Try SpotterConfigure VPN remote gateway in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure VPN remote gateway.
fortinet.fortios.fortios_vpn_ipsec_phase1:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
vpn_ipsec_phase1:
acct_verify: "enable"
add_gw_route: "enable"
add_route: "disable"
assign_ip: "disable"
assign_ip_from: "range"
authmethod: "psk"
authmethod_remote: "psk"
authpasswd: "<your_own_value>"
authusr: "<your_own_value>"
authusrgrp: "<your_own_value> (source user.group.name)"
auto_negotiate: "enable"
azure_ad_autoconnect: "enable"
backup_gateway:
-
address: "<your_own_value>"
banner: "<your_own_value>"
cert_id_validation: "enable"
cert_trust_store: "local"
certificate:
-
name: "default_name_21 (source vpn.certificate.local.name)"
childless_ike: "enable"
client_auto_negotiate: "disable"
client_keep_alive: "disable"
comments: "<your_own_value>"
dev_id: "<your_own_value>"
dev_id_notification: "disable"
dhcp_ra_giaddr: "<your_own_value>"
dhcp6_ra_linkaddr: "<your_own_value>"
dhgrp: "1"
digital_signature_auth: "enable"
distance: "15"
dns_mode: "manual"
domain: "<your_own_value>"
dpd: "disable"
dpd_retrycount: "3"
dpd_retryinterval: "<your_own_value>"
eap: "enable"
eap_cert_auth: "enable"
eap_exclude_peergrp: "<your_own_value> (source user.peergrp.name)"
eap_identity: "use-id-payload"
ems_sn_check: "enable"
enforce_unique_id: "disable"
esn: "require"
exchange_fgt_device_id: "enable"
fallback_tcp_threshold: "15"
fec_base: "10"
fec_codec: "rs"
fec_egress: "enable"
fec_health_check: "<your_own_value> (source system.sdwan.health-check.name)"
fec_ingress: "enable"
fec_mapping_profile: "<your_own_value> (source vpn.ipsec.fec.name)"
fec_receive_timeout: "50"
fec_redundant: "1"
fec_send_timeout: "5"
fgsp_sync: "enable"
forticlient_enforcement: "enable"
fortinet_esp: "enable"
fragmentation: "enable"
fragmentation_mtu: "1200"
group_authentication: "enable"
group_authentication_secret: "<your_own_value>"
ha_sync_esp_seqno: "enable"
idle_timeout: "enable"
idle_timeoutinterval: "15"
ike_version: "1"
inbound_dscp_copy: "enable"
include_local_lan: "disable"
interface: "<your_own_value> (source system.interface.name)"
internal_domain_list:
-
domain_name: "<your_own_value>"
ip_delay_interval: "0"
ipv4_dns_server1: "<your_own_value>"
ipv4_dns_server2: "<your_own_value>"
ipv4_dns_server3: "<your_own_value>"
ipv4_end_ip: "<your_own_value>"
ipv4_exclude_range:
-
end_ip: "<your_own_value>"
id: "79"
start_ip: "<your_own_value>"
ipv4_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_netmask: "<your_own_value>"
ipv4_split_exclude: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_split_include: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_start_ip: "<your_own_value>"
ipv4_wins_server1: "<your_own_value>"
ipv4_wins_server2: "<your_own_value>"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_dns_server3: "<your_own_value>"
ipv6_end_ip: "<your_own_value>"
ipv6_exclude_range:
-
end_ip: "<your_own_value>"
id: "94"
start_ip: "<your_own_value>"
ipv6_name: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_prefix: "128"
ipv6_split_exclude: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_include: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_start_ip: "<your_own_value>"
keepalive: "10"
keylife: "86400"
kms: "<your_own_value> (source vpn.kmip-server.name)"
link_cost: "0"
local_gw: "<your_own_value>"
localid: "<your_own_value>"
localid_type: "auto"
loopback_asymroute: "enable"
mesh_selector_type: "disable"
mode: "aggressive"
mode_cfg: "disable"
mode_cfg_allow_client_selector: "disable"
name: "default_name_113"
nattraversal: "enable"
negotiate_timeout: "30"
network_id: "0"
network_overlay: "disable"
npu_offload: "enable"
peer: "<your_own_value> (source user.peer.name)"
peergrp: "<your_own_value> (source user.peergrp.name)"
peerid: "<your_own_value>"
peertype: "any"
ppk: "disable"
ppk_identity: "<your_own_value>"
ppk_secret: "<your_own_value>"
priority: "1"
proposal: "des-md5"
psksecret: "<your_own_value>"
psksecret_remote: "<your_own_value>"
qkd: "disable"
qkd_profile: "<your_own_value> (source vpn.qkd.name)"
reauth: "disable"
rekey: "enable"
remote_gw: "<your_own_value>"
remotegw_ddns: "<your_own_value>"
rsa_signature_format: "pkcs1"
rsa_signature_hash_override: "enable"
save_password: "disable"
send_cert_chain: "enable"
signature_hash_alg: "sha1"
split_include_service: "<your_own_value> (source firewall.service.group.name firewall.service.custom.name)"
suite_b: "disable"
transport: "udp"
type: "static"
unity_support: "disable"
usrgrp: "<your_own_value> (source user.group.name)"
wizard_type: "custom"
xauthtype: "disable"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
vpn_ipsec_phase1:
default: null
description:
- Configure VPN remote gateway.
suboptions:
acct_verify:
choices:
- enable
- disable
description:
- Enable/disable verification of RADIUS accounting record.
type: str
add_gw_route:
choices:
- enable
- disable
description:
- Enable/disable automatically add a route to the remote gateway.
type: str
add_route:
choices:
- disable
- enable
description:
- Enable/disable control addition of a route to peer destination selector.
type: str
assign_ip:
choices:
- disable
- enable
description:
- Enable/disable assignment of IP to IPsec interface via configuration method.
type: str
assign_ip_from:
choices:
- range
- usrgrp
- dhcp
- name
description:
- Method by which the IP address will be assigned.
type: str
authmethod:
choices:
- psk
- signature
description:
- Authentication method.
type: str
authmethod_remote:
choices:
- psk
- signature
description:
- Authentication method (remote side).
type: str
authpasswd:
description:
- XAuth password (max 35 characters).
type: str
authusr:
description:
- XAuth user name.
type: str
authusrgrp:
description:
- Authentication user group. Source user.group.name.
type: str
auto_negotiate:
choices:
- enable
- disable
description:
- Enable/disable automatic initiation of IKE SA negotiation.
type: str
azure_ad_autoconnect:
choices:
- enable
- disable
description:
- Enable/disable Azure AD Auto-Connect for FortiClient.
type: str
backup_gateway:
description:
- Instruct unity clients about the backup gateway address(es).
elements: dict
suboptions:
address:
description:
- Address of backup gateway.
required: true
type: str
type: list
banner:
description:
- Message that unity client should display after connecting.
type: str
cert_id_validation:
choices:
- enable
- disable
description:
- Enable/disable cross validation of peer ID and the identity in the peer"s certificate
as specified in RFC 4945.
type: str
cert_trust_store:
choices:
- local
- ems
description:
- CA certificate trust store.
type: str
certificate:
description:
- Names of up to 4 signed personal certificates.
elements: dict
suboptions:
name:
description:
- Certificate name. Source vpn.certificate.local.name.
required: true
type: str
type: list
childless_ike:
choices:
- enable
- disable
description:
- Enable/disable childless IKEv2 initiation (RFC 6023).
type: str
client_auto_negotiate:
choices:
- disable
- enable
description:
- Enable/disable allowing the VPN client to bring up the tunnel when there is
no traffic.
type: str
client_keep_alive:
choices:
- disable
- enable
description:
- Enable/disable allowing the VPN client to keep the tunnel up when there is no
traffic.
type: str
comments:
description:
- Comment.
type: str
dev_id:
description:
- Device ID carried by the device ID notification.
type: str
dev_id_notification:
choices:
- disable
- enable
description:
- Enable/disable device ID notification.
type: str
dhcp6_ra_linkaddr:
description:
- Relay agent IPv6 link address to use in DHCP6 requests.
type: str
dhcp_ra_giaddr:
description:
- Relay agent gateway IP address to use in the giaddr field of DHCP requests.
type: str
dhgrp:
choices:
- '1'
- '2'
- '5'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '27'
- '28'
- '29'
- '30'
- '31'
- '32'
description:
- DH group.
elements: str
type: list
digital_signature_auth:
choices:
- enable
- disable
description:
- Enable/disable IKEv2 Digital Signature Authentication (RFC 7427).
type: str
distance:
description:
- Distance for routes added by IKE (1 - 255).
type: int
dns_mode:
choices:
- manual
- auto
description:
- DNS server mode.
type: str
domain:
description:
- Instruct unity clients about the single default DNS domain.
type: str
dpd:
choices:
- disable
- on-idle
- on-demand
description:
- Dead Peer Detection mode.
type: str
dpd_retrycount:
description:
- Number of DPD retry attempts.
type: int
dpd_retryinterval:
description:
- DPD retry interval.
type: str
eap:
choices:
- enable
- disable
description:
- Enable/disable IKEv2 EAP authentication.
type: str
eap_cert_auth:
choices:
- enable
- disable
description:
- Enable/disable peer certificate authentication in addition to EAP if peer is
a FortiClient endpoint.
type: str
eap_exclude_peergrp:
description:
- Peer group excluded from EAP authentication. Source user.peergrp.name.
type: str
eap_identity:
choices:
- use-id-payload
- send-request
description:
- IKEv2 EAP peer identity type.
type: str
ems_sn_check:
choices:
- enable
- disable
description:
- Enable/disable verification of EMS serial number.
type: str
enforce_unique_id:
choices:
- disable
- keep-new
- keep-old
description:
- Enable/disable peer ID uniqueness check.
type: str
esn:
choices:
- require
- allow
- disable
description:
- Extended sequence number (ESN) negotiation.
type: str
exchange_fgt_device_id:
choices:
- enable
- disable
description:
- Enable/disable device identifier exchange with peer FortiGate units for use
of VPN monitor data by FortiManager.
type: str
fallback_tcp_threshold:
description:
- Timeout in seconds before falling back IKE/IPsec traffic to tcp.
type: int
fec_base:
description:
- Number of base Forward Error Correction packets (1 - 20).
type: int
fec_codec:
choices:
- rs
- xor
description:
- Forward Error Correction encoding/decoding algorithm.
type: str
fec_egress:
choices:
- enable
- disable
description:
- Enable/disable Forward Error Correction for egress IPsec traffic.
type: str
fec_health_check:
description:
- SD-WAN health check. Source system.sdwan.health-check.name.
type: str
fec_ingress:
choices:
- enable
- disable
description:
- Enable/disable Forward Error Correction for ingress IPsec traffic.
type: str
fec_mapping_profile:
description:
- Forward Error Correction (FEC) mapping profile. Source vpn.ipsec.fec.name.
type: str
fec_receive_timeout:
description:
- Timeout in milliseconds before dropping Forward Error Correction packets (1
- 1000).
type: int
fec_redundant:
description:
- Number of redundant Forward Error Correction packets (1 - 5 for reed-solomon,
1 for xor).
type: int
fec_send_timeout:
description:
- Timeout in milliseconds before sending Forward Error Correction packets (1 -
1000).
type: int
fgsp_sync:
choices:
- enable
- disable
description:
- Enable/disable IPsec syncing of tunnels for FGSP IPsec.
type: str
forticlient_enforcement:
choices:
- enable
- disable
description:
- Enable/disable FortiClient enforcement.
type: str
fortinet_esp:
choices:
- enable
- disable
description:
- Enable/disable Fortinet ESP encapsulaton.
type: str
fragmentation:
choices:
- enable
- disable
description:
- Enable/disable fragment IKE message on re-transmission.
type: str
fragmentation_mtu:
description:
- IKE fragmentation MTU (500 - 16000).
type: int
group_authentication:
choices:
- enable
- disable
description:
- Enable/disable IKEv2 IDi group authentication.
type: str
group_authentication_secret:
description:
- Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated
by a leading 0x.
type: str
ha_sync_esp_seqno:
choices:
- enable
- disable
description:
- Enable/disable sequence number jump ahead for IPsec HA.
type: str
idle_timeout:
choices:
- enable
- disable
description:
- Enable/disable IPsec tunnel idle timeout.
type: str
idle_timeoutinterval:
description:
- IPsec tunnel idle timeout in minutes (5 - 43200).
type: int
ike_version:
choices:
- '1'
- '2'
description:
- IKE protocol version.
type: str
inbound_dscp_copy:
choices:
- enable
- disable
description:
- Enable/disable copy the dscp in the ESP header to the inner IP Header.
type: str
include_local_lan:
choices:
- disable
- enable
description:
- Enable/disable allow local LAN access on unity clients.
type: str
interface:
description:
- Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name.
type: str
internal_domain_list:
description:
- One or more internal domain names in quotes separated by spaces.
elements: dict
suboptions:
domain_name:
description:
- Domain name.
required: true
type: str
type: list
ip_delay_interval:
description:
- IP address reuse delay interval in seconds (0 - 28800).
type: int
ipv4_dns_server1:
description:
- IPv4 DNS server 1.
type: str
ipv4_dns_server2:
description:
- IPv4 DNS server 2.
type: str
ipv4_dns_server3:
description:
- IPv4 DNS server 3.
type: str
ipv4_end_ip:
description:
- End of IPv4 range.
type: str
ipv4_exclude_range:
description:
- Configuration Method IPv4 exclude ranges.
elements: dict
suboptions:
end_ip:
description:
- End of IPv4 exclusive range.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
start_ip:
description:
- Start of IPv4 exclusive range.
type: str
type: list
ipv4_name:
description:
- IPv4 address name. Source firewall.address.name firewall.addrgrp.name.
type: str
ipv4_netmask:
description:
- IPv4 Netmask.
type: str
ipv4_split_exclude:
description:
- IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name
firewall.addrgrp.name.
type: str
ipv4_split_include:
description:
- IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name.
type: str
ipv4_start_ip:
description:
- Start of IPv4 range.
type: str
ipv4_wins_server1:
description:
- WINS server 1.
type: str
ipv4_wins_server2:
description:
- WINS server 2.
type: str
ipv6_dns_server1:
description:
- IPv6 DNS server 1.
type: str
ipv6_dns_server2:
description:
- IPv6 DNS server 2.
type: str
ipv6_dns_server3:
description:
- IPv6 DNS server 3.
type: str
ipv6_end_ip:
description:
- End of IPv6 range.
type: str
ipv6_exclude_range:
description:
- Configuration method IPv6 exclude ranges.
elements: dict
suboptions:
end_ip:
description:
- End of IPv6 exclusive range.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
start_ip:
description:
- Start of IPv6 exclusive range.
type: str
type: list
ipv6_name:
description:
- IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
type: str
ipv6_prefix:
description:
- IPv6 prefix.
type: int
ipv6_split_exclude:
description:
- IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name
firewall.addrgrp6.name.
type: str
ipv6_split_include:
description:
- IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name.
type: str
ipv6_start_ip:
description:
- Start of IPv6 range.
type: str
keepalive:
description:
- NAT-T keep alive interval.
type: int
keylife:
description:
- Time to wait in seconds before phase 1 encryption key expires.
type: int
kms:
description:
- Key Management Services server. Source vpn.kmip-server.name.
type: str
link_cost:
description:
- VPN tunnel underlay link cost.
type: int
local_gw:
description:
- Local VPN gateway.
type: str
localid:
description:
- Local ID.
type: str
localid_type:
choices:
- auto
- fqdn
- user-fqdn
- keyid
- address
- asn1dn
description:
- Local ID type.
type: str
loopback_asymroute:
choices:
- enable
- disable
description:
- Enable/disable asymmetric routing for IKE traffic on loopback interface.
type: str
mesh_selector_type:
choices:
- disable
- subnet
- host
description:
- Add selectors containing subsets of the configuration depending on traffic.
type: str
mode:
choices:
- aggressive
- main
description:
- ID protection mode used to establish a secure channel.
type: str
mode_cfg:
choices:
- disable
- enable
description:
- Enable/disable configuration method.
type: str
mode_cfg_allow_client_selector:
choices:
- disable
- enable
description:
- Enable/disable mode-cfg client to use custom phase2 selectors.
type: str
name:
description:
- IPsec remote gateway name.
required: true
type: str
nattraversal:
choices:
- enable
- disable
- forced
description:
- Enable/disable NAT traversal.
type: str
negotiate_timeout:
description:
- IKE SA negotiation timeout in seconds (1 - 300).
type: int
network_id:
description:
- VPN gateway network ID.
type: int
network_overlay:
choices:
- disable
- enable
description:
- Enable/disable network overlays.
type: str
npu_offload:
choices:
- enable
- disable
description:
- Enable/disable offloading NPU.
type: str
peer:
description:
- Accept this peer certificate. Source user.peer.name.
type: str
peergrp:
description:
- Accept this peer certificate group. Source user.peergrp.name.
type: str
peerid:
description:
- Accept this peer identity.
type: str
peertype:
choices:
- any
- one
- dialup
- peer
- peergrp
description:
- Accept this peer type.
type: str
ppk:
choices:
- disable
- allow
- require
description:
- Enable/disable IKEv2 Postquantum Preshared Key (PPK).
type: str
ppk_identity:
description:
- IKEv2 Postquantum Preshared Key Identity.
type: str
ppk_secret:
description:
- IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a
leading 0x).
type: str
priority:
description:
- Priority for routes added by IKE (1 - 65535).
type: int
proposal:
choices:
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes128gcm-prfsha1
- aes128gcm-prfsha256
- aes128gcm-prfsha384
- aes128gcm-prfsha512
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
- aes256gcm-prfsha1
- aes256gcm-prfsha256
- aes256gcm-prfsha384
- aes256gcm-prfsha512
- chacha20poly1305-prfsha1
- chacha20poly1305-prfsha256
- chacha20poly1305-prfsha384
- chacha20poly1305-prfsha512
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
- seed-md5
- seed-sha1
- seed-sha256
- seed-sha384
- seed-sha512
description:
- Phase1 proposal.
elements: str
type: list
psksecret:
description:
- Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded
with a leading 0x).
type: str
psksecret_remote:
description:
- Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal
encoded with a leading 0x).
type: str
qkd:
choices:
- disable
- allow
- require
description:
- Enable/disable use of Quantum Key Distribution (QKD) server.
type: str
qkd_profile:
description:
- Quantum Key Distribution (QKD) server profile. Source vpn.qkd.name.
type: str
reauth:
choices:
- disable
- enable
description:
- Enable/disable re-authentication upon IKE SA lifetime expiration.
type: str
rekey:
choices:
- enable
- disable
description:
- Enable/disable phase1 rekey.
type: str
remote_gw:
description:
- Remote VPN gateway.
type: str
remotegw_ddns:
description:
- Domain name of remote gateway. For example, name.ddns.com.
type: str
rsa_signature_format:
choices:
- pkcs1
- pss
description:
- Digital Signature Authentication RSA signature format.
type: str
rsa_signature_hash_override:
choices:
- enable
- disable
description:
- Enable/disable IKEv2 RSA signature hash algorithm override.
type: str
save_password:
choices:
- disable
- enable
description:
- Enable/disable saving XAuth username and password on VPN clients.
type: str
send_cert_chain:
choices:
- enable
- disable
description:
- Enable/disable sending certificate chain.
type: str
signature_hash_alg:
choices:
- sha1
- sha2-256
- sha2-384
- sha2-512
description:
- Digital Signature Authentication hash algorithms.
elements: str
type: list
split_include_service:
description:
- Split-include services. Source firewall.service.group.name firewall.service.custom.name.
type: str
suite_b:
choices:
- disable
- suite-b-gcm-128
- suite-b-gcm-256
description:
- Use Suite-B.
type: str
transport:
choices:
- udp
- udp-fallback-tcp
- tcp
description:
- Set IKE transport protocol.
type: str
type:
choices:
- static
- dynamic
- ddns
description:
- Remote gateway type.
type: str
unity_support:
choices:
- disable
- enable
description:
- Enable/disable support for Cisco UNITY Configuration Method extensions.
type: str
usrgrp:
description:
- User group name for dialup peers. Source user.group.name.
type: str
wizard_type:
choices:
- custom
- dialup-forticlient
- dialup-ios
- dialup-android
- dialup-windows
- dialup-cisco
- static-fortigate
- dialup-fortigate
- static-cisco
- dialup-cisco-fw
- simplified-static-fortigate
- hub-fortigate-auto-discovery
- spoke-fortigate-auto-discovery
description:
- GUI VPN Wizard Type.
type: str
xauthtype:
choices:
- disable
- client
- pap
- chap
- auto
description:
- XAuth type.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str