fortinet / fortinet.fortios / 2.3.6 / module / fortios_system_sdwan Configure redundant Internet connections with multiple outbound links and health-check profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_system_sdwan (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sdwan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure redundant Internet connections with multiple outbound links and health-check profiles. fortinet.fortios.fortios_system_sdwan: vdom: "{{ vdom }}" system_sdwan: app_perf_log_period: "0" duplication: - dstaddr: - name: "default_name_6 (source firewall.address.name firewall.addrgrp.name)" dstaddr6: - name: "default_name_8 (source firewall.address6.name firewall.addrgrp6.name)" dstintf: - name: "default_name_10 (source system.interface.name system.zone.name system.sdwan.zone.name)" id: "11" packet_de_duplication: "enable" packet_duplication: "disable" service: - name: "default_name_15 (source firewall.service.custom.name firewall.service.group.name)" service_id: - id: "17 (source system.sdwan.service.id)" sla_match_service: "enable" srcaddr: - name: "default_name_20 (source firewall.address.name firewall.addrgrp.name)" srcaddr6: - name: "default_name_22 (source firewall.address6.name firewall.addrgrp6.name)" srcintf: - name: "default_name_24 (source system.interface.name system.zone.name system.sdwan.zone.name)" duplication_max_num: "2" fail_alert_interfaces: - name: "default_name_27 (source system.interface.name)" fail_detect: "enable" health_check: - addr_mode: "ipv4" class_id: "0" detect_mode: "active" diffservcode: "<your_own_value>" dns_match_ip: "<your_own_value>" dns_request_domain: "<your_own_value>" embed_measured_health: "enable" failtime: "5" ftp_file: "<your_own_value>" ftp_mode: "passive" ha_priority: "1" http_agent: "<your_own_value>" http_get: "<your_own_value>" http_match: "<your_own_value>" interval: "500" members: - seq_num: "<you_own_value>" mos_codec: "g711" name: "default_name_48" packet_size: "124" password: "<your_own_value>" port: "0" probe_count: "30" probe_packets: "disable" probe_timeout: "500" protocol: "ping" quality_measured_method: "half-open" recoverytime: "5" security_mode: "none" server: "192.168.100.40" sla: - id: "61" jitter_threshold: "5" latency_threshold: "5" link_cost_factor: "latency" mos_threshold: "<your_own_value>" packetloss_threshold: "0" priority_in_sla: "0" priority_out_sla: "0" sla_fail_log_period: "0" sla_id_redistribute: "0" sla_pass_log_period: "0" source: "<your_own_value>" source6: "<your_own_value>" system_dns: "disable" threshold_alert_jitter: "0" threshold_alert_latency: "0" threshold_alert_packetloss: "0" threshold_warning_jitter: "0" threshold_warning_latency: "0" threshold_warning_packetloss: "0" update_cascade_interface: "enable" update_static_route: "enable" user: "<your_own_value>" vrf: "0" load_balance_mode: "source-ip-based" members: - comment: "Comments." cost: "0" gateway: "<your_own_value>" gateway6: "<your_own_value>" ingress_spillover_threshold: "0" interface: "<your_own_value> (source system.interface.name)" preferred_source: "<your_own_value>" priority: "1" priority6: "1024" seq_num: "<you_own_value>" source: "<your_own_value>" source6: "<your_own_value>" spillover_threshold: "0" status: "disable" transport_group: "0" volume_ratio: "1" weight: "1" zone: "<your_own_value> (source system.sdwan.zone.name)" neighbor: - health_check: "<your_own_value> (source system.sdwan.health-check.name)" ip: "<your_own_value> (source router.bgp.neighbor-group.name router.bgp.neighbor.ip)" member: - seq_num: "<you_own_value>" minimum_sla_meet_members: "1" mode: "sla" role: "standalone" service_id: "0" sla_id: "0" neighbor_hold_boot_time: "0" neighbor_hold_down: "enable" neighbor_hold_down_time: "0" service: - addr_mode: "ipv4" agent_exclusive: "enable" bandwidth_weight: "0" default: "enable" dscp_forward: "enable" dscp_forward_tag: "<your_own_value>" dscp_reverse: "enable" dscp_reverse_tag: "<your_own_value>" dst: - name: "default_name_128 (source firewall.address.name firewall.addrgrp.name)" dst_negate: "enable" dst6: - name: "default_name_131 (source firewall.address6.name firewall.addrgrp6.name)" end_port: "65535" end_src_port: "65535" gateway: "enable" groups: - name: "default_name_136 (source user.group.name)" hash_mode: "round-robin" health_check: - name: "default_name_139 (source system.sdwan.health-check.name)" hold_down_time: "0" id: "141" input_device: - name: "default_name_143 (source system.interface.name)" input_device_negate: "enable" input_zone: - name: "default_name_146 (source system.sdwan.zone.name)" internet_service: "enable" internet_service_app_ctrl: - id: "149" internet_service_app_ctrl_category: - id: "151" internet_service_app_ctrl_group: - name: "default_name_153 (source application.group.name)" internet_service_custom: - name: "default_name_155 (source firewall.internet-service-custom.name)" internet_service_custom_group: - name: "default_name_157 (source firewall.internet-service-custom-group.name)" internet_service_group: - name: "default_name_159 (source firewall.internet-service-group.name)" internet_service_name: - name: "default_name_161 (source firewall.internet-service-name.name)" jitter_weight: "0" latency_weight: "0" link_cost_factor: "latency" link_cost_threshold: "10" load_balance: "enable" minimum_sla_meet_members: "0" mode: "auto" name: "default_name_169" packet_loss_weight: "0" passive_measurement: "enable" priority_members: - seq_num: "<you_own_value>" priority_zone: - name: "default_name_175 (source system.sdwan.zone.name)" protocol: "0" quality_link: "0" role: "standalone" route_tag: "0" shortcut: "enable" shortcut_priority: "enable" shortcut_stickiness: "enable" sla: - health_check: "<your_own_value> (source system.sdwan.health-check.name)" id: "185" sla_compare_method: "order" sla_stickiness: "enable" src: - name: "default_name_189 (source firewall.address.name firewall.addrgrp.name)" src_negate: "enable" src6: - name: "default_name_192 (source firewall.address6.name firewall.addrgrp6.name)" standalone_action: "enable" start_port: "1" start_src_port: "1" status: "enable" tie_break: "zone" tos: "<your_own_value>" tos_mask: "<your_own_value>" use_shortcut_sla: "enable" users: - name: "default_name_202 (source user.local.name)" zone_mode: "enable" speedtest_bypass_routing: "disable" status: "disable" zone: - advpn_health_check: "<your_own_value> (source system.sdwan.health-check.name)" advpn_select: "enable" minimum_sla_meet_members: "1" name: "default_name_210" service_sla_tie_break: "cfg-order"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str system_sdwan: default: null description: - Configure redundant Internet connections with multiple outbound links and health-check profiles. suboptions: app_perf_log_period: description: - Time interval in seconds that application performance logs are generated (0 - 3600). type: int duplication: description: - Create SD-WAN duplication rule. elements: dict suboptions: dstaddr: description: - Destination address or address group names. elements: dict suboptions: name: description: - Address or address group name. Source firewall.address.name firewall.addrgrp.name. required: true type: str type: list dstaddr6: description: - Destination address6 or address6 group names. elements: dict suboptions: name: description: - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. required: true type: str type: list dstintf: description: - Outgoing (egress) interfaces or zones. elements: dict suboptions: name: description: - Interface, zone or SDWAN zone name. Source system.interface.name system.zone.name system.sdwan.zone.name. required: true type: str type: list id: description: - Duplication rule ID (1 - 255). see <a href='#notes'>Notes</a>. required: true type: int packet_de_duplication: choices: - enable - disable description: - Enable/disable discarding of packets that have been duplicated. type: str packet_duplication: choices: - disable - force - on-demand description: - Configure packet duplication method. type: str service: description: - Service and service group name. elements: dict suboptions: name: description: - Service and service group name. Source firewall.service.custom.name firewall.service.group.name. required: true type: str type: list service_id: description: - SD-WAN service rule ID list. elements: dict suboptions: id: description: - SD-WAN service rule ID. see <a href='#notes'>Notes</a>. Source system.sdwan.service.id. required: true type: int type: list sla_match_service: choices: - enable - disable description: - Enable/disable packet duplication matching health-check SLAs in service rule. type: str srcaddr: description: - Source address or address group names. elements: dict suboptions: name: description: - Address or address group name. Source firewall.address.name firewall.addrgrp.name. required: true type: str type: list srcaddr6: description: - Source address6 or address6 group names. elements: dict suboptions: name: description: - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. required: true type: str type: list srcintf: description: - Incoming (ingress) interfaces or zones. elements: dict suboptions: name: description: - Interface, zone or SDWAN zone name. Source system.interface.name system.zone.name system.sdwan.zone.name. required: true type: str type: list type: list duplication_max_num: description: - Maximum number of interface members a packet is duplicated in the SD-WAN zone (2 - 4). type: int fail_alert_interfaces: description: - Physical interfaces that will be alerted. elements: dict suboptions: name: description: - Physical interface name. Source system.interface.name. required: true type: str type: list fail_detect: choices: - enable - disable description: - Enable/disable SD-WAN Internet connection status checking (failure detection). type: str health_check: description: - SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it. elements: dict suboptions: addr_mode: choices: - ipv4 - ipv6 description: - Address mode (IPv4 or IPv6). type: str class_id: description: - Traffic class ID. Source firewall.traffic-class.class-id. type: int detect_mode: choices: - active - passive - prefer-passive - remote - agent-based description: - The mode determining how to detect the server. type: str diffservcode: description: - Differentiated services code point (DSCP) in the IP header of the probe packet. type: str dns_match_ip: description: - Response IP expected from DNS server if the protocol is DNS. type: str dns_request_domain: description: - Fully qualified domain name to resolve for the DNS probe. type: str embed_measured_health: choices: - enable - disable description: - Enable/disable embedding measured health information. type: str failtime: description: - Number of failures before server is considered lost (1 - 3600). type: int ftp_file: description: - Full path and file name on the FTP server to download for FTP health-check to probe. type: str ftp_mode: choices: - passive - port description: - FTP mode. type: str ha_priority: description: - HA election priority (1 - 50). type: int http_agent: description: - String in the http-agent field in the HTTP header. type: str http_get: description: - URL used to communicate with the server if the protocol if the protocol is HTTP. type: str http_match: description: - Response string expected from the server if the protocol is HTTP. type: str interval: description: - Status check interval in milliseconds, or the time between attempting to connect to the server (20 - 3600*1000 msec). type: int members: description: - Member sequence number list. elements: dict suboptions: seq_num: description: - Member sequence number. see <a href='#notes'>Notes</a>. Source system.sdwan.members.seq-num. required: true type: int type: list mos_codec: choices: - g711 - g722 - g729 description: - Codec to use for MOS calculation . type: str name: description: - Status check or health check name. required: true type: str packet_size: description: - Packet size of a TWAMP test session. (124/158 - 1024) type: int password: description: - TWAMP controller password in authentication mode. type: str port: description: - Port number used to communicate with the server over the selected protocol (0 - 65535). type: int probe_count: description: - Number of most recent probes that should be used to calculate latency and jitter (5 - 30). type: int probe_packets: choices: - disable - enable description: - Enable/disable transmission of probe packets. type: str probe_timeout: description: - Time to wait before a probe packet is considered lost (20 - 3600*1000 msec). type: int protocol: choices: - ping - tcp-echo - udp-echo - http - https - twamp - dns - tcp-connect - ftp - ping6 description: - Protocol used to determine if the FortiGate can communicate with the server. type: str quality_measured_method: choices: - half-open - half-close description: - Method to measure the quality of tcp-connect. type: str recoverytime: description: - Number of successful responses received before server is considered recovered (1 - 3600). type: int security_mode: choices: - none - authentication description: - Twamp controller security mode. type: str server: description: - IP address or FQDN name of the server. elements: str type: list sla: description: - Service level agreement (SLA). elements: dict suboptions: id: description: - SLA ID. see <a href='#notes'>Notes</a>. required: true type: int jitter_threshold: description: - Jitter for SLA to make decision in milliseconds. (0 - 10000000). type: int latency_threshold: description: - Latency for SLA to make decision in milliseconds. (0 - 10000000). type: int link_cost_factor: choices: - latency - jitter - packet-loss - mos description: - Criteria on which to base link selection. elements: str type: list mos_threshold: description: - Minimum Mean Opinion Score for SLA to be marked as pass. (1.0 - 5.0). type: str packetloss_threshold: description: - Packet loss for SLA to make decision in percentage. (0 - 100). type: int priority_in_sla: description: - Value to be distributed into routing table when in-sla (0 - 65535). type: int priority_out_sla: description: - Value to be distributed into routing table when out-sla (0 - 65535). type: int type: list sla_fail_log_period: description: - Time interval in seconds that SLA fail log messages will be generated (0 - 3600). type: int sla_id_redistribute: description: - Select the ID from the SLA sub-table. The selected SLA"s priority value will be distributed into the routing table (0 - 32). type: int sla_pass_log_period: description: - Time interval in seconds that SLA pass log messages will be generated (0 - 3600). type: int source: description: - Source IP address used in the health-check packet to the server. type: str source6: description: - Source IPv6 address used in the health-check packet to server. type: str system_dns: choices: - disable - enable description: - Enable/disable system DNS as the probe server. type: str threshold_alert_jitter: description: - Alert threshold for jitter (ms). type: int threshold_alert_latency: description: - Alert threshold for latency (ms). type: int threshold_alert_packetloss: description: - Alert threshold for packet loss (percentage). type: int threshold_warning_jitter: description: - Warning threshold for jitter (ms). type: int threshold_warning_latency: description: - Warning threshold for latency (ms). type: int threshold_warning_packetloss: description: - Warning threshold for packet loss (percentage). type: int update_cascade_interface: choices: - enable - disable description: - Enable/disable update cascade interface. type: str update_static_route: choices: - enable - disable description: - Enable/disable updating the static route. type: str user: description: - The user name to access probe server. type: str vrf: description: - Virtual Routing Forwarding ID. type: int type: list load_balance_mode: choices: - source-ip-based - weight-based - usage-based - source-dest-ip-based - measured-volume-based description: - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. type: str members: description: - FortiGate interfaces added to the SD-WAN. elements: dict suboptions: comment: description: - Comments. type: str cost: description: - Cost of this interface for services in SLA mode (0 - 4294967295). type: int gateway: description: - The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to. type: str gateway6: description: - IPv6 gateway. type: str ingress_spillover_threshold: description: - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int interface: description: - Interface name. Source system.interface.name. type: str preferred_source: description: - Preferred source of route for this member. type: str priority: description: - Priority of the interface for IPv4 (1 - 65535). Used for SD-WAN rules or priority rules. type: int priority6: description: - Priority of the interface for IPv6 (1 - 65535). Used for SD-WAN rules or priority rules. type: int seq_num: description: - Sequence number(1-512). see <a href='#notes'>Notes</a>. required: true type: int source: description: - Source IP address used in the health-check packet to the server. type: str source6: description: - Source IPv6 address used in the health-check packet to the server. type: str spillover_threshold: description: - Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int status: choices: - disable - enable description: - Enable/disable this interface in the SD-WAN. type: str transport_group: description: - Measured transport group (0 - 255). type: int volume_ratio: description: - Measured volume ratio (this value / sum of all values = percentage of link volume, 1 - 255). type: int weight: description: - Weight of this interface for weighted load balancing. (1 - 255) More traffic is directed to interfaces with higher weights. type: int zone: description: - Zone name. Source system.sdwan.zone.name. type: str type: list neighbor: description: - Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status. elements: dict suboptions: health_check: description: - SD-WAN health-check name. Source system.sdwan.health-check.name. type: str ip: description: - IP/IPv6 address of neighbor or neighbor-group name. Source router.bgp.neighbor-group.name router.bgp.neighbor.ip. required: true type: str member: description: - Member sequence number list. Source system.sdwan.members.seq-num. elements: dict suboptions: seq_num: description: - Member sequence number. see <a href='#notes'>Notes</a>. Source system.sdwan.members.seq-num. required: true type: int type: list minimum_sla_meet_members: description: - Minimum number of members which meet SLA when the neighbor is preferred. type: int mode: choices: - sla - speedtest description: - What metric to select the neighbor. type: str role: choices: - standalone - primary - secondary description: - Role of neighbor. type: str service_id: description: - SD-WAN service ID to work with the neighbor. Source system.sdwan.service.id. type: int sla_id: description: - SLA ID. type: int type: list neighbor_hold_boot_time: description: - Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. (0 - 10000000). type: int neighbor_hold_down: choices: - enable - disable description: - Enable/disable hold switching from the secondary neighbor to the primary neighbor. type: str neighbor_hold_down_time: description: - Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. (0 - 10000000). type: int service: description: - Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN. elements: dict suboptions: addr_mode: choices: - ipv4 - ipv6 description: - Address mode (IPv4 or IPv6). type: str agent_exclusive: choices: - enable - disable description: - Set/unset the service as agent use exclusively. type: str bandwidth_weight: description: - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. type: int default: choices: - enable - disable description: - Enable/disable use of SD-WAN as default service. type: str dscp_forward: choices: - enable - disable description: - Enable/disable forward traffic DSCP tag. type: str dscp_forward_tag: description: - Forward traffic DSCP tag. type: str dscp_reverse: choices: - enable - disable description: - Enable/disable reverse traffic DSCP tag. type: str dscp_reverse_tag: description: - Reverse traffic DSCP tag. type: str dst: description: - Destination address name. elements: dict suboptions: name: description: - Address or address group name. Source firewall.address.name firewall.addrgrp.name. required: true type: str type: list dst6: description: - Destination address6 name. elements: dict suboptions: name: description: - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. required: true type: str type: list dst_negate: choices: - enable - disable description: - Enable/disable negation of destination address match. type: str end_port: description: - End destination port number. type: int end_src_port: description: - End source port number. type: int gateway: choices: - enable - disable description: - Enable/disable SD-WAN service gateway. type: str groups: description: - User groups. elements: dict suboptions: name: description: - Group name. Source user.group.name. required: true type: str type: list hash_mode: choices: - round-robin - source-ip-based - source-dest-ip-based - inbandwidth - outbandwidth - bibandwidth description: - Hash algorithm for selected priority members for load balance mode. type: str health_check: description: - Health check list. elements: dict suboptions: name: description: - Health check name. Source system.sdwan.health-check.name. required: true type: str type: list hold_down_time: description: - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000). type: int id: description: - SD-WAN rule ID (1 - 4000). see <a href='#notes'>Notes</a>. required: true type: int input_device: description: - Source interface name. elements: dict suboptions: name: description: - Interface name. Source system.interface.name. required: true type: str type: list input_device_negate: choices: - enable - disable description: - Enable/disable negation of input device match. type: str input_zone: description: - Source input-zone name. elements: dict suboptions: name: description: - Zone. Source system.sdwan.zone.name. required: true type: str type: list internet_service: choices: - enable - disable description: - Enable/disable use of Internet service for application-based load balancing. type: str internet_service_app_ctrl: description: - Application control based Internet Service ID list. elements: dict suboptions: id: description: - Application control based Internet Service ID. see <a href='#notes'>Notes</a>. required: true type: int type: list internet_service_app_ctrl_category: description: - IDs of one or more application control categories. elements: dict suboptions: id: description: - Application control category ID. see <a href='#notes'>Notes</a>. required: true type: int type: list internet_service_app_ctrl_group: description: - Application control based Internet Service group list. elements: dict suboptions: name: description: - Application control based Internet Service group name. Source application.group.name. required: true type: str type: list internet_service_custom: description: - Custom Internet service name list. elements: dict suboptions: name: description: - Custom Internet service name. Source firewall.internet-service-custom.name. required: true type: str type: list internet_service_custom_group: description: - Custom Internet Service group list. elements: dict suboptions: name: description: - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. required: true type: str type: list internet_service_group: description: - Internet Service group list. elements: dict suboptions: name: description: - Internet Service group name. Source firewall.internet-service-group.name. required: true type: str type: list internet_service_name: description: - Internet service name list. elements: dict suboptions: name: description: - Internet service name. Source firewall.internet-service-name.name. required: true type: str type: list jitter_weight: description: - Coefficient of jitter in the formula of custom-profile-1. type: int latency_weight: description: - Coefficient of latency in the formula of custom-profile-1. type: int link_cost_factor: choices: - latency - jitter - packet-loss - inbandwidth - outbandwidth - bibandwidth - custom-profile-1 description: - Link cost factor. type: str link_cost_threshold: description: - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000). type: int load_balance: choices: - enable - disable description: - Enable/disable load-balance. type: str minimum_sla_meet_members: description: - Minimum number of members which meet SLA. type: int mode: choices: - auto - manual - priority - sla - load-balance description: - Control how the SD-WAN rule sets the priority of interfaces in the SD-WAN. type: str name: description: - SD-WAN rule name. type: str packet_loss_weight: description: - Coefficient of packet-loss in the formula of custom-profile-1. type: int passive_measurement: choices: - enable - disable description: - Enable/disable passive measurement based on the service criteria. type: str priority_members: description: - Member sequence number list. elements: dict suboptions: seq_num: description: - Member sequence number. see <a href='#notes'>Notes</a>. Source system.sdwan.members.seq-num. required: true type: int type: list priority_zone: description: - Priority zone name list. elements: dict suboptions: name: description: - Priority zone name. Source system.sdwan.zone.name. required: true type: str type: list protocol: description: - Protocol number. type: int quality_link: description: - Quality grade. type: int role: choices: - standalone - primary - secondary description: - Service role to work with neighbor. type: str route_tag: description: - IPv4 route map route-tag. type: int shortcut: choices: - enable - disable description: - Enable/disable shortcut for this service. type: str shortcut_priority: choices: - enable - disable - auto description: - High priority of ADVPN shortcut for this service. type: str shortcut_stickiness: choices: - enable - disable description: - Enable/disable shortcut-stickiness of ADVPN. type: str sla: description: - Service level agreement (SLA). elements: dict suboptions: health_check: description: - SD-WAN health-check. Source system.sdwan.health-check.name. required: true type: str id: description: - SLA ID. type: int type: list sla_compare_method: choices: - order - number description: - Method to compare SLA value for SLA mode. type: str sla_stickiness: choices: - enable - disable description: - Enable/disable SLA stickiness . type: str src: description: - Source address name. elements: dict suboptions: name: description: - Address or address group name. Source firewall.address.name firewall.addrgrp.name. required: true type: str type: list src6: description: - Source address6 name. elements: dict suboptions: name: description: - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. required: true type: str type: list src_negate: choices: - enable - disable description: - Enable/disable negation of source address match. type: str standalone_action: choices: - enable - disable description: - Enable/disable service when selected neighbor role is standalone while service role is not standalone. type: str start_port: description: - Start destination port number. type: int start_src_port: description: - Start source port number. type: int status: choices: - enable - disable description: - Enable/disable SD-WAN service. type: str tie_break: choices: - zone - cfg-order - fib-best-match - input-device description: - Method of selecting member if more than one meets the SLA. type: str tos: description: - Type of service bit pattern. type: str tos_mask: description: - Type of service evaluated bits. type: str use_shortcut_sla: choices: - enable - disable description: - Enable/disable use of ADVPN shortcut for quality comparison. type: str users: description: - User name. elements: dict suboptions: name: description: - User name. Source user.local.name. required: true type: str type: list zone_mode: choices: - enable - disable description: - Enable/disable zone mode. type: str type: list speedtest_bypass_routing: choices: - disable - enable description: - Enable/disable bypass routing when speedtest on a SD-WAN member. type: str status: choices: - disable - enable description: - Enable/disable SD-WAN. type: str zone: description: - Configure SD-WAN zones. elements: dict suboptions: advpn_health_check: description: - Health check for ADVPN local overlay link quality. Source system.sdwan.health-check.name. type: str advpn_select: choices: - enable - disable description: - Enable/disable selection of ADVPN based on SDWAN information. type: str minimum_sla_meet_members: description: - Minimum number of members which meet SLA when the neighbor is preferred. type: int name: description: - Zone name. required: true type: str service_sla_tie_break: choices: - cfg-order - fib-best-match - input-device description: - Method of selecting member if more than one meets the SLA. type: str type: list type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str