fortinet / fortinet.fortios / 2.3.6 / module / fortios_wireless_controller_wtp_profile Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_wireless_controller_wtp_profile (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. fortinet.fortios.fortios_wireless_controller_wtp_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" wireless_controller_wtp_profile: allowaccess: "https" ap_country: "--" ap_handoff: "enable" apcfg_profile: "<your_own_value> (source wireless-controller.apcfg-profile.name)" ble_profile: "<your_own_value> (source wireless-controller.ble-profile.name)" bonjour_profile: "<your_own_value> (source wireless-controller.bonjour-profile.name)" comment: "Comment." console_login: "enable" control_message_offload: "ebp-frame" deny_mac_list: - id: "13" mac: "<your_own_value>" dtls_in_kernel: "enable" dtls_policy: "clear-text" energy_efficient_ethernet: "enable" esl_ses_dongle: apc_addr_type: "fqdn" apc_fqdn: "<your_own_value>" apc_ip: "<your_own_value>" apc_port: "0" coex_level: "none" compliance_level: "compliance-level-2" esl_channel: "-1" output_power: "a" scd_enable: "enable" tls_cert_verification: "enable" tls_fqdn_verification: "enable" ext_info_enable: "enable" frequency_handoff: "enable" handoff_roaming: "enable" handoff_rssi: "25" handoff_sta_thresh: "0" indoor_outdoor_deployment: "platform-determined" ip_fragment_preventing: "tcp-mss-adjust" lan: port_esl_mode: "offline" port_esl_ssid: "<your_own_value> (source system.interface.name)" port_mode: "offline" port_ssid: "<your_own_value> (source system.interface.name)" port1_mode: "offline" port1_ssid: "<your_own_value> (source system.interface.name)" port2_mode: "offline" port2_ssid: "<your_own_value> (source system.interface.name)" port3_mode: "offline" port3_ssid: "<your_own_value> (source system.interface.name)" port4_mode: "offline" port4_ssid: "<your_own_value> (source system.interface.name)" port5_mode: "offline" port5_ssid: "<your_own_value> (source system.interface.name)" port6_mode: "offline" port6_ssid: "<your_own_value> (source system.interface.name)" port7_mode: "offline" port7_ssid: "<your_own_value> (source system.interface.name)" port8_mode: "offline" port8_ssid: "<your_own_value> (source system.interface.name)" lbs: aeroscout: "enable" aeroscout_ap_mac: "bssid" aeroscout_mmu_report: "enable" aeroscout_mu: "enable" aeroscout_mu_factor: "20" aeroscout_mu_timeout: "5" aeroscout_server_ip: "<your_own_value>" aeroscout_server_port: "0" ekahau_blink_mode: "enable" ekahau_tag: "<your_own_value>" erc_server_ip: "<your_own_value>" erc_server_port: "8569" fortipresence: "foreign" fortipresence_ble: "enable" fortipresence_frequency: "30" fortipresence_port: "3000" fortipresence_project: "<your_own_value>" fortipresence_rogue: "enable" fortipresence_secret: "<your_own_value>" fortipresence_server: "<your_own_value>" fortipresence_server_addr_type: "ipv4" fortipresence_server_fqdn: "<your_own_value>" fortipresence_unassoc: "enable" polestar: "enable" polestar_accumulation_interval: "2" polestar_asset_addrgrp_list: "<your_own_value> (source firewall.addrgrp.name)" polestar_asset_uuid_list1: "<your_own_value>" polestar_asset_uuid_list2: "<your_own_value>" polestar_asset_uuid_list3: "<your_own_value>" polestar_asset_uuid_list4: "<your_own_value>" polestar_protocol: "WSS" polestar_reporting_interval: "2" polestar_server_fqdn: "<your_own_value>" polestar_server_path: "<your_own_value>" polestar_server_port: "443" polestar_server_token: "<your_own_value>" station_locate: "enable" led_schedules: - name: "default_name_97 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" led_state: "enable" lldp: "enable" login_passwd: "<your_own_value>" login_passwd_change: "yes" max_clients: "0" name: "default_name_103" platform: ddscan: "enable" mode: "single-5G" type: "AP-11N" poe_mode: "auto" radio_1: airtime_fairness: "enable" amsdu: "enable" ap_handoff: "enable" ap_sniffer_addr: "<your_own_value>" ap_sniffer_bufsize: "16" ap_sniffer_chan: "36" ap_sniffer_ctl: "enable" ap_sniffer_data: "enable" ap_sniffer_mgmt_beacon: "enable" ap_sniffer_mgmt_other: "enable" ap_sniffer_mgmt_probe: "enable" arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)" auto_power_high: "17" auto_power_level: "enable" auto_power_low: "10" auto_power_target: "<your_own_value>" band: "802.11a" band_5g_type: "5g-full" bandwidth_admission_control: "enable" bandwidth_capacity: "2000" beacon_interval: "100" bss_color: "0" bss_color_mode: "auto" call_admission_control: "enable" call_capacity: "10" channel: - chan: "<your_own_value>" channel_bonding: "160MHz" channel_utilization: "enable" coexistence: "enable" darrp: "enable" drma: "disable" drma_sensitivity: "low" dtim: "1" frag_threshold: "2346" frequency_handoff: "enable" iperf_protocol: "udp" iperf_server_port: "5001" max_clients: "0" max_distance: "0" mimo_mode: "default" mode: "disabled" optional_antenna: "none" optional_antenna_gain: "<your_own_value>" power_level: "100" power_mode: "dBm" power_value: "27" powersave_optimize: "tim" protection_mode: "rtscts" radio_id: "2" rts_threshold: "2346" sam_bssid: "<your_own_value>" sam_ca_certificate: "<your_own_value>" sam_captive_portal: "enable" sam_client_certificate: "<your_own_value>" sam_cwp_failure_string: "<your_own_value>" sam_cwp_match_string: "<your_own_value>" sam_cwp_password: "<your_own_value>" sam_cwp_success_string: "<your_own_value>" sam_cwp_test_url: "<your_own_value>" sam_cwp_username: "<your_own_value>" sam_eap_method: "both" sam_password: "<your_own_value>" sam_private_key: "<your_own_value>" sam_private_key_password: "<your_own_value>" sam_report_intv: "0" sam_security_type: "open" sam_server: "<your_own_value>" sam_server_fqdn: "<your_own_value>" sam_server_ip: "<your_own_value>" sam_server_type: "ip" sam_ssid: "<your_own_value>" sam_test: "ping" sam_username: "<your_own_value>" set_80211d: "enable" short_guard_interval: "enable" spectrum_analysis: "enable" transmit_optimize: "disable" vap_all: "tunnel" vaps: - name: "default_name_190 (source wireless-controller.vap-group.name system.interface.name)" wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)" zero_wait_dfs: "enable" radio_2: airtime_fairness: "enable" amsdu: "enable" ap_handoff: "enable" ap_sniffer_addr: "<your_own_value>" ap_sniffer_bufsize: "16" ap_sniffer_chan: "6" ap_sniffer_ctl: "enable" ap_sniffer_data: "enable" ap_sniffer_mgmt_beacon: "enable" ap_sniffer_mgmt_other: "enable" ap_sniffer_mgmt_probe: "enable" arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)" auto_power_high: "17" auto_power_level: "enable" auto_power_low: "10" auto_power_target: "<your_own_value>" band: "802.11a" band_5g_type: "5g-full" bandwidth_admission_control: "enable" bandwidth_capacity: "2000" beacon_interval: "100" bss_color: "0" bss_color_mode: "auto" call_admission_control: "enable" call_capacity: "10" channel: - chan: "<your_own_value>" channel_bonding: "160MHz" channel_utilization: "enable" coexistence: "enable" darrp: "enable" drma: "disable" drma_sensitivity: "low" dtim: "1" frag_threshold: "2346" frequency_handoff: "enable" iperf_protocol: "udp" iperf_server_port: "5001" max_clients: "0" max_distance: "0" mimo_mode: "default" mode: "disabled" optional_antenna: "none" optional_antenna_gain: "<your_own_value>" power_level: "100" power_mode: "dBm" power_value: "27" powersave_optimize: "tim" protection_mode: "rtscts" radio_id: "2" rts_threshold: "2346" sam_bssid: "<your_own_value>" sam_ca_certificate: "<your_own_value>" sam_captive_portal: "enable" sam_client_certificate: "<your_own_value>" sam_cwp_failure_string: "<your_own_value>" sam_cwp_match_string: "<your_own_value>" sam_cwp_password: "<your_own_value>" sam_cwp_success_string: "<your_own_value>" sam_cwp_test_url: "<your_own_value>" sam_cwp_username: "<your_own_value>" sam_eap_method: "both" sam_password: "<your_own_value>" sam_private_key: "<your_own_value>" sam_private_key_password: "<your_own_value>" sam_report_intv: "0" sam_security_type: "open" sam_server: "<your_own_value>" sam_server_fqdn: "<your_own_value>" sam_server_ip: "<your_own_value>" sam_server_type: "ip" sam_ssid: "<your_own_value>" sam_test: "ping" sam_username: "<your_own_value>" set_80211d: "enable" short_guard_interval: "enable" spectrum_analysis: "enable" transmit_optimize: "disable" vap_all: "tunnel" vaps: - name: "default_name_274 (source wireless-controller.vap-group.name system.interface.name)" wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)" zero_wait_dfs: "enable" radio_3: airtime_fairness: "enable" amsdu: "enable" ap_handoff: "enable" ap_sniffer_addr: "<your_own_value>" ap_sniffer_bufsize: "16" ap_sniffer_chan: "37" ap_sniffer_ctl: "enable" ap_sniffer_data: "enable" ap_sniffer_mgmt_beacon: "enable" ap_sniffer_mgmt_other: "enable" ap_sniffer_mgmt_probe: "enable" arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)" auto_power_high: "17" auto_power_level: "enable" auto_power_low: "10" auto_power_target: "<your_own_value>" band: "802.11a" band_5g_type: "5g-full" bandwidth_admission_control: "enable" bandwidth_capacity: "2000" beacon_interval: "100" bss_color: "0" bss_color_mode: "auto" call_admission_control: "enable" call_capacity: "10" channel: - chan: "<your_own_value>" channel_bonding: "160MHz" channel_utilization: "enable" coexistence: "enable" darrp: "enable" drma: "disable" drma_sensitivity: "low" dtim: "1" frag_threshold: "2346" frequency_handoff: "enable" iperf_protocol: "udp" iperf_server_port: "5001" max_clients: "0" max_distance: "0" mimo_mode: "default" mode: "disabled" optional_antenna: "none" optional_antenna_gain: "<your_own_value>" power_level: "100" power_mode: "dBm" power_value: "27" powersave_optimize: "tim" protection_mode: "rtscts" radio_id: "2" rts_threshold: "2346" sam_bssid: "<your_own_value>" sam_ca_certificate: "<your_own_value>" sam_captive_portal: "enable" sam_client_certificate: "<your_own_value>" sam_cwp_failure_string: "<your_own_value>" sam_cwp_match_string: "<your_own_value>" sam_cwp_password: "<your_own_value>" sam_cwp_success_string: "<your_own_value>" sam_cwp_test_url: "<your_own_value>" sam_cwp_username: "<your_own_value>" sam_eap_method: "both" sam_password: "<your_own_value>" sam_private_key: "<your_own_value>" sam_private_key_password: "<your_own_value>" sam_report_intv: "0" sam_security_type: "open" sam_server: "<your_own_value>" sam_server_fqdn: "<your_own_value>" sam_server_ip: "<your_own_value>" sam_server_type: "ip" sam_ssid: "<your_own_value>" sam_test: "ping" sam_username: "<your_own_value>" set_80211d: "enable" short_guard_interval: "enable" spectrum_analysis: "enable" transmit_optimize: "disable" vap_all: "tunnel" vaps: - name: "default_name_358 (source wireless-controller.vap-group.name system.interface.name)" wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)" zero_wait_dfs: "enable" radio_4: airtime_fairness: "enable" amsdu: "enable" ap_handoff: "enable" ap_sniffer_addr: "<your_own_value>" ap_sniffer_bufsize: "16" ap_sniffer_chan: "6" ap_sniffer_ctl: "enable" ap_sniffer_data: "enable" ap_sniffer_mgmt_beacon: "enable" ap_sniffer_mgmt_other: "enable" ap_sniffer_mgmt_probe: "enable" arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)" auto_power_high: "17" auto_power_level: "enable" auto_power_low: "10" auto_power_target: "<your_own_value>" band: "802.11a" band_5g_type: "5g-full" bandwidth_admission_control: "enable" bandwidth_capacity: "2000" beacon_interval: "100" bss_color: "0" bss_color_mode: "auto" call_admission_control: "enable" call_capacity: "10" channel: - chan: "<your_own_value>" channel_bonding: "160MHz" channel_utilization: "enable" coexistence: "enable" darrp: "enable" drma: "disable" drma_sensitivity: "low" dtim: "1" frag_threshold: "2346" frequency_handoff: "enable" iperf_protocol: "udp" iperf_server_port: "5001" max_clients: "0" max_distance: "0" mimo_mode: "default" mode: "disabled" optional_antenna: "none" optional_antenna_gain: "<your_own_value>" power_level: "100" power_mode: "dBm" power_value: "27" powersave_optimize: "tim" protection_mode: "rtscts" rts_threshold: "2346" sam_bssid: "<your_own_value>" sam_ca_certificate: "<your_own_value>" sam_captive_portal: "enable" sam_client_certificate: "<your_own_value>" sam_cwp_failure_string: "<your_own_value>" sam_cwp_match_string: "<your_own_value>" sam_cwp_password: "<your_own_value>" sam_cwp_success_string: "<your_own_value>" sam_cwp_test_url: "<your_own_value>" sam_cwp_username: "<your_own_value>" sam_eap_method: "both" sam_password: "<your_own_value>" sam_private_key: "<your_own_value>" sam_private_key_password: "<your_own_value>" sam_report_intv: "0" sam_security_type: "open" sam_server: "<your_own_value>" sam_server_fqdn: "<your_own_value>" sam_server_ip: "<your_own_value>" sam_server_type: "ip" sam_ssid: "<your_own_value>" sam_test: "ping" sam_username: "<your_own_value>" set_80211d: "enable" short_guard_interval: "enable" spectrum_analysis: "enable" transmit_optimize: "disable" vap_all: "tunnel" vaps: - name: "default_name_441 (source wireless-controller.vap-group.name system.interface.name)" wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)" zero_wait_dfs: "enable" split_tunneling_acl: - dest_ip: "<your_own_value>" id: "446" split_tunneling_acl_local_ap_subnet: "enable" split_tunneling_acl_path: "tunnel" syslog_profile: "<your_own_value> (source wireless-controller.syslog-profile.name)" tun_mtu_downlink: "0" tun_mtu_uplink: "0" unii_4_5ghz_band: "enable" wan_port_auth: "none" wan_port_auth_macsec: "enable" wan_port_auth_methods: "all" wan_port_auth_password: "<your_own_value>" wan_port_auth_usrname: "<your_own_value>" wan_port_mode: "wan-lan"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str wireless_controller_wtp_profile: default: null description: - Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. suboptions: allowaccess: choices: - https - ssh - snmp - telnet - http description: - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. elements: str type: list ap_country: choices: - -- - AF - AL - DZ - AS - AO - AR - AM - AU - AT - AZ - BS - BH - BD - BB - BY - BE - BZ - BJ - BM - BT - BO - BA - BW - BR - BN - BG - BF - KH - CM - KY - CF - TD - CL - CN - CX - CO - CG - CD - CR - HR - CY - CZ - DK - DJ - DM - DO - EC - EG - SV - ET - EE - GF - PF - FO - FJ - FI - FR - GA - GE - GM - DE - GH - GI - GR - GL - GD - GP - GU - GT - GY - HT - HN - HK - HU - IS - IN - ID - IQ - IE - IM - IL - IT - CI - JM - JO - KZ - KE - KR - KW - LA - LV - LB - LS - LR - LY - LI - LT - LU - MO - MK - MG - MW - MY - MV - ML - MT - MH - MQ - MR - MU - YT - MX - FM - MD - MC - MN - MA - MZ - MM - NA - NP - NL - AN - AW - NZ - NI - NE - NG - 'NO' - MP - OM - PK - PW - PA - PG - PY - PE - PH - PL - PT - PR - QA - RE - RO - RU - RW - BL - KN - LC - MF - PM - VC - SA - SN - RS - ME - SL - SG - SK - SI - SO - ZA - ES - LK - SR - SZ - SE - CH - TW - TZ - TH - TG - TT - TN - TR - TM - AE - TC - UG - UA - GB - US - PS - UY - UZ - VU - VE - VN - VI - WF - YE - ZM - ZW - JP - CA - IR - KP - SD - SY - ZB description: - Country in which this WTP, FortiAP, or AP will operate . type: str ap_handoff: choices: - enable - disable description: - Enable/disable AP handoff of clients to other APs . type: str apcfg_profile: description: - AP local configuration profile name. Source wireless-controller.apcfg-profile.name. type: str ble_profile: description: - Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name. type: str bonjour_profile: description: - Bonjour profile name. Source wireless-controller.bonjour-profile.name. type: str comment: description: - Comment. type: str console_login: choices: - enable - disable description: - Enable/disable FortiAP console login access . type: str control_message_offload: choices: - ebp-frame - aeroscout-tag - ap-list - sta-list - sta-cap-list - stats - aeroscout-mu - sta-health - spectral-analysis description: - Enable/disable CAPWAP control message data channel offload. elements: str type: list deny_mac_list: description: - List of MAC addresses that are denied access to this WTP, FortiAP, or AP. elements: dict suboptions: id: description: - ID. see <a href='#notes'>Notes</a>. required: true type: int mac: description: - A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. type: str type: list dtls_in_kernel: choices: - enable - disable description: - Enable/disable data channel DTLS in kernel. type: str dtls_policy: choices: - clear-text - dtls-enabled - ipsec-vpn - ipsec-sn-vpn description: - WTP data channel DTLS policy . elements: str type: list energy_efficient_ethernet: choices: - enable - disable description: - Enable/disable use of energy efficient Ethernet on WTP. type: str esl_ses_dongle: description: - ESL SES-imagotag dongle configuration. suboptions: apc_addr_type: choices: - fqdn - ip description: - ESL SES-imagotag APC address type . type: str apc_fqdn: description: - FQDN of ESL SES-imagotag Access Point Controller (APC). type: str apc_ip: description: - IP address of ESL SES-imagotag Access Point Controller (APC). type: str apc_port: description: - Port of ESL SES-imagotag Access Point Controller (APC). type: int coex_level: choices: - none description: - ESL SES-imagotag dongle coexistence level . type: str compliance_level: choices: - compliance-level-2 description: - Compliance levels for the ESL solution integration . type: str esl_channel: choices: - '-1' - '0' - '1' - '2' - '3' - '4' - '5' - '6' - '7' - '8' - '9' - '10' - '127' description: - ESL SES-imagotag dongle channel . type: str output_power: choices: - a - b - c - d - e - f - g - h description: - ESL SES-imagotag dongle output power . type: str scd_enable: choices: - enable - disable description: - Enable/disable ESL SES-imagotag Serial Communication Daemon (SCD) . type: str tls_cert_verification: choices: - enable - disable description: - Enable/disable TLS certificate verification . type: str tls_fqdn_verification: choices: - enable - disable description: - Enable/disable TLS certificate verification . type: str type: dict ext_info_enable: choices: - enable - disable description: - Enable/disable station/VAP/radio extension information. type: str frequency_handoff: choices: - enable - disable description: - Enable/disable frequency handoff of clients to other channels . type: str handoff_roaming: choices: - enable - disable description: - Enable/disable client load balancing during roaming to avoid roaming delay . type: str handoff_rssi: description: - Minimum received signal strength indicator (RSSI) value for handoff (20 - 30). type: int handoff_sta_thresh: description: - Threshold value for AP handoff. type: int indoor_outdoor_deployment: choices: - platform-determined - outdoor - indoor description: - Set to allow indoor/outdoor-only channels under regulatory rules . type: str ip_fragment_preventing: choices: - tcp-mss-adjust - icmp-unreachable description: - Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel . elements: str type: list lan: description: - WTP LAN port mapping. suboptions: port1_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 1 mode. type: str port1_ssid: description: - Bridge LAN port 1 to SSID. Source system.interface.name. type: str port2_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 2 mode. type: str port2_ssid: description: - Bridge LAN port 2 to SSID. Source system.interface.name. type: str port3_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 3 mode. type: str port3_ssid: description: - Bridge LAN port 3 to SSID. Source system.interface.name. type: str port4_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 4 mode. type: str port4_ssid: description: - Bridge LAN port 4 to SSID. Source system.interface.name. type: str port5_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 5 mode. type: str port5_ssid: description: - Bridge LAN port 5 to SSID. Source system.interface.name. type: str port6_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 6 mode. type: str port6_ssid: description: - Bridge LAN port 6 to SSID. Source system.interface.name. type: str port7_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 7 mode. type: str port7_ssid: description: - Bridge LAN port 7 to SSID. Source system.interface.name. type: str port8_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port 8 mode. type: str port8_ssid: description: - Bridge LAN port 8 to SSID. Source system.interface.name. type: str port_esl_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - ESL port mode. type: str port_esl_ssid: description: - Bridge ESL port to SSID. Source system.interface.name. type: str port_mode: choices: - offline - nat-to-wan - bridge-to-wan - bridge-to-ssid description: - LAN port mode. type: str port_ssid: description: - Bridge LAN port to SSID. Source system.interface.name. type: str type: dict lbs: description: - Set various location based service (LBS) options. suboptions: aeroscout: choices: - enable - disable description: - Enable/disable AeroScout Real Time Location Service (RTLS) support . type: str aeroscout_ap_mac: choices: - bssid - board-mac description: - Use BSSID or board MAC address as AP MAC address in AeroScout AP messages . type: str aeroscout_mmu_report: choices: - enable - disable description: - Enable/disable compounded AeroScout tag and MU report . type: str aeroscout_mu: choices: - enable - disable description: - Enable/disable AeroScout Mobile Unit (MU) support . type: str aeroscout_mu_factor: description: - AeroScout MU mode dilution factor . type: int aeroscout_mu_timeout: description: - AeroScout MU mode timeout (0 - 65535 sec). type: int aeroscout_server_ip: description: - IP address of AeroScout server. type: str aeroscout_server_port: description: - AeroScout server UDP listening port. type: int ekahau_blink_mode: choices: - enable - disable description: - Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags . type: str ekahau_tag: description: - WiFi frame MAC address or WiFi Tag. type: str erc_server_ip: description: - IP address of Ekahau RTLS Controller (ERC). type: str erc_server_port: description: - Ekahau RTLS Controller (ERC) UDP listening port. type: int fortipresence: choices: - foreign - both - disable description: - Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don"t connect to this WiFi network . type: str fortipresence_ble: choices: - enable - disable description: - Enable/disable FortiPresence finding and reporting BLE devices. type: str fortipresence_frequency: description: - FortiPresence report transmit frequency (5 - 65535 sec). type: int fortipresence_port: description: - UDP listening port of FortiPresence server . type: int fortipresence_project: description: - FortiPresence project name (max. 16 characters). type: str fortipresence_rogue: choices: - enable - disable description: - Enable/disable FortiPresence finding and reporting rogue APs. type: str fortipresence_secret: description: - FortiPresence secret password (max. 16 characters). type: str fortipresence_server: description: - IP address of FortiPresence server. type: str fortipresence_server_addr_type: choices: - ipv4 - fqdn description: - FortiPresence server address type . type: str fortipresence_server_fqdn: description: - FQDN of FortiPresence server. type: str fortipresence_unassoc: choices: - enable - disable description: - Enable/disable FortiPresence finding and reporting unassociated stations. type: str polestar: choices: - enable - disable description: - Enable/disable PoleStar BLE NAO Track Real Time Location Service (RTLS) support . type: str polestar_accumulation_interval: description: - Time that measurements should be accumulated in seconds . type: int polestar_asset_addrgrp_list: description: - Tags and asset addrgrp list to be reported. Source firewall.addrgrp.name. type: str polestar_asset_uuid_list1: description: - Tags and asset UUID list 1 to be reported (string in the format of "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"). type: str polestar_asset_uuid_list2: description: - Tags and asset UUID list 2 to be reported (string in the format of "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"). type: str polestar_asset_uuid_list3: description: - Tags and asset UUID list 3 to be reported (string in the format of "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"). type: str polestar_asset_uuid_list4: description: - Tags and asset UUID list 4 to be reported (string in the format of "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"). type: str polestar_protocol: choices: - WSS description: - Select the protocol to report Measurements, Advertising Data, or Location Data to NAO Cloud. . type: str polestar_reporting_interval: description: - Time between reporting accumulated measurements in seconds . type: int polestar_server_fqdn: description: - FQDN of PoleStar Nao Track Server . type: str polestar_server_path: description: - Path of PoleStar Nao Track Server . type: str polestar_server_port: description: - Port of PoleStar Nao Track Server . type: int polestar_server_token: description: - Access Token of PoleStar Nao Track Server. type: str station_locate: choices: - enable - disable description: - Enable/disable client station locating services for all clients, whether associated or not . type: str type: dict led_schedules: description: - Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space. elements: dict suboptions: name: description: - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. required: true type: str type: list led_state: choices: - enable - disable description: - Enable/disable use of LEDs on WTP . type: str lldp: choices: - enable - disable description: - Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP . type: str login_passwd: description: - Set the managed WTP, FortiAP, or AP"s administrator password. type: str login_passwd_change: choices: - 'yes' - default - 'no' description: - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). type: str max_clients: description: - Maximum number of stations (STAs) supported by the WTP . type: int name: description: - WTP (or FortiAP or AP) profile name. required: true type: str platform: description: - WTP, FortiAP, or AP platform. suboptions: ddscan: choices: - enable - disable description: - Enable/disable use of one radio for dedicated full-band scanning to detect RF characterization and wireless threat management. type: str mode: choices: - single-5G - dual-5G description: - Configure operation mode of 5G radios . type: str type: choices: - AP-11N - C24JE - 421E - 423E - 221E - 222E - 223E - 224E - 231E - 321E - 431F - 431FL - 432F - 432FR - 433F - 433FL - 231F - 231FL - 234F - 23JF - 831F - 231G - 233G - 234G - 431G - 432G - 433G - 241K - 243K - 441K - 443K - U421E - U422EV - U423E - U221EV - U223EV - U24JEV - U321EV - U323EV - U431F - U433F - U231F - U234F - U432F - U231G - 220B - 210B - 222B - 112B - 320B - 11C - 14C - 223B - 28C - 320C - 221C - 25D - 222C - 224D - 214B - 21D - 24D - 112D - 223C - 321C - C220C - C225C - C23JD - S321C - S322C - S323C - S311C - S313C - S321CR - S322CR - S323CR - S421E - S422E - S423E - S221E - S223E - U441G description: - WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile. type: str type: dict poe_mode: choices: - auto - 8023af - 8023at - power-adapter - full - high - low description: - Set the WTP, FortiAP, or AP"s PoE mode. type: str radio_1: description: - Configuration options for radio 1. suboptions: airtime_fairness: choices: - enable - disable description: - Enable/disable airtime fairness . type: str amsdu: choices: - enable - disable description: - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str ap_handoff: choices: - enable - disable description: - Enable/disable AP handoff of clients to other APs . type: str ap_sniffer_addr: description: - MAC address to monitor. type: str ap_sniffer_bufsize: description: - Sniffer buffer size (1 - 32 MB). type: int ap_sniffer_chan: description: - Channel on which to operate the sniffer . type: int ap_sniffer_ctl: choices: - enable - disable description: - Enable/disable sniffer on WiFi control frame . type: str ap_sniffer_data: choices: - enable - disable description: - Enable/disable sniffer on WiFi data frame . type: str ap_sniffer_mgmt_beacon: choices: - enable - disable description: - Enable/disable sniffer on WiFi management Beacon frames . type: str ap_sniffer_mgmt_other: choices: - enable - disable description: - Enable/disable sniffer on WiFi management other frames . type: str ap_sniffer_mgmt_probe: choices: - enable - disable description: - Enable/disable sniffer on WiFi management probe frames . type: str arrp_profile: description: - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str auto_power_high: description: - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_level: choices: - enable - disable description: - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str auto_power_low: description: - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_target: description: - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str band: choices: - 802.11a - 802.11b - 802.11g - 802.11n - 802.11n-5G - 802.11ac - 802.11ax-5G - 802.11ax - 802.11ac-2G - 802.11ax-6G - 802.11n,g-only - 802.11g-only - 802.11n-only - 802.11n-5G-only - 802.11ac,n-only - 802.11ac-only - 802.11ax,ac-only - 802.11ax,ac,n-only - 802.11ax-5G-only - 802.11ax,n-only - 802.11ax,n,g-only - 802.11ax-only description: - WiFi band that Radio 1 operates on. type: str band_5g_type: choices: - 5g-full - 5g-high - 5g-low description: - WiFi 5G band type. type: str bandwidth_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str bandwidth_capacity: description: - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int beacon_interval: description: - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int bss_color: description: - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int bss_color_mode: choices: - auto - static description: - BSS color mode for this 11ax radio . type: str call_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str call_capacity: description: - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int channel: description: - Selected list of wireless radio channels. elements: dict suboptions: chan: description: - Channel number. required: true type: str type: list channel_bonding: choices: - 160MHz - 80MHz - 40MHz - 20MHz description: - 'Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.' type: str channel_utilization: choices: - enable - disable description: - Enable/disable measuring channel utilization. type: str coexistence: choices: - enable - disable description: - Enable/disable allowing both HT20 and HT40 on the same radio . type: str darrp: choices: - enable - disable description: - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str drma: choices: - disable - enable description: - Enable/disable dynamic radio mode assignment (DRMA) . type: str drma_sensitivity: choices: - low - medium - high description: - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str dtim: description: - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int frag_threshold: description: - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int frequency_handoff: choices: - enable - disable description: - Enable/disable frequency handoff of clients to other channels . type: str iperf_protocol: choices: - udp - tcp description: - Iperf test protocol . type: str iperf_server_port: description: - Iperf service port number. type: int max_clients: description: - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int max_distance: description: - Maximum expected distance between the AP and clients (0 - 54000 m). type: int mimo_mode: choices: - default - 1x1 - 2x2 - 3x3 - 4x4 - 8x8 description: - Configure radio MIMO mode . type: str mode: choices: - disabled - ap - monitor - sniffer - sam description: - Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str optional_antenna: choices: - none - custom - FANT-04ABGN-0606-O-N - FANT-04ABGN-1414-P-N - FANT-04ABGN-8065-P-N - FANT-04ABGN-0606-O-R - FANT-04ABGN-0606-P-R - FANT-10ACAX-1213-D-N - FANT-08ABGN-1213-D-R description: - Optional antenna used on FAP . type: str optional_antenna_gain: description: - Optional antenna gain in dBi (0 to 20). type: str power_level: description: - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int power_mode: choices: - dBm - percentage description: - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str power_value: description: - Radio EIRP power in dBm (1 - 33). type: int powersave_optimize: choices: - tim - ac-vo - no-obss-scan - no-11b-rate - client-rate-follow description: - Enable client power-saving features such as TIM, AC VO, and OBSS etc. elements: str type: list protection_mode: choices: - rtscts - ctsonly - disable description: - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str radio_id: description: - radio-id type: int rts_threshold: description: - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int sam_bssid: description: - BSSID for WiFi network. type: str sam_ca_certificate: description: - CA certificate for WPA2/WPA3-ENTERPRISE. type: str sam_captive_portal: choices: - enable - disable description: - Enable/disable Captive Portal Authentication . type: str sam_client_certificate: description: - Client certificate for WPA2/WPA3-ENTERPRISE. type: str sam_cwp_failure_string: description: - Failure identification on the page after an incorrect login. type: str sam_cwp_match_string: description: - Identification string from the captive portal login form. type: str sam_cwp_password: description: - Password for captive portal authentication. type: str sam_cwp_success_string: description: - Success identification on the page after a successful login. type: str sam_cwp_test_url: description: - Website the client is trying to access. type: str sam_cwp_username: description: - Username for captive portal authentication. type: str sam_eap_method: choices: - both - tls - peap description: - Select WPA2/WPA3-ENTERPRISE EAP Method . type: str sam_password: description: - Passphrase for WiFi network connection. type: str sam_private_key: description: - Private key for WPA2/WPA3-ENTERPRISE. type: str sam_private_key_password: description: - Password for private key file for WPA2/WPA3-ENTERPRISE. type: str sam_report_intv: description: - SAM report interval (sec), 0 for a one-time report. type: int sam_security_type: choices: - open - wpa-personal - wpa-enterprise - wpa3-sae - owe description: - Select WiFi network security type . type: str sam_server: description: - SAM test server IP address or domain name. type: str sam_server_fqdn: description: - SAM test server domain name. type: str sam_server_ip: description: - SAM test server IP address. type: str sam_server_type: choices: - ip - fqdn description: - Select SAM server type . type: str sam_ssid: description: - SSID for WiFi network. type: str sam_test: choices: - ping - iperf description: - Select SAM test type . type: str sam_username: description: - Username for WiFi network connection. type: str set_80211d: choices: - enable - disable description: - Enable/disable 802.11d countryie. type: str short_guard_interval: choices: - enable - disable description: - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str spectrum_analysis: choices: - enable - scan-only - disable description: - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str transmit_optimize: choices: - disable - power-save - aggr-limit - retry-limit - send-bar description: - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. elements: str type: list vap_all: choices: - tunnel - bridge - manual - enable - disable description: - Configure method for assigning SSIDs to this FortiAP . type: str vaps: description: - Manually selected list of Virtual Access Points (VAPs). elements: dict suboptions: name: description: - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. required: true type: str type: list wids_profile: description: - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str zero_wait_dfs: choices: - enable - disable description: - Enable/disable zero wait DFS on radio . type: str type: dict radio_2: description: - Configuration options for radio 2. suboptions: airtime_fairness: choices: - enable - disable description: - Enable/disable airtime fairness . type: str amsdu: choices: - enable - disable description: - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str ap_handoff: choices: - enable - disable description: - Enable/disable AP handoff of clients to other APs . type: str ap_sniffer_addr: description: - MAC address to monitor. type: str ap_sniffer_bufsize: description: - Sniffer buffer size (1 - 32 MB). type: int ap_sniffer_chan: description: - Channel on which to operate the sniffer . type: int ap_sniffer_ctl: choices: - enable - disable description: - Enable/disable sniffer on WiFi control frame . type: str ap_sniffer_data: choices: - enable - disable description: - Enable/disable sniffer on WiFi data frame . type: str ap_sniffer_mgmt_beacon: choices: - enable - disable description: - Enable/disable sniffer on WiFi management Beacon frames . type: str ap_sniffer_mgmt_other: choices: - enable - disable description: - Enable/disable sniffer on WiFi management other frames . type: str ap_sniffer_mgmt_probe: choices: - enable - disable description: - Enable/disable sniffer on WiFi management probe frames . type: str arrp_profile: description: - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str auto_power_high: description: - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_level: choices: - enable - disable description: - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str auto_power_low: description: - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_target: description: - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str band: choices: - 802.11a - 802.11b - 802.11g - 802.11n - 802.11n-5G - 802.11ac - 802.11ax-5G - 802.11ax - 802.11ac-2G - 802.11ax-6G - 802.11n,g-only - 802.11g-only - 802.11n-only - 802.11n-5G-only - 802.11ac,n-only - 802.11ac-only - 802.11ax,ac-only - 802.11ax,ac,n-only - 802.11ax-5G-only - 802.11ax,n-only - 802.11ax,n,g-only - 802.11ax-only description: - WiFi band that Radio 2 operates on. type: str band_5g_type: choices: - 5g-full - 5g-high - 5g-low description: - WiFi 5G band type. type: str bandwidth_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str bandwidth_capacity: description: - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int beacon_interval: description: - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int bss_color: description: - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int bss_color_mode: choices: - auto - static description: - BSS color mode for this 11ax radio . type: str call_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str call_capacity: description: - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int channel: description: - Selected list of wireless radio channels. elements: dict suboptions: chan: description: - Channel number. required: true type: str type: list channel_bonding: choices: - 160MHz - 80MHz - 40MHz - 20MHz description: - 'Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.' type: str channel_utilization: choices: - enable - disable description: - Enable/disable measuring channel utilization. type: str coexistence: choices: - enable - disable description: - Enable/disable allowing both HT20 and HT40 on the same radio . type: str darrp: choices: - enable - disable description: - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str drma: choices: - disable - enable description: - Enable/disable dynamic radio mode assignment (DRMA) . type: str drma_sensitivity: choices: - low - medium - high description: - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str dtim: description: - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int frag_threshold: description: - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int frequency_handoff: choices: - enable - disable description: - Enable/disable frequency handoff of clients to other channels . type: str iperf_protocol: choices: - udp - tcp description: - Iperf test protocol . type: str iperf_server_port: description: - Iperf service port number. type: int max_clients: description: - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int max_distance: description: - Maximum expected distance between the AP and clients (0 - 54000 m). type: int mimo_mode: choices: - default - 1x1 - 2x2 - 3x3 - 4x4 - 8x8 description: - Configure radio MIMO mode . type: str mode: choices: - disabled - ap - monitor - sniffer - sam description: - Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str optional_antenna: choices: - none - custom - FANT-04ABGN-0606-O-N - FANT-04ABGN-1414-P-N - FANT-04ABGN-8065-P-N - FANT-04ABGN-0606-O-R - FANT-04ABGN-0606-P-R - FANT-10ACAX-1213-D-N - FANT-08ABGN-1213-D-R description: - Optional antenna used on FAP . type: str optional_antenna_gain: description: - Optional antenna gain in dBi (0 to 20). type: str power_level: description: - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int power_mode: choices: - dBm - percentage description: - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str power_value: description: - Radio EIRP power in dBm (1 - 33). type: int powersave_optimize: choices: - tim - ac-vo - no-obss-scan - no-11b-rate - client-rate-follow description: - Enable client power-saving features such as TIM, AC VO, and OBSS etc. elements: str type: list protection_mode: choices: - rtscts - ctsonly - disable description: - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str radio_id: description: - radio-id type: int rts_threshold: description: - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int sam_bssid: description: - BSSID for WiFi network. type: str sam_ca_certificate: description: - CA certificate for WPA2/WPA3-ENTERPRISE. type: str sam_captive_portal: choices: - enable - disable description: - Enable/disable Captive Portal Authentication . type: str sam_client_certificate: description: - Client certificate for WPA2/WPA3-ENTERPRISE. type: str sam_cwp_failure_string: description: - Failure identification on the page after an incorrect login. type: str sam_cwp_match_string: description: - Identification string from the captive portal login form. type: str sam_cwp_password: description: - Password for captive portal authentication. type: str sam_cwp_success_string: description: - Success identification on the page after a successful login. type: str sam_cwp_test_url: description: - Website the client is trying to access. type: str sam_cwp_username: description: - Username for captive portal authentication. type: str sam_eap_method: choices: - both - tls - peap description: - Select WPA2/WPA3-ENTERPRISE EAP Method . type: str sam_password: description: - Passphrase for WiFi network connection. type: str sam_private_key: description: - Private key for WPA2/WPA3-ENTERPRISE. type: str sam_private_key_password: description: - Password for private key file for WPA2/WPA3-ENTERPRISE. type: str sam_report_intv: description: - SAM report interval (sec), 0 for a one-time report. type: int sam_security_type: choices: - open - wpa-personal - wpa-enterprise - wpa3-sae - owe description: - Select WiFi network security type . type: str sam_server: description: - SAM test server IP address or domain name. type: str sam_server_fqdn: description: - SAM test server domain name. type: str sam_server_ip: description: - SAM test server IP address. type: str sam_server_type: choices: - ip - fqdn description: - Select SAM server type . type: str sam_ssid: description: - SSID for WiFi network. type: str sam_test: choices: - ping - iperf description: - Select SAM test type . type: str sam_username: description: - Username for WiFi network connection. type: str set_80211d: choices: - enable - disable description: - Enable/disable 802.11d countryie. type: str short_guard_interval: choices: - enable - disable description: - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str spectrum_analysis: choices: - enable - scan-only - disable description: - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str transmit_optimize: choices: - disable - power-save - aggr-limit - retry-limit - send-bar description: - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. elements: str type: list vap_all: choices: - tunnel - bridge - manual - enable - disable description: - Configure method for assigning SSIDs to this FortiAP . type: str vaps: description: - Manually selected list of Virtual Access Points (VAPs). elements: dict suboptions: name: description: - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. required: true type: str type: list wids_profile: description: - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str zero_wait_dfs: choices: - enable - disable description: - Enable/disable zero wait DFS on radio . type: str type: dict radio_3: description: - Configuration options for radio 3. suboptions: airtime_fairness: choices: - enable - disable description: - Enable/disable airtime fairness . type: str amsdu: choices: - enable - disable description: - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str ap_handoff: choices: - enable - disable description: - Enable/disable AP handoff of clients to other APs . type: str ap_sniffer_addr: description: - MAC address to monitor. type: str ap_sniffer_bufsize: description: - Sniffer buffer size (1 - 32 MB). type: int ap_sniffer_chan: description: - Channel on which to operate the sniffer . type: int ap_sniffer_ctl: choices: - enable - disable description: - Enable/disable sniffer on WiFi control frame . type: str ap_sniffer_data: choices: - enable - disable description: - Enable/disable sniffer on WiFi data frame . type: str ap_sniffer_mgmt_beacon: choices: - enable - disable description: - Enable/disable sniffer on WiFi management Beacon frames . type: str ap_sniffer_mgmt_other: choices: - enable - disable description: - Enable/disable sniffer on WiFi management other frames . type: str ap_sniffer_mgmt_probe: choices: - enable - disable description: - Enable/disable sniffer on WiFi management probe frames . type: str arrp_profile: description: - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str auto_power_high: description: - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_level: choices: - enable - disable description: - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str auto_power_low: description: - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_target: description: - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str band: choices: - 802.11a - 802.11b - 802.11g - 802.11n - 802.11n-5G - 802.11ac - 802.11ax-5G - 802.11ax - 802.11ac-2G - 802.11ax-6G - 802.11n,g-only - 802.11g-only - 802.11n-only - 802.11n-5G-only - 802.11ac,n-only - 802.11ac-only - 802.11ax,ac-only - 802.11ax,ac,n-only - 802.11ax-5G-only - 802.11ax,n-only - 802.11ax,n,g-only - 802.11ax-only description: - WiFi band that Radio 3 operates on. type: str band_5g_type: choices: - 5g-full - 5g-high - 5g-low description: - WiFi 5G band type. type: str bandwidth_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str bandwidth_capacity: description: - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int beacon_interval: description: - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int bss_color: description: - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int bss_color_mode: choices: - auto - static description: - BSS color mode for this 11ax radio . type: str call_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str call_capacity: description: - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int channel: description: - Selected list of wireless radio channels. elements: dict suboptions: chan: description: - Channel number. required: true type: str type: list channel_bonding: choices: - 160MHz - 80MHz - 40MHz - 20MHz description: - 'Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.' type: str channel_utilization: choices: - enable - disable description: - Enable/disable measuring channel utilization. type: str coexistence: choices: - enable - disable description: - Enable/disable allowing both HT20 and HT40 on the same radio . type: str darrp: choices: - enable - disable description: - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str drma: choices: - disable - enable description: - Enable/disable dynamic radio mode assignment (DRMA) . type: str drma_sensitivity: choices: - low - medium - high description: - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str dtim: description: - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int frag_threshold: description: - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int frequency_handoff: choices: - enable - disable description: - Enable/disable frequency handoff of clients to other channels . type: str iperf_protocol: choices: - udp - tcp description: - Iperf test protocol . type: str iperf_server_port: description: - Iperf service port number. type: int max_clients: description: - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int max_distance: description: - Maximum expected distance between the AP and clients (0 - 54000 m). type: int mimo_mode: choices: - default - 1x1 - 2x2 - 3x3 - 4x4 - 8x8 description: - Configure radio MIMO mode . type: str mode: choices: - disabled - ap - monitor - sniffer - sam description: - Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str optional_antenna: choices: - none - custom - FANT-04ABGN-0606-O-N - FANT-04ABGN-1414-P-N - FANT-04ABGN-8065-P-N - FANT-04ABGN-0606-O-R - FANT-04ABGN-0606-P-R - FANT-10ACAX-1213-D-N - FANT-08ABGN-1213-D-R description: - Optional antenna used on FAP . type: str optional_antenna_gain: description: - Optional antenna gain in dBi (0 to 20). type: str power_level: description: - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int power_mode: choices: - dBm - percentage description: - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str power_value: description: - Radio EIRP power in dBm (1 - 33). type: int powersave_optimize: choices: - tim - ac-vo - no-obss-scan - no-11b-rate - client-rate-follow description: - Enable client power-saving features such as TIM, AC VO, and OBSS etc. elements: str type: list protection_mode: choices: - rtscts - ctsonly - disable description: - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str radio_id: description: - radio-id type: int rts_threshold: description: - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int sam_bssid: description: - BSSID for WiFi network. type: str sam_ca_certificate: description: - CA certificate for WPA2/WPA3-ENTERPRISE. type: str sam_captive_portal: choices: - enable - disable description: - Enable/disable Captive Portal Authentication . type: str sam_client_certificate: description: - Client certificate for WPA2/WPA3-ENTERPRISE. type: str sam_cwp_failure_string: description: - Failure identification on the page after an incorrect login. type: str sam_cwp_match_string: description: - Identification string from the captive portal login form. type: str sam_cwp_password: description: - Password for captive portal authentication. type: str sam_cwp_success_string: description: - Success identification on the page after a successful login. type: str sam_cwp_test_url: description: - Website the client is trying to access. type: str sam_cwp_username: description: - Username for captive portal authentication. type: str sam_eap_method: choices: - both - tls - peap description: - Select WPA2/WPA3-ENTERPRISE EAP Method . type: str sam_password: description: - Passphrase for WiFi network connection. type: str sam_private_key: description: - Private key for WPA2/WPA3-ENTERPRISE. type: str sam_private_key_password: description: - Password for private key file for WPA2/WPA3-ENTERPRISE. type: str sam_report_intv: description: - SAM report interval (sec), 0 for a one-time report. type: int sam_security_type: choices: - open - wpa-personal - wpa-enterprise - wpa3-sae - owe description: - Select WiFi network security type . type: str sam_server: description: - SAM test server IP address or domain name. type: str sam_server_fqdn: description: - SAM test server domain name. type: str sam_server_ip: description: - SAM test server IP address. type: str sam_server_type: choices: - ip - fqdn description: - Select SAM server type . type: str sam_ssid: description: - SSID for WiFi network. type: str sam_test: choices: - ping - iperf description: - Select SAM test type . type: str sam_username: description: - Username for WiFi network connection. type: str set_80211d: choices: - enable - disable description: - Enable/disable 802.11d countryie. type: str short_guard_interval: choices: - enable - disable description: - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str spectrum_analysis: choices: - enable - scan-only - disable description: - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str transmit_optimize: choices: - disable - power-save - aggr-limit - retry-limit - send-bar description: - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. elements: str type: list vap_all: choices: - tunnel - bridge - manual - enable - disable description: - Configure method for assigning SSIDs to this FortiAP . type: str vaps: description: - Manually selected list of Virtual Access Points (VAPs). elements: dict suboptions: name: description: - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. required: true type: str type: list wids_profile: description: - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str zero_wait_dfs: choices: - enable - disable description: - Enable/disable zero wait DFS on radio . type: str type: dict radio_4: description: - Configuration options for radio 4. suboptions: airtime_fairness: choices: - enable - disable description: - Enable/disable airtime fairness . type: str amsdu: choices: - enable - disable description: - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str ap_handoff: choices: - enable - disable description: - Enable/disable AP handoff of clients to other APs . type: str ap_sniffer_addr: description: - MAC address to monitor. type: str ap_sniffer_bufsize: description: - Sniffer buffer size (1 - 32 MB). type: int ap_sniffer_chan: description: - Channel on which to operate the sniffer . type: int ap_sniffer_ctl: choices: - enable - disable description: - Enable/disable sniffer on WiFi control frame . type: str ap_sniffer_data: choices: - enable - disable description: - Enable/disable sniffer on WiFi data frame . type: str ap_sniffer_mgmt_beacon: choices: - enable - disable description: - Enable/disable sniffer on WiFi management Beacon frames . type: str ap_sniffer_mgmt_other: choices: - enable - disable description: - Enable/disable sniffer on WiFi management other frames . type: str ap_sniffer_mgmt_probe: choices: - enable - disable description: - Enable/disable sniffer on WiFi management probe frames . type: str arrp_profile: description: - Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. type: str auto_power_high: description: - The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_level: choices: - enable - disable description: - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str auto_power_low: description: - The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). type: int auto_power_target: description: - Target of automatic transmit power adjustment in dBm (-95 to -20). type: str band: choices: - 802.11a - 802.11b - 802.11g - 802.11n - 802.11n-5G - 802.11ac - 802.11ax-5G - 802.11ax - 802.11ac-2G - 802.11ax-6G - 802.11n,g-only - 802.11g-only - 802.11n-only - 802.11n-5G-only - 802.11ac,n-only - 802.11ac-only - 802.11ax,ac-only - 802.11ax,ac,n-only - 802.11ax-5G-only - 802.11ax,n-only - 802.11ax,n,g-only - 802.11ax-only description: - WiFi band that Radio 4 operates on. type: str band_5g_type: choices: - 5g-full - 5g-high - 5g-low description: - WiFi 5G band type. type: str bandwidth_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str bandwidth_capacity: description: - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int beacon_interval: description: - Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . type: int bss_color: description: - BSS color value for this 11ax radio (0 - 63, disable = 0). type: int bss_color_mode: choices: - auto - static description: - BSS color mode for this 11ax radio . type: str call_admission_control: choices: - enable - disable description: - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str call_capacity: description: - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int channel: description: - Selected list of wireless radio channels. elements: dict suboptions: chan: description: - Channel number. required: true type: str type: list channel_bonding: choices: - 160MHz - 80MHz - 40MHz - 20MHz description: - 'Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.' type: str channel_utilization: choices: - enable - disable description: - Enable/disable measuring channel utilization. type: str coexistence: choices: - enable - disable description: - Enable/disable allowing both HT20 and HT40 on the same radio . type: str darrp: choices: - enable - disable description: - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str drma: choices: - disable - enable description: - Enable/disable dynamic radio mode assignment (DRMA) . type: str drma_sensitivity: choices: - low - medium - high description: - Network Coverage Factor (NCF) percentage required to consider a radio as redundant . type: str dtim: description: - Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. type: int frag_threshold: description: - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int frequency_handoff: choices: - enable - disable description: - Enable/disable frequency handoff of clients to other channels . type: str iperf_protocol: choices: - udp - tcp description: - Iperf test protocol . type: str iperf_server_port: description: - Iperf service port number. type: int max_clients: description: - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int max_distance: description: - Maximum expected distance between the AP and clients (0 - 54000 m). type: int mimo_mode: choices: - default - 1x1 - 2x2 - 3x3 - 4x4 - 8x8 description: - Configure radio MIMO mode . type: str mode: choices: - disabled - ap - monitor - sniffer - sam description: - Mode of radio 4. Radio 4 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. type: str optional_antenna: choices: - none - custom - FANT-04ABGN-0606-O-N - FANT-04ABGN-1414-P-N - FANT-04ABGN-8065-P-N - FANT-04ABGN-0606-O-R - FANT-04ABGN-0606-P-R - FANT-10ACAX-1213-D-N - FANT-08ABGN-1213-D-R description: - Optional antenna used on FAP . type: str optional_antenna_gain: description: - Optional antenna gain in dBi (0 to 20). type: str power_level: description: - Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). type: int power_mode: choices: - dBm - percentage description: - Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. type: str power_value: description: - Radio EIRP power in dBm (1 - 33). type: int powersave_optimize: choices: - tim - ac-vo - no-obss-scan - no-11b-rate - client-rate-follow description: - Enable client power-saving features such as TIM, AC VO, and OBSS etc. elements: str type: list protection_mode: choices: - rtscts - ctsonly - disable description: - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str rts_threshold: description: - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int sam_bssid: description: - BSSID for WiFi network. type: str sam_ca_certificate: description: - CA certificate for WPA2/WPA3-ENTERPRISE. type: str sam_captive_portal: choices: - enable - disable description: - Enable/disable Captive Portal Authentication . type: str sam_client_certificate: description: - Client certificate for WPA2/WPA3-ENTERPRISE. type: str sam_cwp_failure_string: description: - Failure identification on the page after an incorrect login. type: str sam_cwp_match_string: description: - Identification string from the captive portal login form. type: str sam_cwp_password: description: - Password for captive portal authentication. type: str sam_cwp_success_string: description: - Success identification on the page after a successful login. type: str sam_cwp_test_url: description: - Website the client is trying to access. type: str sam_cwp_username: description: - Username for captive portal authentication. type: str sam_eap_method: choices: - both - tls - peap description: - Select WPA2/WPA3-ENTERPRISE EAP Method . type: str sam_password: description: - Passphrase for WiFi network connection. type: str sam_private_key: description: - Private key for WPA2/WPA3-ENTERPRISE. type: str sam_private_key_password: description: - Password for private key file for WPA2/WPA3-ENTERPRISE. type: str sam_report_intv: description: - SAM report interval (sec), 0 for a one-time report. type: int sam_security_type: choices: - open - wpa-personal - wpa-enterprise - wpa3-sae - owe description: - Select WiFi network security type . type: str sam_server: description: - SAM test server IP address or domain name. type: str sam_server_fqdn: description: - SAM test server domain name. type: str sam_server_ip: description: - SAM test server IP address. type: str sam_server_type: choices: - ip - fqdn description: - Select SAM server type . type: str sam_ssid: description: - SSID for WiFi network. type: str sam_test: choices: - ping - iperf description: - Select SAM test type . type: str sam_username: description: - Username for WiFi network connection. type: str set_80211d: choices: - enable - disable description: - Enable/disable 802.11d countryie. type: str short_guard_interval: choices: - enable - disable description: - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str spectrum_analysis: choices: - enable - scan-only - disable description: - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str transmit_optimize: choices: - disable - power-save - aggr-limit - retry-limit - send-bar description: - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. elements: str type: list vap_all: choices: - tunnel - bridge - manual - enable - disable description: - Configure method for assigning SSIDs to this FortiAP . type: str vaps: description: - Manually selected list of Virtual Access Points (VAPs). elements: dict suboptions: name: description: - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. required: true type: str type: list wids_profile: description: - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str zero_wait_dfs: choices: - enable - disable description: - Enable/disable zero wait DFS on radio . type: str type: dict split_tunneling_acl: description: - Split tunneling ACL filter list. elements: dict suboptions: dest_ip: description: - Destination IP and mask for the split-tunneling subnet. type: str id: description: - ID. see <a href='#notes'>Notes</a>. required: true type: int type: list split_tunneling_acl_local_ap_subnet: choices: - enable - disable description: - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . type: str split_tunneling_acl_path: choices: - tunnel - local description: - Split tunneling ACL path is local/tunnel. type: str syslog_profile: description: - System log server configuration profile name. Source wireless-controller.syslog-profile.name. type: str tun_mtu_downlink: description: - The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). type: int tun_mtu_uplink: description: - The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). type: int unii_4_5ghz_band: choices: - enable - disable description: - Enable/disable UNII-4 5Ghz band channels . type: str wan_port_auth: choices: - none - 802.1x description: - Set WAN port authentication mode . type: str wan_port_auth_macsec: choices: - enable - disable description: - Enable/disable WAN port 802.1x supplicant MACsec policy . type: str wan_port_auth_methods: choices: - all - EAP-FAST - EAP-TLS - EAP-PEAP description: - WAN port 802.1x supplicant EAP methods . type: str wan_port_auth_password: description: - Set WAN port 802.1x supplicant password. type: str wan_port_auth_usrname: description: - Set WAN port 802.1x supplicant user name. type: str wan_port_mode: choices: - wan-lan - wan-only description: - Enable/disable using a WAN port as a LAN port. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str