Try SpotterConfigure DHCP servers in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_dhcp feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DHCP servers.
fortios_system_dhcp_server:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_dhcp_server:
auto_configuration: "disable"
auto_managed_status: "disable"
conflicted_ip_timeout: "1800"
ddns_auth: "disable"
ddns_key: "<your_own_value>"
ddns_keyname: "<your_own_value>"
ddns_server_ip: "<your_own_value>"
ddns_ttl: "300"
ddns_update: "disable"
ddns_update_override: "disable"
ddns_zone: "<your_own_value>"
default_gateway: "<your_own_value>"
dhcp_settings_from_fortiipam: "disable"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_server3: "<your_own_value>"
dns_server4: "<your_own_value>"
dns_service: "local"
domain: "<your_own_value>"
exclude_range:
-
end_ip: "<your_own_value>"
id: "24"
start_ip: "<your_own_value>"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
filename: "<your_own_value>"
forticlient_on_net_status: "disable"
id: "31"
interface: "<your_own_value> (source system.interface.name)"
ip_mode: "range"
ip_range:
-
end_ip: "<your_own_value>"
id: "36"
start_ip: "<your_own_value>"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
ipsec_lease_hold: "60"
lease_time: "604800"
mac_acl_default_action: "assign"
netmask: "<your_own_value>"
next_server: "<your_own_value>"
ntp_server1: "<your_own_value>"
ntp_server2: "<your_own_value>"
ntp_server3: "<your_own_value>"
ntp_service: "local"
options:
-
code: "0"
id: "52"
ip: "<your_own_value>"
type: "hex"
value: "<your_own_value>"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
reserved_address:
-
action: "assign"
circuit_id: "<your_own_value>"
circuit_id_type: "hex"
description: "<your_own_value>"
id: "64"
ip: "<your_own_value>"
mac: "<your_own_value>"
remote_id: "<your_own_value>"
remote_id_type: "hex"
type: "mac"
server_type: "regular"
status: "disable"
tftp_server:
-
tftp_server: "<your_own_value>"
timezone: "01"
timezone_option: "disable"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
wifi_ac_service: "specify"
wifi_ac1: "<your_own_value>"
wifi_ac2: "<your_own_value>"
wifi_ac3: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
system_dhcp_server:
default: null
description:
- Configure DHCP servers.
suboptions:
auto_configuration:
choices:
- disable
- enable
description:
- Enable/disable auto configuration.
type: str
auto_managed_status:
choices:
- disable
- enable
description:
- Enable/disable use of this DHCP server once this interface has been assigned
an IP address from FortiIPAM.
type: str
conflicted_ip_timeout:
description:
- Time in seconds to wait after a conflicted IP address is removed from the DHCP
range before it can be reused.
type: int
ddns_auth:
choices:
- disable
- tsig
description:
- DDNS authentication mode.
type: str
ddns_key:
description:
- DDNS update key (base 64 encoding).
type: str
ddns_keyname:
description:
- DDNS update key name.
type: str
ddns_server_ip:
description:
- DDNS server IP.
type: str
ddns_ttl:
description:
- TTL.
type: int
ddns_update:
choices:
- disable
- enable
description:
- Enable/disable DDNS update for DHCP.
type: str
ddns_update_override:
choices:
- disable
- enable
description:
- Enable/disable DDNS update override for DHCP.
type: str
ddns_zone:
description:
- Zone of your domain name (ex. DDNS.com).
type: str
default_gateway:
description:
- Default gateway IP address assigned by the DHCP server.
type: str
dhcp_settings_from_fortiipam:
choices:
- disable
- enable
description:
- Enable/disable populating of DHCP server settings from FortiIPAM.
type: str
dns_server1:
description:
- DNS server 1.
type: str
dns_server2:
description:
- DNS server 2.
type: str
dns_server3:
description:
- DNS server 3.
type: str
dns_server4:
description:
- DNS server 4.
type: str
dns_service:
choices:
- local
- default
- specify
description:
- Options for assigning DNS servers to DHCP clients.
type: str
domain:
description:
- Domain name suffix for the IP addresses that the DHCP server assigns to clients.
type: str
exclude_range:
description:
- Exclude one or more ranges of IP addresses from being assigned to clients.
elements: dict
suboptions:
end_ip:
description:
- End of IP range.
type: str
id:
description:
- ID.
type: int
start_ip:
description:
- Start of IP range.
type: str
vci_match:
choices:
- disable
- enable
description:
- Enable/disable vendor class identifier (VCI) matching. When enabled only
DHCP requests with a matching VCI are served with this range.
type: str
vci_string:
description:
- One or more VCI strings in quotes separated by spaces.
elements: dict
suboptions:
vci_string:
description:
- VCI strings.
type: str
type: list
type: list
filename:
description:
- Name of the boot file on the TFTP server.
type: str
forticlient_on_net_status:
choices:
- disable
- enable
description:
- Enable/disable FortiClient-On-Net service for this DHCP server.
type: str
id:
description:
- ID.
required: true
type: int
interface:
description:
- DHCP server can assign IP configurations to clients connected to this interface.
Source system.interface.name.
type: str
ip_mode:
choices:
- range
- usrgrp
description:
- Method used to assign client IP.
type: str
ip_range:
description:
- DHCP IP range configuration.
elements: dict
suboptions:
end_ip:
description:
- End of IP range.
type: str
id:
description:
- ID.
type: int
start_ip:
description:
- Start of IP range.
type: str
vci_match:
choices:
- disable
- enable
description:
- Enable/disable vendor class identifier (VCI) matching. When enabled only
DHCP requests with a matching VCI are served with this range.
type: str
vci_string:
description:
- One or more VCI strings in quotes separated by spaces.
elements: dict
suboptions:
vci_string:
description:
- VCI strings.
type: str
type: list
type: list
ipsec_lease_hold:
description:
- DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable
forced-expiry).
type: int
lease_time:
description:
- Lease time in seconds, 0 means unlimited.
type: int
mac_acl_default_action:
choices:
- assign
- block
description:
- MAC access control default action (allow or block assigning IP settings).
type: str
netmask:
description:
- Netmask assigned by the DHCP server.
type: str
next_server:
description:
- IP address of a server (for example, a TFTP sever) that DHCP clients can download
a boot file from.
type: str
ntp_server1:
description:
- NTP server 1.
type: str
ntp_server2:
description:
- NTP server 2.
type: str
ntp_server3:
description:
- NTP server 3.
type: str
ntp_service:
choices:
- local
- default
- specify
description:
- Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
type: str
options:
description:
- DHCP options.
elements: dict
suboptions:
code:
description:
- DHCP option code.
type: int
id:
description:
- ID.
type: int
ip:
description:
- DHCP option IPs.
elements: str
type: list
type:
choices:
- hex
- string
- ip
- fqdn
description:
- DHCP option type.
type: str
value:
description:
- DHCP option value.
type: str
vci_match:
choices:
- disable
- enable
description:
- Enable/disable vendor class identifier (VCI) matching. When enabled only
DHCP requests with a matching VCI are served with this option.
type: str
vci_string:
description:
- One or more VCI strings in quotes separated by spaces.
elements: dict
suboptions:
vci_string:
description:
- VCI strings.
type: str
type: list
type: list
reserved_address:
description:
- Options for the DHCP server to assign IP settings to specific MAC addresses.
elements: dict
suboptions:
action:
choices:
- assign
- block
- reserved
description:
- Options for the DHCP server to configure the client with the reserved MAC
address.
type: str
circuit_id:
description:
- Option 82 circuit-ID of the client that will get the reserved IP address.
type: str
circuit_id_type:
choices:
- hex
- string
description:
- DHCP option type.
type: str
description:
description:
- Description.
type: str
id:
description:
- ID.
type: int
ip:
description:
- IP address to be reserved for the MAC address.
type: str
mac:
description:
- MAC address of the client that will get the reserved IP address.
type: str
remote_id:
description:
- Option 82 remote-ID of the client that will get the reserved IP address.
type: str
remote_id_type:
choices:
- hex
- string
description:
- DHCP option type.
type: str
type:
choices:
- mac
- option82
description:
- DHCP reserved-address type.
type: str
type: list
server_type:
choices:
- regular
- ipsec
description:
- DHCP server can be a normal DHCP server or an IPsec DHCP server.
type: str
status:
choices:
- disable
- enable
description:
- Enable/disable this DHCP configuration.
type: str
tftp_server:
description:
- One or more hostnames or IP addresses of the TFTP servers in quotes separated
by spaces.
elements: dict
suboptions:
tftp_server:
description:
- TFTP server.
type: str
type: list
timezone:
choices:
- '01'
- '02'
- '03'
- '04'
- '05'
- '81'
- '06'
- '07'
- 08
- 09
- '10'
- '11'
- '12'
- '13'
- '74'
- '14'
- '77'
- '15'
- '87'
- '16'
- '17'
- '18'
- '19'
- '20'
- '75'
- '21'
- '22'
- '23'
- '24'
- '80'
- '79'
- '25'
- '26'
- '27'
- '28'
- '78'
- '29'
- '30'
- '31'
- '32'
- '33'
- '34'
- '35'
- '36'
- '37'
- '38'
- '83'
- '84'
- '40'
- '85'
- '39'
- '41'
- '42'
- '43'
- '44'
- '45'
- '46'
- '47'
- '51'
- '48'
- '49'
- '50'
- '52'
- '53'
- '54'
- '55'
- '56'
- '57'
- '58'
- '59'
- '60'
- '61'
- '62'
- '63'
- '64'
- '65'
- '66'
- '67'
- '68'
- '69'
- '70'
- '71'
- '72'
- '00'
- '82'
- '73'
- '86'
- '76'
description:
- Select the time zone to be assigned to DHCP clients.
type: str
timezone_option:
choices:
- disable
- default
- specify
description:
- Options for the DHCP server to set the client"s time zone.
type: str
vci_match:
choices:
- disable
- enable
description:
- Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP
requests with a matching VCI are served.
type: str
vci_string:
description:
- One or more VCI strings in quotes separated by spaces.
elements: dict
suboptions:
vci_string:
description:
- VCI strings.
type: str
type: list
wifi_ac1:
description:
- WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
type: str
wifi_ac2:
description:
- WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
type: str
wifi_ac3:
description:
- WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
type: str
wifi_ac_service:
choices:
- specify
- local
description:
- Options for assigning WiFi access controllers to DHCP clients.
type: str
wins_server1:
description:
- WINS server 1.
type: str
wins_server2:
description:
- WINS server 2.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str