be generated (0
- 3600).
type: int
source:
description:
- Source IP address used in the health-check packet to the server.
type: str
source6:
description:
- Source IPv6 address used in the health-check packet to server.
type: str
system_dns:
choices:
- disable
- enable
description:
- Enable/disable system DNS as the probe server.
type: str
threshold_alert_jitter:
description:
- Alert threshold for jitter (ms).
type: int
threshold_alert_latency:
description:
- Alert threshold for latency (ms).
type: int
threshold_alert_packetloss:
description:
- Alert threshold for packet loss (percentage).
type: int
threshold_warning_jitter:
description:
- Warning threshold for jitter (ms).
type: int
threshold_warning_latency:
description:
- Warning threshold for latency (ms).
type: int
threshold_warning_packetloss:
description:
- Warning threshold for packet loss (percentage).
type: int
update_cascade_interface:
choices:
- enable
- disable
description:
- Enable/disable update cascade interface.
type: str
update_static_route:
choices:
- enable
- disable
description:
- Enable/disable updating the static route.
type: str
user:
description:
- The user name to access probe server.
type: str
vrf:
description:
- Virtual Routing Forwarding ID.
type: int
type: list
load_balance_mode:
choices:
- source-ip-based
- weight-based
- usage-based
- source-dest-ip-based
- measured-volume-based
description:
- Algorithm or mode to use for load balancing Internet traffic to SD-WAN members.
type: str
members:
description:
- FortiGate interfaces added to the SD-WAN.
elements: dict
suboptions:
comment:
description:
- Comments.
type: str
cost:
description:
- Cost of this interface for services in SLA mode (0 - 4294967295).
type: int
gateway:
description:
- The default gateway for this interface. Usually the default gateway of the
Internet service provider that this interface is connected to.
type: str
gateway6:
description:
- IPv6 gateway.
type: str
ingress_spillover_threshold:
description:
- Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When
this traffic volume threshold is reached, new sessions spill over to other
interfaces in the SD-WAN.
type: int
interface:
description:
- Interface name. Source system.interface.name.
type: str
preferred_source:
description:
- Preferred source of route for this member.
type: str
priority:
description:
- Priority of the interface for IPv4 (1 - 65535). Used for SD-WAN rules or
priority rules.
type: int
priority6:
description:
- Priority of the interface for IPv6 (1 - 65535). Used for SD-WAN rules or
priority rules.
type: int
seq_num:
description:
- Sequence number(1-512). see <a href='#notes'>Notes</a>.
required: true
type: int
source:
description:
- Source IP address used in the health-check packet to the server.
type: str
source6:
description:
- Source IPv6 address used in the health-check packet to the server.
type: str
spillover_threshold:
description:
- Egress spillover threshold for this interface (0 - 16776000 kbit/s). When
this traffic volume threshold is reached, new sessions spill over to other
interfaces in the SD-WAN.
type: int
status:
choices:
- disable
- enable
description:
- Enable/disable this interface in the SD-WAN.
type: str
transport_group:
description:
- Measured transport group (0 - 255).
type: int
volume_ratio:
description:
- Measured volume ratio (this value / sum of all values = percentage of link
volume, 1 - 255).
type: int
weight:
description:
- Weight of this interface for weighted load balancing. (1 - 255) More traffic
is directed to interfaces with higher weights.
type: int
zone:
description:
- Zone name. Source system.sdwan.zone.name.
type: str
type: list
neighbor:
description:
- Create SD-WAN neighbor from BGP neighbor table to control route advertisements
according to SLA status.
elements: dict
suboptions:
health_check:
description:
- SD-WAN health-check name. Source system.sdwan.health-check.name.
type: str
ip:
description:
- IP/IPv6 address of neighbor or neighbor-group name. Source router.bgp.neighbor-group.name
router.bgp.neighbor.ip.
required: true
type: str
member:
description:
- Member sequence number list. Source system.sdwan.members.seq-num.
elements: dict
suboptions:
seq_num:
description:
- Member sequence number. see <a href='#notes'>Notes</a>. Source system.sdwan.members.seq-num.
required: true
type: int
type: list
minimum_sla_meet_members:
description:
- Minimum number of members which meet SLA when the neighbor is preferred.
type: int
mode:
choices:
- sla
- speedtest
description:
- What metric to select the neighbor.
type: str
role:
choices:
- standalone
- primary
- secondary
description:
- Role of neighbor.
type: str
service_id:
description:
- SD-WAN service ID to work with the neighbor. Source system.sdwan.service.id.
type: int
sla_id:
description:
- SLA ID.
type: int
type: list
neighbor_hold_boot_time:
description:
- Waiting period in seconds when switching from the primary neighbor to the secondary
neighbor from the neighbor start. (0 - 10000000).
type: int
neighbor_hold_down:
choices:
- enable
- disable
description:
- Enable/disable hold switching from the secondary neighbor to the primary neighbor.
type: str
neighbor_hold_down_time:
description:
- Waiting period in seconds when switching from the secondary neighbor to the
primary neighbor when hold-down is disabled. (0 - 10000000).
type: int
service:
description:
- Create SD-WAN rules (also called services) to control how sessions are distributed
to interfaces in the SD-WAN.
elements: dict
suboptions:
addr_mode:
choices:
- ipv4
- ipv6
description:
- Address mode (IPv4 or IPv6).
type: str
agent_exclusive:
choices:
- enable
- disable
description:
- Set/unset the service as agent use exclusively.
type: str
bandwidth_weight:
description:
- Coefficient of reciprocal of available bidirectional bandwidth in the formula
of custom-profile-1.
type: int
default:
choices:
- enable
- disable
description:
- Enable/disable use of SD-WAN as default service.
type: str
dscp_forward:
choices:
- enable
- disable
description:
- Enable/disable forward traffic DSCP tag.
type: str
dscp_forward_tag:
description:
- Forward traffic DSCP tag.
type: str
dscp_reverse:
choices:
- enable
- disable
description:
- Enable/disable reverse traffic DSCP tag.
type: str
dscp_reverse_tag:
description:
- Reverse traffic DSCP tag.
type: str
dst:
description:
- Destination address name.
elements: dict
suboptions:
name:
description:
- Address or address group name. Source firewall.address.name firewall.addrgrp.name.
required: true
type: str
type: list
dst6:
description:
- Destination address6 name.
elements: dict
suboptions:
name:
description:
- Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
required: true
type: str
type: list
dst_negate:
choices:
- enable
- disable
description:
- Enable/disable negation of destination address match.
type: str
end_port:
description:
- End destination port number.
type: int
end_src_port:
description:
- End source port number.
type: int
gateway:
choices:
- enable
- disable
description:
- Enable/disable SD-WAN service gateway.
type: str
groups:
description:
- User groups.
elements: dict
suboptions:
name:
description:
- Group name. Source user.group.name.
required: true
type: str
type: list
hash_mode:
choices:
- round-robin
- source-ip-based
- source-dest-ip-based
- inbandwidth
- outbandwidth
- bibandwidth
description:
- Hash algorithm for selected priority members for load balance mode.
type: str
health_check:
description:
- Health check list.
elements: dict
suboptions:
name:
description:
- Health check name. Source system.sdwan.health-check.name.
required: true
type: str
type: list
hold_down_time:
description:
- Waiting period in seconds when switching from the back-up member to the
primary member (0 - 10000000).
type: int
id:
description:
- SD-WAN rule ID (1 - 4000). see <a href='#notes'>Notes</a>.
required: true
type: int
input_device:
description:
- Source interface name.
elements: dict
suboptions:
name:
description:
- Interface name. Source system.interface.name.
required: true
type: str
type: list
input_device_negate:
choices:
- enable
- disable
description:
- Enable/disable negation of input device match.
type: str
input_zone:
description:
- Source input-zone name.
elements: dict
suboptions:
name:
description:
- Zone. Source system.sdwan.zone.name.
required: true
type: str
type: list
internet_service:
choices:
- enable
- disable
description:
- Enable/disable use of Internet service for application-based load balancing.
type: str
internet_service_app_ctrl:
description:
- Application control based Internet Service ID list.
elements: dict
suboptions:
id:
description:
- Application control based Internet Service ID. see <a href='#notes'>Notes</a>.
required: true
type: int
type: list
internet_service_app_ctrl_category:
description:
- IDs of one or more application control categories.
elements: dict
suboptions:
id:
description:
- Application control category ID. see <a href='#notes'>Notes</a>.
required: true
type: int
type: list
internet_service_app_ctrl_group:
description:
- Application control based Internet Service group list.
elements: dict
suboptions:
name:
description:
- Application control based Internet Service group name. Source application.group.name.
required: true
type: str
type: list
internet_service_custom:
description:
- Custom Internet service name list.
elements: dict
suboptions:
name:
description:
- Custom Internet service name. Source firewall.internet-service-custom.name.
required: true
type: str
type: list
internet_service_custom_group:
description:
- Custom Internet Service group list.
elements: dict
suboptions:
name:
description:
- Custom Internet Service group name. Source firewall.internet-service-custom-group.name.
required: true
type: str
type: list
internet_service_group:
description:
- Internet Service group list.
elements: dict
suboptions:
name:
description:
- Internet Service group name. Source firewall.internet-service-group.name.
required: true
type: str
type: list
internet_service_name:
description:
- Internet service name list.
elements: dict
suboptions:
name:
description:
- Internet service name. Source firewall.internet-service-name.name.
required: true
type: str
type: list
jitter_weight:
description:
- Coefficient of jitter in the formula of custom-profile-1.
type: int
latency_weight:
description:
- Coefficient of latency in the formula of custom-profile-1.
type: int
link_cost_factor:
choices:
- latency
- jitter
- packet-loss
- inbandwidth
- outbandwidth
- bibandwidth
- custom-profile-1
description:
- Link cost factor.
type: str
link_cost_threshold:
description:
- Percentage threshold change of link cost values that will result in policy
route regeneration (0 - 10000000).
type: int
load_balance:
choices:
- enable
- disable
description:
- Enable/disable load-balance.
type: str
minimum_sla_meet_members:
description:
- Minimum number of members which meet SLA.
type: int
mode:
choices:
- auto
- manual
- priority
- sla
- load-balance
description:
- Control how the SD-WAN rule sets the priority of interfaces in the SD-WAN.
type: str
name:
description:
- SD-WAN rule name.
type: str
packet_loss_weight:
description:
- Coefficient of packet-loss in the formula of custom-profile-1.
type: int
passive_measurement:
choices:
- enable
- disable
description:
- Enable/disable passive measurement based on the service criteria.
type: str
priority_members:
description:
- Member sequence number list.
elements: dict
suboptions:
seq_num:
description:
- Member sequence number. see <a href='#notes'>Notes</a>. Source system.sdwan.members.seq-num.
required: true
type: int
type: list
priority_zone:
description:
- Priority zone name list.
elements: dict
suboptions:
name:
description:
- Priority zone name. Source system.sdwan.zone.name.
required: true
type: str
type: list
protocol:
description:
- Protocol number.
type: int
quality_link:
description:
- Quality grade.
type: int
role:
choices:
- standalone
- primary
- secondary
description:
- Service role to work with neighbor.
type: str
route_tag:
description:
- IPv4 route map route-tag.
type: int
shortcut:
choices:
- enable
- disable
description:
- Enable/disable shortcut for this service.
type: str
shortcut_priority:
choices:
- enable
- disable
- auto
description:
- High priority of ADVPN shortcut for this service.
type: str
shortcut_stickiness:
choices:
- enable
- disable
description:
- Enable/disable shortcut-stickiness of ADVPN.
type: str
sla:
description:
- Service level agreement (SLA).
elements: dict
suboptions:
health_check:
description:
- SD-WAN health-check. Source system.sdwan.health-check.name.
required: true
type: str
id:
description:
- SLA ID.
type: int
type: list
sla_compare_method:
choices:
- order
- number
description:
- Method to compare SLA value for SLA mode.
type: str
sla_stickiness:
choices:
- enable
- disable
description:
- Enable/disable SLA stickiness .
type: str
src:
description:
- Source address name.
elements: dict
suboptions:
name:
description:
- Address or address group name. Source firewall.address.name firewall.addrgrp.name.
required: true
type: str
type: list
src6:
description:
- Source address6 name.
elements: dict
suboptions:
name:
description:
- Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
required: true
type: str
type: list
src_negate:
choices:
- enable
- disable
description:
- Enable/disable negation of source address match.
type: str
standalone_action:
choices:
- enable
- disable
description:
- Enable/disable service when selected neighbor role is standalone while service
role is not standalone.
type: str
start_port:
description:
- Start destination port number.
type: int
start_src_port:
description:
- Start source port number.
type: int
status:
choices:
- enable
- disable
description:
- Enable/disable SD-WAN service.
type: str
tie_break:
choices:
- zone
- cfg-order
- fib-best-match
- input-device
description:
- Method of selecting member if more than one meets the SLA.
type: str
tos:
description:
- Type of service bit pattern.
type: str
tos_mask:
description:
- Type of service evaluated bits.
type: str
use_shortcut_sla:
choices:
- enable
- disable
description:
- Enable/disable use of ADVPN shortcut for quality comparison.
type: str
users:
description:
- User name.
elements: dict
suboptions:
name:
description:
- User name. Source user.local.name.
required: true
type: str
type: list
zone_mode:
choices:
- enable
- disable
description:
- Enable/disable zone mode.
type: str
type: list
speedtest_bypass_routing:
choices:
- disable
- enable
description:
- Enable/disable bypass routing when speedtest on a SD-WAN member.
type: str
status:
choices:
- disable
- enable
description:
- Enable/disable SD-WAN.
type: str
zone:
description:
- Configure SD-WAN zones.
elements: dict
suboptions:
advpn_health_check:
description:
- Health check for ADVPN local overlay link quality. Source system.sdwan.health-check.name.
type: str
advpn_select:
choices:
- enable
- disable
description:
- Enable/disable selection of ADVPN based on SDWAN information.
type: str
minimum_sla_meet_members:
description:
- Minimum number of members which meet SLA when the neighbor is preferred.
type: int
name:
description:
- Zone name.
required: true
type: str
service_sla_tie_break:
choices:
- cfg-order
- fib-best-match
- input-device
description:
- Method of selecting member if more than one meets the SLA.
type: str
type: list
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str