Try SpotterConfigure Virtual Access Points (VAPs) in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure Virtual Access Points (VAPs).
fortinet.fortios.fortios_wireless_controller_vap:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
wireless_controller_vap:
access_control_list: "<your_own_value> (source wireless-controller.access-control-list.name)"
acct_interim_interval: "43200"
additional_akms: "akm6"
address_group: "<your_own_value> (source firewall.addrgrp.name)"
address_group_policy: "disable"
alias: "<your_own_value>"
antivirus_profile: "<your_own_value> (source antivirus.profile.name)"
application_detection_engine: "enable"
application_dscp_marking: "enable"
application_list: "<your_own_value> (source application.list.name)"
application_report_intv: "120"
atf_weight: "20"
auth: "radius"
auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_portal_addr: "<your_own_value>"
beacon_advertising: "name"
broadcast_ssid: "enable"
broadcast_suppression: "dhcp-up"
bss_color_partial: "enable"
bstm_disassociation_imminent: "enable"
bstm_load_balancing_disassoc_timer: "10"
bstm_rssi_disassoc_timer: "200"
captive_portal_ac_name: "<your_own_value>"
captive_portal_auth_timeout: "0"
captive_portal_fw_accounting: "enable"
captive_portal_macauth_radius_secret: "<your_own_value>"
captive_portal_macauth_radius_server: "<your_own_value>"
captive_portal_radius_secret: "<your_own_value>"
captive_portal_radius_server: "<your_own_value>"
captive_portal_session_timeout_interval: "432000"
dhcp_address_enforcement: "enable"
dhcp_lease_time: "2400"
dhcp_option43_insertion: "enable"
dhcp_option82_circuit_id_insertion: "style-1"
dhcp_option82_insertion: "enable"
dhcp_option82_remote_id_insertion: "style-1"
dynamic_vlan: "enable"
eap_reauth: "enable"
eap_reauth_intv: "86400"
eapol_key_retries: "disable"
encrypt: "TKIP"
external_fast_roaming: "enable"
external_logout: "<your_own_value>"
external_web: "<your_own_value>"
external_web_format: "auto-detect"
fast_bss_transition: "disable"
fast_roaming: "enable"
ft_mobility_domain: "1000"
ft_over_ds: "disable"
ft_r0_key_lifetime: "480"
gas_comeback_delay: "500"
gas_fragmentation_limit: "1024"
gtk_rekey: "enable"
gtk_rekey_intv: "86400"
high_efficiency: "enable"
hotspot20_profile: "<your_own_value> (source wireless-controller.hotspot20.hs-profile.name)"
igmp_snooping: "enable"
intra_vap_privacy: "enable"
ip: "<your_own_value>"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
ipv6_rules: "drop-icmp6ra"
key: "<your_own_value>"
keyindex: "1"
l3_roaming: "enable"
l3_roaming_mode: "direct"
ldpc: "disable"
local_authentication: "enable"
local_bridging: "enable"
local_lan: "allow"
local_standalone: "enable"
local_standalone_dns: "enable"
local_standalone_dns_ip: "<your_own_value>"
local_standalone_nat: "enable"
mac_auth_bypass: "enable"
mac_called_station_delimiter: "hyphen"
mac_calling_station_delimiter: "hyphen"
mac_case: "uppercase"
mac_filter: "enable"
mac_filter_list:
-
id: "82"
mac: "<your_own_value>"
mac_filter_policy: "allow"
mac_filter_policy_other: "allow"
mac_password_delimiter: "hyphen"
mac_username_delimiter: "hyphen"
max_clients: "0"
max_clients_ap: "0"
mbo: "disable"
mbo_cell_data_conn_pref: "excluded"
me_disable_thresh: "32"
mesh_backhaul: "enable"
mpsk: "enable"
mpsk_concurrent_clients: "32767"
mpsk_key:
-
comment: "Comment."
concurrent_clients: "<your_own_value>"
key_name: "<your_own_value>"
mpsk_schedules:
-
name: "default_name_101 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
passphrase: "<your_own_value>"
mpsk_profile: "<your_own_value> (source wireless-controller.mpsk-profile.name)"
mu_mimo: "enable"
multicast_enhance: "enable"
multicast_rate: "0"
nac: "enable"
nac_profile: "<your_own_value> (source wireless-controller.nac-profile.name)"
name: "default_name_109"
neighbor_report_dual_band: "disable"
okc: "disable"
osen: "enable"
owe_groups: "19"
owe_transition: "disable"
owe_transition_ssid: "<your_own_value>"
passphrase: "<your_own_value>"
pmf: "disable"
pmf_assoc_comeback_timeout: "1"
pmf_sa_query_retry_timeout: "2"
port_macauth: "disable"
port_macauth_reauth_timeout: "7200"
port_macauth_timeout: "600"
portal_message_override_group: "<your_own_value> (source system.replacemsg-group.name)"
portal_message_overrides:
auth_disclaimer_page: "<your_own_value>"
auth_login_failed_page: "<your_own_value>"
auth_login_page: "<your_own_value>"
auth_reject_page: "<your_own_value>"
portal_type: "auth"
primary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
probe_resp_suppression: "enable"
probe_resp_threshold: "<your_own_value>"
ptk_rekey: "enable"
ptk_rekey_intv: "86400"
qos_profile: "<your_own_value> (source wireless-controller.qos-profile.name)"
quarantine: "enable"
radio_2g_threshold: "<your_own_value>"
radio_5g_threshold: "<your_own_value>"
radio_sensitivity: "enable"
radius_mac_auth: "enable"
radius_mac_auth_block_interval: "0"
radius_mac_auth_server: "<your_own_value> (source user.radius.name)"
radius_mac_auth_usergroups:
-
name: "default_name_144"
radius_mac_mpsk_auth: "enable"
radius_mac_mpsk_timeout: "86400"
radius_server: "<your_own_value> (source user.radius.name)"
rates_11a: "1"
rates_11ac_mcs_map: "<your_own_value>"
rates_11ac_ss12: "mcs0/1"
rates_11ac_ss34: "mcs0/3"
rates_11ax_mcs_map: "<your_own_value>"
rates_11ax_ss12: "mcs0/1"
rates_11ax_ss34: "mcs0/3"
rates_11bg: "1"
rates_11n_ss12: "mcs0/1"
rates_11n_ss34: "mcs16/3"
roaming_acct_interim_update: "enable"
sae_groups: "19"
sae_h2e_only: "enable"
sae_hnp_only: "enable"
sae_password: "<your_own_value>"
sae_pk: "enable"
sae_private_key: "<your_own_value>"
scan_botnet_connections: "disable"
schedule:
-
name: "default_name_167 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
secondary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
security: "open"
security_exempt_list: "<your_own_value> (source user.security-exempt-list.name)"
security_obsolete_option: "enable"
security_redirect_url: "<your_own_value>"
selected_usergroups:
-
name: "default_name_174 (source user.group.name)"
set_80211k: "disable"
set_80211v: "disable"
split_tunneling: "enable"
ssid: "<your_own_value>"
sticky_client_remove: "enable"
sticky_client_threshold_2g: "<your_own_value>"
sticky_client_threshold_5g: "<your_own_value>"
sticky_client_threshold_6g: "<your_own_value>"
target_wake_time: "enable"
tkip_counter_measure: "enable"
tunnel_echo_interval: "300"
tunnel_fallback_interval: "7200"
usergroup:
-
name: "default_name_188 (source user.group.name)"
utm_log: "enable"
utm_profile: "<your_own_value> (source wireless-controller.utm-profile.name)"
utm_status: "enable"
vdom: "<your_own_value> (source system.vdom.name)"
vlan_auto: "enable"
vlan_name:
-
name: "default_name_195"
vlan_id: "<your_own_value>"
vlan_pool:
-
id: "198"
wtp_group: "<your_own_value> (source wireless-controller.wtp-group.name)"
vlan_pooling: "wtp-group"
vlanid: "0"
voice_enterprise: "disable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
wireless_controller_vap:
default: null
description:
- Configure Virtual Access Points (VAPs).
suboptions:
access_control_list:
description:
- Profile name for access-control-list. Source wireless-controller.access-control-list.name.
type: str
acct_interim_interval:
description:
- WiFi RADIUS accounting interim interval (60 - 86400 sec).
type: int
additional_akms:
choices:
- akm6
description:
- Additional AKMs.
elements: str
type: list
address_group:
description:
- Firewall Address Group Name. Source firewall.addrgrp.name.
type: str
address_group_policy:
choices:
- disable
- allow
- deny
description:
- Configure MAC address filtering policy for MAC addresses that are in the address-group.
type: str
alias:
description:
- Alias.
type: str
antivirus_profile:
description:
- AntiVirus profile name. Source antivirus.profile.name.
type: str
application_detection_engine:
choices:
- enable
- disable
description:
- Enable/disable application detection engine .
type: str
application_dscp_marking:
choices:
- enable
- disable
description:
- Enable/disable application attribute based DSCP marking .
type: str
application_list:
description:
- Application control list name. Source application.list.name.
type: str
application_report_intv:
description:
- Application report interval (30 - 864000 sec).
type: int
atf_weight:
description:
- Airtime weight in percentage .
type: int
auth:
choices:
- radius
- usergroup
- psk
description:
- Authentication protocol.
type: str
auth_cert:
description:
- HTTPS server certificate. Source vpn.certificate.local.name.
type: str
auth_portal_addr:
description:
- Address of captive portal.
type: str
beacon_advertising:
choices:
- name
- model
- serial-number
description:
- Fortinet beacon advertising IE data .
elements: str
type: list
broadcast_ssid:
choices:
- enable
- disable
description:
- Enable/disable broadcasting the SSID .
type: str
broadcast_suppression:
choices:
- dhcp-up
- dhcp-down
- dhcp-starvation
- dhcp-ucast
- arp-known
- arp-unknown
- arp-reply
- arp-poison
- arp-proxy
- netbios-ns
- netbios-ds
- ipv6
- all-other-mc
- all-other-bc
description:
- Optional suppression of broadcast messages. For example, you can keep DHCP messages,
ARP broadcasts, and so on off of the wireless network.
elements: str
type: list
bss_color_partial:
choices:
- enable
- disable
description:
- Enable/disable 802.11ax partial BSS color .
type: str
bstm_disassociation_imminent:
choices:
- enable
- disable
description:
- Enable/disable forcing of disassociation after the BSTM request timer has been
reached .
type: str
bstm_load_balancing_disassoc_timer:
description:
- Time interval for client to voluntarily leave AP before forcing a disassociation
due to AP load-balancing (0 to 30).
type: int
bstm_rssi_disassoc_timer:
description:
- Time interval for client to voluntarily leave AP before forcing a disassociation
due to low RSSI (0 to 2000).
type: int
captive_portal_ac_name:
description:
- Local-bridging captive portal ac-name.
type: str
captive_portal_auth_timeout:
description:
- Hard timeout - AP will always clear the session after timeout regardless of
traffic (0 - 864000 sec).
type: int
captive_portal_fw_accounting:
choices:
- enable
- disable
description:
- Enable/disable RADIUS accounting for captive portal firewall authentication
session.
type: str
captive_portal_macauth_radius_secret:
description:
- Secret key to access the macauth RADIUS server.
type: str
captive_portal_macauth_radius_server:
description:
- Captive portal external RADIUS server domain name or IP address.
type: str
captive_portal_radius_secret:
description:
- Secret key to access the RADIUS server.
type: str
captive_portal_radius_server:
description:
- Captive portal RADIUS server domain name or IP address.
type: str
captive_portal_session_timeout_interval:
description:
- Session timeout interval (0 - 864000 sec).
type: int
dhcp_address_enforcement:
choices:
- enable
- disable
description:
- Enable/disable DHCP address enforcement .
type: str
dhcp_lease_time:
description:
- DHCP lease time in seconds for NAT IP address.
type: int
dhcp_option43_insertion:
choices:
- enable
- disable
description:
- Enable/disable insertion of DHCP option 43 .
type: str
dhcp_option82_circuit_id_insertion:
choices:
- style-1
- style-2
- style-3
- disable
description:
- Enable/disable DHCP option 82 circuit-id insert .
type: str
dhcp_option82_insertion:
choices:
- enable
- disable
description:
- Enable/disable DHCP option 82 insert .
type: str
dhcp_option82_remote_id_insertion:
choices:
- style-1
- disable
description:
- Enable/disable DHCP option 82 remote-id insert .
type: str
dynamic_vlan:
choices:
- enable
- disable
description:
- Enable/disable dynamic VLAN assignment.
type: str
eap_reauth:
choices:
- enable
- disable
description:
- Enable/disable EAP re-authentication for WPA-Enterprise security.
type: str
eap_reauth_intv:
description:
- EAP re-authentication interval (1800 - 864000 sec).
type: int
eapol_key_retries:
choices:
- disable
- enable
description:
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message
1/2) .
type: str
encrypt:
choices:
- TKIP
- AES
- TKIP-AES
description:
- Encryption protocol to use (only available when security is set to a WPA type).
type: str
external_fast_roaming:
choices:
- enable
- disable
description:
- Enable/disable fast roaming or pre-authentication with external APs not managed
by the FortiGate .
type: str
external_logout:
description:
- URL of external authentication logout server.
type: str
external_web:
description:
- URL of external authentication web server.
type: str
external_web_format:
choices:
- auto-detect
- no-query-string
- partial-query-string
description:
- URL query parameter detection .
type: str
fast_bss_transition:
choices:
- disable
- enable
description:
- Enable/disable 802.11r Fast BSS Transition (FT) .
type: str
fast_roaming:
choices:
- enable
- disable
description:
- Enable/disable fast-roaming, or pre-authentication, where supported by clients
.
type: str
ft_mobility_domain:
description:
- Mobility domain identifier in FT (1 - 65535).
type: int
ft_over_ds:
choices:
- disable
- enable
description:
- Enable/disable FT over the Distribution System (DS).
type: str
ft_r0_key_lifetime:
description:
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
type: int
gas_comeback_delay:
description:
- GAS comeback delay (0 or 100 - 10000 milliseconds).
type: int
gas_fragmentation_limit:
description:
- GAS fragmentation limit (512 - 4096).
type: int
gtk_rekey:
choices:
- enable
- disable
description:
- Enable/disable GTK rekey for WPA security.
type: str
gtk_rekey_intv:
description:
- GTK rekey interval (1800 - 864000 sec).
type: int
high_efficiency:
choices:
- enable
- disable
description:
- Enable/disable 802.11ax high efficiency .
type: str
hotspot20_profile:
description:
- Hotspot 2.0 profile name. Source wireless-controller.hotspot20.hs-profile.name.
type: str
igmp_snooping:
choices:
- enable
- disable
description:
- Enable/disable IGMP snooping.
type: str
intra_vap_privacy:
choices:
- enable
- disable
description:
- Enable/disable blocking communication between clients on the same SSID (called
intra-SSID privacy) .
type: str
ip:
description:
- IP address and subnet mask for the local standalone NAT subnet.
type: str
ips_sensor:
description:
- IPS sensor name. Source ips.sensor.name.
type: str
ipv6_rules:
choices:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
description:
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off
of the wireless network.
elements: str
type: list
key:
description:
- WEP Key.
type: str
keyindex:
description:
- WEP key index (1 - 4).
type: int
l3_roaming:
choices:
- enable
- disable
description:
- Enable/disable layer 3 roaming .
type: str
l3_roaming_mode:
choices:
- direct
- indirect
description:
- Select the way that layer 3 roaming traffic is passed .
type: str
ldpc:
choices:
- disable
- rx
- tx
- rxtx
description:
- VAP low-density parity-check (LDPC) coding configuration.
type: str
local_authentication:
choices:
- enable
- disable
description:
- Enable/disable AP local authentication.
type: str
local_bridging:
choices:
- enable
- disable
description:
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP .
type: str
local_lan:
choices:
- allow
- deny
description:
- Allow/deny traffic destined for a Class A, B, or C private IP address .
type: str
local_standalone:
choices:
- enable
- disable
description:
- Enable/disable AP local standalone .
type: str
local_standalone_dns:
choices:
- enable
- disable
description:
- Enable/disable AP local standalone DNS.
type: str
local_standalone_dns_ip:
description:
- IPv4 addresses for the local standalone DNS.
elements: str
type: list
local_standalone_nat:
choices:
- enable
- disable
description:
- Enable/disable AP local standalone NAT mode.
type: str
mac_auth_bypass:
choices:
- enable
- disable
description:
- Enable/disable MAC authentication bypass.
type: str
mac_called_station_delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description:
- MAC called station delimiter .
type: str
mac_calling_station_delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description:
- MAC calling station delimiter .
type: str
mac_case:
choices:
- uppercase
- lowercase
description:
- MAC case .
type: str
mac_filter:
choices:
- enable
- disable
description:
- Enable/disable MAC filtering to block wireless clients by mac address.
type: str
mac_filter_list:
description:
- Create a list of MAC addresses for MAC address filtering.
elements: dict
suboptions:
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
mac:
description:
- MAC address.
type: str
mac_filter_policy:
choices:
- allow
- deny
description:
- Deny or allow the client with this MAC address.
type: str
type: list
mac_filter_policy_other:
choices:
- allow
- deny
description:
- Allow or block clients with MAC addresses that are not in the filter list.
type: str
mac_password_delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description:
- MAC authentication password delimiter .
type: str
mac_username_delimiter:
choices:
- hyphen
- single-hyphen
- colon
- none
description:
- MAC authentication username delimiter .
type: str
max_clients:
description:
- Maximum number of clients that can connect simultaneously to the VAP .
type: int
max_clients_ap:
description:
- Maximum number of clients that can connect simultaneously to the VAP per AP
radio .
type: int
mbo:
choices:
- disable
- enable
description:
- Enable/disable Multiband Operation .
type: str
mbo_cell_data_conn_pref:
choices:
- excluded
- prefer-not
- prefer-use
description:
- MBO cell data connection preference (0, 1, or 255).
type: str
me_disable_thresh:
description:
- Disable multicast enhancement when this many clients are receiving multicast
traffic.
type: int
mesh_backhaul:
choices:
- enable
- disable
description:
- Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available
when security is set to a WPA type or open.
type: str
mpsk:
choices:
- enable
- disable
description:
- Enable/disable multiple PSK authentication.
type: str
mpsk_concurrent_clients:
description:
- Maximum number of concurrent clients that connect using the same passphrase
in multiple PSK authentication (0 - 65535).
type: int
mpsk_key:
description:
- List of multiple PSK entries.
elements: dict
suboptions:
comment:
description:
- Comment.
type: str
concurrent_clients:
description:
- Number of clients that can connect using this pre-shared key.
type: str
key_name:
description:
- Pre-shared key name.
required: true
type: str
mpsk_schedules:
description:
- Firewall schedule for MPSK passphrase. The passphrase will be effective
only when at least one schedule is valid.
elements: dict
suboptions:
name:
description:
- Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name
firewall.schedule.onetime.name.
required: true
type: str
type: list
passphrase:
description:
- WPA Pre-shared key.
type: str
type: list
mpsk_profile:
description:
- MPSK profile name. Source wireless-controller.mpsk-profile.name.
type: str
mu_mimo:
choices:
- enable
- disable
description:
- Enable/disable Multi-user MIMO .
type: str
multicast_enhance:
choices:
- enable
- disable
description:
- Enable/disable converting multicast to unicast to improve performance .
type: str
multicast_rate:
choices:
- '0'
- '6000'
- '12000'
- '24000'
description:
- Multicast rate (0, 6000, 12000, or 24000 kbps).
type: str
nac:
choices:
- enable
- disable
description:
- Enable/disable network access control.
type: str
nac_profile:
description:
- NAC profile name. Source wireless-controller.nac-profile.name.
type: str
name:
description:
- Virtual AP name.
required: true
type: str
neighbor_report_dual_band:
choices:
- disable
- enable
description:
- Enable/disable dual-band neighbor report .
type: str
okc:
choices:
- disable
- enable
description:
- Enable/disable Opportunistic Key Caching (OKC) .
type: str
osen:
choices:
- enable
- disable
description:
- Enable/disable OSEN as part of key management .
type: str
owe_groups:
choices:
- '19'
- '20'
- '21'
description:
- OWE-Groups.
elements: str
type: list
owe_transition:
choices:
- disable
- enable
description:
- Enable/disable OWE transition mode support.
type: str
owe_transition_ssid:
description:
- OWE transition mode peer SSID.
type: str
passphrase:
description:
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
type: str
pmf:
choices:
- disable
- enable
- optional
description:
- Protected Management Frames (PMF) support .
type: str
pmf_assoc_comeback_timeout:
description:
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
type: int
pmf_sa_query_retry_timeout:
description:
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s
of msec).
type: int
port_macauth:
choices:
- disable
- radius
- address-group
description:
- Enable/disable LAN port MAC authentication .
type: str
port_macauth_reauth_timeout:
description:
- LAN port MAC authentication re-authentication timeout value .
type: int
port_macauth_timeout:
description:
- LAN port MAC authentication idle timeout value .
type: int
portal_message_override_group:
description:
- Replacement message group for this VAP (only available when security is set
to a captive portal type). Source system.replacemsg-group .name.
type: str
portal_message_overrides:
description:
- Individual message overrides.
suboptions:
auth_disclaimer_page:
description:
- Override auth-disclaimer-page message with message from portal-message-overrides
group.
type: str
auth_login_failed_page:
description:
- Override auth-login-failed-page message with message from portal-message-overrides
group.
type: str
auth_login_page:
description:
- Override auth-login-page message with message from portal-message-overrides
group.
type: str
auth_reject_page:
description:
- Override auth-reject-page message with message from portal-message-overrides
group.
type: str
type: dict
portal_type:
choices:
- auth
- auth+disclaimer
- disclaimer
- email-collect
- cmcc
- cmcc-macauth
- auth-mac
- external-auth
- external-macauth
description:
- Captive portal functionality. Configure how the captive portal authenticates
users and whether it includes a disclaimer.
type: str
primary_wag_profile:
description:
- Primary wireless access gateway profile name. Source wireless-controller.wag-profile.name.
type: str
probe_resp_suppression:
choices:
- enable
- disable
description:
- Enable/disable probe response suppression (to ignore weak signals) .
type: str
probe_resp_threshold:
description:
- Minimum signal level/threshold in dBm required for the AP response to probe
requests (-95 to -20).
type: str
ptk_rekey:
choices:
- enable
- disable
description:
- Enable/disable PTK rekey for WPA-Enterprise security.
type: str
ptk_rekey_intv:
description:
- PTK rekey interval (1800 - 864000 sec).
type: int
qos_profile:
description:
- Quality of service profile name. Source wireless-controller.qos-profile.name.
type: str
quarantine:
choices:
- enable
- disable
description:
- Enable/disable station quarantine .
type: str
radio_2g_threshold:
description:
- Minimum signal level/threshold in dBm required for the AP response to receive
a packet in 2.4G band (-95 to -20).
type: str
radio_5g_threshold:
description:
- Minimum signal level/threshold in dBm required for the AP response to receive
a packet in 5G band(-95 to -20).
type: str
radio_sensitivity:
choices:
- enable
- disable
description:
- Enable/disable software radio sensitivity (to ignore weak signals) .
type: str
radius_mac_auth:
choices:
- enable
- disable
description:
- Enable/disable RADIUS-based MAC authentication of clients .
type: str
radius_mac_auth_block_interval:
description:
- Don"t send RADIUS MAC auth request again if the client has been rejected within
specific interval (0 or 30 - 864000 seconds).
type: int
radius_mac_auth_server:
description:
- RADIUS-based MAC authentication server. Source user.radius.name.
type: str
radius_mac_auth_usergroups:
description:
- Selective user groups that are permitted for RADIUS mac authentication.
elements: dict
suboptions:
name:
description:
- User group name.
required: true
type: str
type: list
radius_mac_mpsk_auth:
choices:
- enable
- disable
description:
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication
.
type: str
radius_mac_mpsk_timeout:
description:
- RADIUS MAC MPSK cache timeout interval (0 or 300 - 864000).
type: int
radius_server:
description:
- RADIUS server to be used to authenticate WiFi users. Source user.radius.name.
type: str
rates_11a:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '11'
- 11-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
description:
- Allowed data rates for 802.11a.
elements: str
type: list
rates_11ac_mcs_map:
description:
- Comma separated list of max supported VHT MCS for spatial streams 1 through
8.
type: str
rates_11ac_ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
description:
- Allowed data rates for 802.11ac with 1 or 2 spatial streams.
elements: str
type: list
rates_11ac_ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
description:
- Allowed data rates for 802.11ac with 3 or 4 spatial streams.
elements: str
type: list
rates_11ax_mcs_map:
description:
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
type: str
rates_11ax_ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
description:
- Allowed data rates for 802.11ax with 1 or 2 spatial streams.
elements: str
type: list
rates_11ax_ss34:
choices:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
description:
- Allowed data rates for 802.11ax with 3 or 4 spatial streams.
elements: str
type: list
rates_11bg:
choices:
- '1'
- 1-basic
- '2'
- 2-basic
- '5.5'
- 5.5-basic
- '11'
- 11-basic
- '6'
- 6-basic
- '9'
- 9-basic
- '12'
- 12-basic
- '18'
- 18-basic
- '24'
- 24-basic
- '36'
- 36-basic
- '48'
- 48-basic
- '54'
- 54-basic
description:
- Allowed data rates for 802.11b/g.
elements: str
type: list
rates_11n_ss12:
choices:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
description:
- Allowed data rates for 802.11n with 1 or 2 spatial streams.
elements: str
type: list
rates_11n_ss34:
choices:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
description:
- Allowed data rates for 802.11n with 3 or 4 spatial streams.
elements: str
type: list
roaming_acct_interim_update:
choices:
- enable
- disable
description:
- Enable/disable using accounting interim update instead of accounting start/stop
on roaming for WPA-Enterprise security.
type: str
sae_groups:
choices:
- '19'
- '20'
- '21'
- '1'
- '2'
- '5'
- '14'
- '15'
- '16'
- '17'
- '18'
- '27'
- '28'
- '29'
- '30'
- '31'
description:
- SAE-Groups.
elements: str
type: list
sae_h2e_only:
choices:
- enable
- disable
description:
- Use hash-to-element-only mechanism for PWE derivation .
type: str
sae_hnp_only:
choices:
- enable
- disable
description:
- Use hunting-and-pecking-only mechanism for PWE derivation .
type: str
sae_password:
description:
- WPA3 SAE password to be used to authenticate WiFi users.
type: str
sae_pk:
choices:
- enable
- disable
description:
- Enable/disable WPA3 SAE-PK .
type: str
sae_private_key:
description:
- Private key used for WPA3 SAE-PK authentication.
type: str
scan_botnet_connections:
choices:
- disable
- monitor
- block
description:
- Block or monitor connections to Botnet servers or disable Botnet scanning.
type: str
schedule:
description:
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled
when at least one of the schedules is valid. Separate multiple schedule names
with a space.
elements: dict
suboptions:
name:
description:
- Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name
firewall.schedule.onetime.name.
required: true
type: str
type: list
secondary_wag_profile:
description:
- Secondary wireless access gateway profile name. Source wireless-controller.wag-profile.name.
type: str
security:
choices:
- open
- captive-portal
- wep64
- wep128
- wpa-personal
- wpa-personal+captive-portal
- wpa-enterprise
- wpa-only-personal
- wpa-only-personal+captive-portal
- wpa-only-enterprise
- wpa2-only-personal
- wpa2-only-personal+captive-portal
- wpa2-only-enterprise
- wpa3-enterprise
- wpa3-only-enterprise
- wpa3-enterprise-transition
- wpa3-sae
- wpa3-sae-transition
- owe
- osen
description:
- Security mode for the wireless interface .
type: str
security_exempt_list:
description:
- Optional security exempt list for captive portal authentication. Source user.security-exempt-list.name.
type: str
security_obsolete_option:
choices:
- enable
- disable
description:
- Enable/disable obsolete security options.
type: str
security_redirect_url:
description:
- Optional URL for redirecting users after they pass captive portal authentication.
type: str
selected_usergroups:
description:
- Selective user groups that are permitted to authenticate.
elements: dict
suboptions:
name:
description:
- User group name. Source user.group.name.
required: true
type: str
type: list
set_80211k:
choices:
- disable
- enable
description:
- Enable/disable 802.11k assisted roaming .
type: str
set_80211v:
choices:
- disable
- enable
description:
- Enable/disable 802.11v assisted roaming .
type: str
split_tunneling:
choices:
- enable
- disable
description:
- Enable/disable split tunneling .
type: str
ssid:
description:
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users
who wish to use the wireless network must configure their computers to access
this SSID name.
type: str
sticky_client_remove:
choices:
- enable
- disable
description:
- Enable/disable sticky client remove to maintain good signal level clients in
SSID .
type: str
sticky_client_threshold_2g:
description:
- Minimum signal level/threshold in dBm required for the 2G client to be serviced
by the AP (-95 to -20).
type: str
sticky_client_threshold_5g:
description:
- Minimum signal level/threshold in dBm required for the 5G client to be serviced
by the AP (-95 to -20).
type: str
sticky_client_threshold_6g:
description:
- Minimum signal level/threshold in dBm required for the 6G client to be serviced
by the AP (-95 to -20).
type: str
target_wake_time:
choices:
- enable
- disable
description:
- Enable/disable 802.11ax target wake time .
type: str
tkip_counter_measure:
choices:
- enable
- disable
description:
- Enable/disable TKIP counter measure.
type: str
tunnel_echo_interval:
description:
- The time interval to send echo to both primary and secondary tunnel peers (1
- 65535 sec).
type: int
tunnel_fallback_interval:
description:
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535
sec).
type: int
usergroup:
description:
- Firewall user group to be used to authenticate WiFi users.
elements: dict
suboptions:
name:
description:
- User group name. Source user.group.name.
required: true
type: str
type: list
utm_log:
choices:
- enable
- disable
description:
- Enable/disable UTM logging.
type: str
utm_profile:
description:
- UTM profile name. Source wireless-controller.utm-profile.name.
type: str
utm_status:
choices:
- enable
- disable
description:
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP.
type: str
vdom:
description:
- Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name.
type: str
vlan_auto:
choices:
- enable
- disable
description:
- Enable/disable automatic management of SSID VLAN interface.
type: str
vlan_name:
description:
- Table for mapping VLAN name to VLAN ID.
elements: dict
suboptions:
name:
description:
- VLAN name.
required: true
type: str
vlan_id:
description:
- VLAN IDs (maximum 8 VLAN IDs).
elements: int
type: list
type: list
vlan_pool:
description:
- VLAN pool.
elements: dict
suboptions:
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
wtp_group:
description:
- WTP group name. Source wireless-controller.wtp-group.name.
type: str
type: list
vlan_pooling:
choices:
- wtp-group
- round-robin
- hash
- disable
description:
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller
VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN
assignment by wtp-group.
type: str
vlanid:
description:
- Optional VLAN ID.
type: int
voice_enterprise:
choices:
- disable
- enable
description:
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming .
type: str
webfilter_profile:
description:
- WebFilter profile name. Source webfilter.profile.name.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str