lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_wireless_controller_vap Configure Virtual Access Points (VAPs) in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_wireless_controller_vap (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure Virtual Access Points (VAPs). fortios_wireless_controller_vap: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" wireless_controller_vap: access_control_list: "<your_own_value> (source wireless-controller.access-control-list.name)" acct_interim_interval: "43200" additional_akms: "akm6" address_group: "<your_own_value> (source firewall.addrgrp.name)" address_group_policy: "disable" alias: "<your_own_value>" antivirus_profile: "<your_own_value> (source antivirus.profile.name)" application_detection_engine: "enable" application_dscp_marking: "enable" application_list: "<your_own_value> (source application.list.name)" application_report_intv: "120" atf_weight: "20" auth: "psk" auth_cert: "<your_own_value> (source vpn.certificate.local.name)" auth_portal_addr: "<your_own_value>" beacon_advertising: "name" broadcast_ssid: "enable" broadcast_suppression: "dhcp-up" bss_color_partial: "enable" bstm_disassociation_imminent: "enable" bstm_load_balancing_disassoc_timer: "10" bstm_rssi_disassoc_timer: "200" captive_portal_ac_name: "<your_own_value>" captive_portal_auth_timeout: "0" captive_portal_macauth_radius_secret: "<your_own_value>" captive_portal_macauth_radius_server: "<your_own_value>" captive_portal_radius_secret: "<your_own_value>" captive_portal_radius_server: "<your_own_value>" captive_portal_session_timeout_interval: "432000" dhcp_address_enforcement: "enable" dhcp_lease_time: "2400" dhcp_option43_insertion: "enable" dhcp_option82_circuit_id_insertion: "style-1" dhcp_option82_insertion: "enable" dhcp_option82_remote_id_insertion: "style-1" dynamic_vlan: "enable" eap_reauth: "enable" eap_reauth_intv: "86400" eapol_key_retries: "disable" encrypt: "TKIP" external_fast_roaming: "enable" external_logout: "<your_own_value>" external_web: "<your_own_value>" external_web_format: "auto-detect" fast_bss_transition: "disable" fast_roaming: "enable" ft_mobility_domain: "1000" ft_over_ds: "disable" ft_r0_key_lifetime: "480" gas_comeback_delay: "500" gas_fragmentation_limit: "1024" gtk_rekey: "enable" gtk_rekey_intv: "86400" high_efficiency: "enable" hotspot20_profile: "<your_own_value> (source wireless-controller.hotspot20.hs-profile.name)" igmp_snooping: "enable" intra_vap_privacy: "enable" ip: "<your_own_value>" ips_sensor: "<your_own_value> (source ips.sensor.name)" ipv6_rules: "drop-icmp6ra" key: "<your_own_value>" keyindex: "1" l3_roaming: "enable" l3_roaming_mode: "direct" ldpc: "disable" local_authentication: "enable" local_bridging: "enable" local_lan: "allow" local_standalone: "enable" local_standalone_dns: "enable" local_standalone_dns_ip: "<your_own_value>" local_standalone_nat: "enable" mac_auth_bypass: "enable" mac_called_station_delimiter: "hyphen" mac_calling_station_delimiter: "hyphen" mac_case: "uppercase" mac_filter: "enable" mac_filter_list: - id: "81" mac: "<your_own_value>" mac_filter_policy: "allow" mac_filter_policy_other: "allow" mac_password_delimiter: "hyphen" mac_username_delimiter: "hyphen" max_clients: "0" max_clients_ap: "0" mbo: "disable" mbo_cell_data_conn_pref: "excluded" me_disable_thresh: "32" mesh_backhaul: "enable" mpsk: "enable" mpsk_concurrent_clients: "32767" mpsk_key: - comment: "Comment." concurrent_clients: "<your_own_value>" key_name: "<your_own_value>" mpsk_schedules: - name: "default_name_100 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" passphrase: "<your_own_value>" mpsk_profile: "<your_own_value> (source wireless-controller.mpsk-profile.name)" mu_mimo: "enable" multicast_enhance: "enable" multicast_rate: "0" nac: "enable" nac_profile: "<your_own_value> (source wireless-controller.nac-profile.name)" name: "default_name_108" neighbor_report_dual_band: "disable" okc: "disable" osen: "enable" owe_groups: "19" owe_transition: "disable" owe_transition_ssid: "<your_own_value>" passphrase: "<your_own_value>" pmf: "disable" pmf_assoc_comeback_timeout: "1" pmf_sa_query_retry_timeout: "2" port_macauth: "disable" port_macauth_reauth_timeout: "7200" port_macauth_timeout: "600" portal_message_override_group: "<your_own_value> (source system.replacemsg-group.name)" portal_message_overrides: auth_disclaimer_page: "<your_own_value>" auth_login_failed_page: "<your_own_value>" auth_login_page: "<your_own_value>" auth_reject_page: "<your_own_value>" portal_type: "auth" primary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)" probe_resp_suppression: "enable" probe_resp_threshold: "<your_own_value>" ptk_rekey: "enable" ptk_rekey_intv: "86400" qos_profile: "<your_own_value> (source wireless-controller.qos-profile.name)" quarantine: "enable" radio_2g_threshold: "<your_own_value>" radio_5g_threshold: "<your_own_value>" radio_sensitivity: "enable" radius_mac_auth: "enable" radius_mac_auth_server: "<your_own_value> (source user.radius.name)" radius_mac_auth_usergroups: - name: "default_name_142" radius_mac_mpsk_auth: "enable" radius_mac_mpsk_timeout: "86400" radius_server: "<your_own_value> (source user.radius.name)" rates_11a: "1" rates_11ac_mcs_map: "<your_own_value>" rates_11ac_ss12: "mcs0/1" rates_11ac_ss34: "mcs0/3" rates_11ax_mcs_map: "<your_own_value>" rates_11ax_ss12: "mcs0/1" rates_11ax_ss34: "mcs0/3" rates_11bg: "1" rates_11n_ss12: "mcs0/1" rates_11n_ss34: "mcs16/3" sae_groups: "19" sae_h2e_only: "enable" sae_password: "<your_own_value>" sae_pk: "enable" sae_private_key: "<your_own_value>" scan_botnet_connections: "disable" schedule: - name: "default_name_163 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" secondary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)" security: "open" security_exempt_list: "<your_own_value> (source user.security-exempt-list.name)" security_obsolete_option: "enable" security_redirect_url: "<your_own_value>" selected_usergroups: - name: "default_name_170 (source user.group.name)" split_tunneling: "enable" ssid: "<your_own_value>" sticky_client_remove: "enable" sticky_client_threshold_2g: "<your_own_value>" sticky_client_threshold_5g: "<your_own_value>" sticky_client_threshold_6g: "<your_own_value>" target_wake_time: "enable" tkip_counter_measure: "enable" tunnel_echo_interval: "300" tunnel_fallback_interval: "7200" usergroup: - name: "default_name_182 (source user.group.name)" utm_log: "enable" utm_profile: "<your_own_value> (source wireless-controller.utm-profile.name)" utm_status: "enable" vdom: "<your_own_value> (source system.vdom.name)" vlan_auto: "enable" vlan_name: - name: "default_name_189" vlan_id: "0" vlan_pool: - id: "192" wtp_group: "<your_own_value> (source wireless-controller.wtp-group.name)" vlan_pooling: "wtp-group" vlanid: "0" voice_enterprise: "disable" webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str wireless_controller_vap: default: null description: - Configure Virtual Access Points (VAPs). suboptions: access_control_list: description: - Profile name for access-control-list. Source wireless-controller.access-control-list.name. type: str acct_interim_interval: description: - WiFi RADIUS accounting interim interval (60 - 86400 sec). type: int additional_akms: choices: - akm6 description: - Additional AKMs. elements: str type: list address_group: description: - Firewall Address Group Name. Source firewall.addrgrp.name. type: str address_group_policy: choices: - disable - allow - deny description: - Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str alias: description: - Alias. type: str antivirus_profile: description: - AntiVirus profile name. Source antivirus.profile.name. type: str application_detection_engine: choices: - enable - disable description: - Enable/disable application detection engine . type: str application_dscp_marking: choices: - enable - disable description: - Enable/disable application attribute based DSCP marking . type: str application_list: description: - Application control list name. Source application.list.name. type: str application_report_intv: description: - Application report interval (30 - 864000 sec). type: int atf_weight: description: - Airtime weight in percentage . type: int auth: choices: - psk - radius - usergroup description: - Authentication protocol. type: str auth_cert: description: - HTTPS server certificate. Source vpn.certificate.local.name. type: str auth_portal_addr: description: - Address of captive portal. type: str beacon_advertising: choices: - name - model - serial-number description: - Fortinet beacon advertising IE data . elements: str type: list broadcast_ssid: choices: - enable - disable description: - Enable/disable broadcasting the SSID . type: str broadcast_suppression: choices: - dhcp-up - dhcp-down - dhcp-starvation - dhcp-ucast - arp-known - arp-unknown - arp-reply - arp-poison - arp-proxy - netbios-ns - netbios-ds - ipv6 - all-other-mc - all-other-bc description: - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. elements: str type: list bss_color_partial: choices: - enable - disable description: - Enable/disable 802.11ax partial BSS color . type: str bstm_disassociation_imminent: choices: - enable - disable description: - Enable/disable forcing of disassociation after the BSTM request timer has been reached . type: str bstm_load_balancing_disassoc_timer: description: - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30). type: int bstm_rssi_disassoc_timer: description: - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000). type: int captive_portal_ac_name: description: - Local-bridging captive portal ac-name. type: str captive_portal_auth_timeout: description: - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec). type: int captive_portal_macauth_radius_secret: description: - Secret key to access the macauth RADIUS server. type: str captive_portal_macauth_radius_server: description: - Captive portal external RADIUS server domain name or IP address. type: str captive_portal_radius_secret: description: - Secret key to access the RADIUS server. type: str captive_portal_radius_server: description: - Captive portal RADIUS server domain name or IP address. type: str captive_portal_session_timeout_interval: description: - Session timeout interval (0 - 864000 sec). type: int dhcp_address_enforcement: choices: - enable - disable description: - Enable/disable DHCP address enforcement . type: str dhcp_lease_time: description: - DHCP lease time in seconds for NAT IP address. type: int dhcp_option43_insertion: choices: - enable - disable description: - Enable/disable insertion of DHCP option 43 . type: str dhcp_option82_circuit_id_insertion: choices: - style-1 - style-2 - style-3 - disable description: - Enable/disable DHCP option 82 circuit-id insert . type: str dhcp_option82_insertion: choices: - enable - disable description: - Enable/disable DHCP option 82 insert . type: str dhcp_option82_remote_id_insertion: choices: - style-1 - disable description: - Enable/disable DHCP option 82 remote-id insert . type: str dynamic_vlan: choices: - enable - disable description: - Enable/disable dynamic VLAN assignment. type: str eap_reauth: choices: - enable - disable description: - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str eap_reauth_intv: description: - EAP re-authentication interval (1800 - 864000 sec). type: int eapol_key_retries: choices: - disable - enable description: - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . type: str encrypt: choices: - TKIP - AES - TKIP-AES description: - Encryption protocol to use (only available when security is set to a WPA type). type: str external_fast_roaming: choices: - enable - disable description: - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . type: str external_logout: description: - URL of external authentication logout server. type: str external_web: description: - URL of external authentication web server. type: str external_web_format: choices: - auto-detect - no-query-string - partial-query-string description: - URL query parameter detection . type: str fast_bss_transition: choices: - disable - enable description: - Enable/disable 802.11r Fast BSS Transition (FT) . type: str fast_roaming: choices: - enable - disable description: - Enable/disable fast-roaming, or pre-authentication, where supported by clients . type: str ft_mobility_domain: description: - Mobility domain identifier in FT (1 - 65535). type: int ft_over_ds: choices: - disable - enable description: - Enable/disable FT over the Distribution System (DS). type: str ft_r0_key_lifetime: description: - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int gas_comeback_delay: description: - GAS comeback delay (0 or 100 - 10000 milliseconds). type: int gas_fragmentation_limit: description: - GAS fragmentation limit (512 - 4096). type: int gtk_rekey: choices: - enable - disable description: - Enable/disable GTK rekey for WPA security. type: str gtk_rekey_intv: description: - GTK rekey interval (1800 - 864000 sec). type: int high_efficiency: choices: - enable - disable description: - Enable/disable 802.11ax high efficiency . type: str hotspot20_profile: description: - Hotspot 2.0 profile name. Source wireless-controller.hotspot20.hs-profile.name. type: str igmp_snooping: choices: - enable - disable description: - Enable/disable IGMP snooping. type: str intra_vap_privacy: choices: - enable - disable description: - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . type: str ip: description: - IP address and subnet mask for the local standalone NAT subnet. type: str ips_sensor: description: - IPS sensor name. Source ips.sensor.name. type: str ipv6_rules: choices: - drop-icmp6ra - drop-icmp6rs - drop-llmnr6 - drop-icmp6mld2 - drop-dhcp6s - drop-dhcp6c - ndp-proxy - drop-ns-dad - drop-ns-nondad description: - Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. elements: str type: list key: description: - WEP Key. type: str keyindex: description: - WEP key index (1 - 4). type: int l3_roaming: choices: - enable - disable description: - Enable/disable layer 3 roaming . type: str l3_roaming_mode: choices: - direct - indirect description: - Select the way that layer 3 roaming traffic is passed . type: str ldpc: choices: - disable - rx - tx - rxtx description: - VAP low-density parity-check (LDPC) coding configuration. type: str local_authentication: choices: - enable - disable description: - Enable/disable AP local authentication. type: str local_bridging: choices: - enable - disable description: - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . type: str local_lan: choices: - allow - deny description: - Allow/deny traffic destined for a Class A, B, or C private IP address . type: str local_standalone: choices: - enable - disable description: - Enable/disable AP local standalone . type: str local_standalone_dns: choices: - enable - disable description: - Enable/disable AP local standalone DNS. type: str local_standalone_dns_ip: description: - IPv4 addresses for the local standalone DNS. elements: str type: list local_standalone_nat: choices: - enable - disable description: - Enable/disable AP local standalone NAT mode. type: str mac_auth_bypass: choices: - enable - disable description: - Enable/disable MAC authentication bypass. type: str mac_called_station_delimiter: choices: - hyphen - single-hyphen - colon - none description: - MAC called station delimiter . type: str mac_calling_station_delimiter: choices: - hyphen - single-hyphen - colon - none description: - MAC calling station delimiter . type: str mac_case: choices: - uppercase - lowercase description: - MAC case . type: str mac_filter: choices: - enable - disable description: - Enable/disable MAC filtering to block wireless clients by mac address. type: str mac_filter_list: description: - Create a list of MAC addresses for MAC address filtering. elements: dict suboptions: id: description: - ID. type: int mac: description: - MAC address. type: str mac_filter_policy: choices: - allow - deny description: - Deny or allow the client with this MAC address. type: str type: list mac_filter_policy_other: choices: - allow - deny description: - Allow or block clients with MAC addresses that are not in the filter list. type: str mac_password_delimiter: choices: - hyphen - single-hyphen - colon - none description: - MAC authentication password delimiter . type: str mac_username_delimiter: choices: - hyphen - single-hyphen - colon - none description: - MAC authentication username delimiter . type: str max_clients: description: - Maximum number of clients that can connect simultaneously to the VAP . type: int max_clients_ap: description: - Maximum number of clients that can connect simultaneously to the VAP per AP radio . type: int mbo: choices: - disable - enable description: - Enable/disable Multiband Operation . type: str mbo_cell_data_conn_pref: choices: - excluded - prefer-not - prefer-use description: - MBO cell data connection preference (0, 1, or 255). type: str me_disable_thresh: description: - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int mesh_backhaul: choices: - enable - disable description: - Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. type: str mpsk: choices: - enable - disable description: - Enable/disable multiple PSK authentication. type: str mpsk_concurrent_clients: description: - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535). type: int mpsk_key: description: - List of multiple PSK entries. elements: dict suboptions: comment: description: - Comment. type: str concurrent_clients: description: - Number of clients that can connect using this pre-shared key. type: str key_name: description: - Pre-shared key name. type: str mpsk_schedules: description: - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. elements: dict suboptions: name: description: - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str type: list passphrase: description: - WPA Pre-shared key. type: str type: list mpsk_profile: description: - MPSK profile name. Source wireless-controller.mpsk-profile.name. type: str mu_mimo: choices: - enable - disable description: - Enable/disable Multi-user MIMO . type: str multicast_enhance: choices: - enable - disable description: - Enable/disable converting multicast to unicast to improve performance . type: str multicast_rate: choices: - '0' - '6000' - '12000' - '24000' description: - Multicast rate (0, 6000, 12000, or 24000 kbps). type: str nac: choices: - enable - disable description: - Enable/disable network access control. type: str nac_profile: description: - NAC profile name. Source wireless-controller.nac-profile.name. type: str name: description: - Virtual AP name. required: true type: str neighbor_report_dual_band: choices: - disable - enable description: - Enable/disable dual-band neighbor report . type: str okc: choices: - disable - enable description: - Enable/disable Opportunistic Key Caching (OKC) . type: str osen: choices: - enable - disable description: - Enable/disable OSEN as part of key management . type: str owe_groups: choices: - '19' - '20' - '21' description: - OWE-Groups. elements: str type: list owe_transition: choices: - disable - enable description: - Enable/disable OWE transition mode support. type: str owe_transition_ssid: description: - OWE transition mode peer SSID. type: str passphrase: description: - WPA pre-shared key (PSK) to be used to authenticate WiFi users. type: str pmf: choices: - disable - enable - optional description: - Protected Management Frames (PMF) support . type: str pmf_assoc_comeback_timeout: description: - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int pmf_sa_query_retry_timeout: description: - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int port_macauth: choices: - disable - radius - address-group description: - Enable/disable LAN port MAC authentication . type: str port_macauth_reauth_timeout: description: - LAN port MAC authentication re-authentication timeout value . type: int port_macauth_timeout: description: - LAN port MAC authentication idle timeout value . type: int portal_message_override_group: description: - Replacement message group for this VAP (only available when security is set to a captive portal type). Source system.replacemsg-group .name. type: str portal_message_overrides: description: - Individual message overrides. suboptions: auth_disclaimer_page: description: - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str auth_login_failed_page: description: - Override auth-login-failed-page message with message from portal-message-overrides group. type: str auth_login_page: description: - Override auth-login-page message with message from portal-message-overrides group. type: str auth_reject_page: description: - Override auth-reject-page message with message from portal-message-overrides group. type: str type: dict portal_type: choices: - auth - auth+disclaimer - disclaimer - email-collect - cmcc - cmcc-macauth - auth-mac - external-auth - external-macauth description: - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. type: str primary_wag_profile: description: - Primary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str probe_resp_suppression: choices: - enable - disable description: - Enable/disable probe response suppression (to ignore weak signals) . type: str probe_resp_threshold: description: - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). type: str ptk_rekey: choices: - enable - disable description: - Enable/disable PTK rekey for WPA-Enterprise security. type: str ptk_rekey_intv: description: - PTK rekey interval (1800 - 864000 sec). type: int qos_profile: description: - Quality of service profile name. Source wireless-controller.qos-profile.name. type: str quarantine: choices: - enable - disable description: - Enable/disable station quarantine . type: str radio_2g_threshold: description: - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20). type: str radio_5g_threshold: description: - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20). type: str radio_sensitivity: choices: - enable - disable description: - Enable/disable software radio sensitivity (to ignore weak signals) . type: str radius_mac_auth: choices: - enable - disable description: - Enable/disable RADIUS-based MAC authentication of clients . type: str radius_mac_auth_server: description: - RADIUS-based MAC authentication server. Source user.radius.name. type: str radius_mac_auth_usergroups: description: - Selective user groups that are permitted for RADIUS mac authentication. elements: dict suboptions: name: description: - User group name. type: str type: list radius_mac_mpsk_auth: choices: - enable - disable description: - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication . type: str radius_mac_mpsk_timeout: description: - RADIUS MAC MPSK cache timeout interval (0 or 300 - 864000). type: int radius_server: description: - RADIUS server to be used to authenticate WiFi users. Source user.radius.name. type: str rates_11a: choices: - '1' - 1-basic - '2' - 2-basic - '5.5' - 5.5-basic - '11' - 11-basic - '6' - 6-basic - '9' - 9-basic - '12' - 12-basic - '18' - 18-basic - '24' - 24-basic - '36' - 36-basic - '48' - 48-basic - '54' - 54-basic description: - Allowed data rates for 802.11a. elements: str type: list rates_11ac_mcs_map: description: - Comma separated list of max supported VHT MCS for spatial streams 1 through 8. type: str rates_11ac_ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs10/1 - mcs11/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 description: - Allowed data rates for 802.11ac with 1 or 2 spatial streams. elements: str type: list rates_11ac_ss34: choices: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs10/3 - mcs11/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/4 - mcs11/4 description: - Allowed data rates for 802.11ac with 3 or 4 spatial streams. elements: str type: list rates_11ax_mcs_map: description: - Comma separated list of max supported HE MCS for spatial streams 1 through 8. type: str rates_11ax_ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/1 - mcs9/1 - mcs10/1 - mcs11/1 - mcs0/2 - mcs1/2 - mcs2/2 - mcs3/2 - mcs4/2 - mcs5/2 - mcs6/2 - mcs7/2 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 description: - Allowed data rates for 802.11ax with 1 or 2 spatial streams. elements: str type: list rates_11ax_ss34: choices: - mcs0/3 - mcs1/3 - mcs2/3 - mcs3/3 - mcs4/3 - mcs5/3 - mcs6/3 - mcs7/3 - mcs8/3 - mcs9/3 - mcs10/3 - mcs11/3 - mcs0/4 - mcs1/4 - mcs2/4 - mcs3/4 - mcs4/4 - mcs5/4 - mcs6/4 - mcs7/4 - mcs8/4 - mcs9/4 - mcs10/4 - mcs11/4 description: - Allowed data rates for 802.11ax with 3 or 4 spatial streams. elements: str type: list rates_11bg: choices: - '1' - 1-basic - '2' - 2-basic - '5.5' - 5.5-basic - '11' - 11-basic - '6' - 6-basic - '9' - 9-basic - '12' - 12-basic - '18' - 18-basic - '24' - 24-basic - '36' - 36-basic - '48' - 48-basic - '54' - 54-basic description: - Allowed data rates for 802.11b/g. elements: str type: list rates_11n_ss12: choices: - mcs0/1 - mcs1/1 - mcs2/1 - mcs3/1 - mcs4/1 - mcs5/1 - mcs6/1 - mcs7/1 - mcs8/2 - mcs9/2 - mcs10/2 - mcs11/2 - mcs12/2 - mcs13/2 - mcs14/2 - mcs15/2 description: - Allowed data rates for 802.11n with 1 or 2 spatial streams. elements: str type: list rates_11n_ss34: choices: - mcs16/3 - mcs17/3 - mcs18/3 - mcs19/3 - mcs20/3 - mcs21/3 - mcs22/3 - mcs23/3 - mcs24/4 - mcs25/4 - mcs26/4 - mcs27/4 - mcs28/4 - mcs29/4 - mcs30/4 - mcs31/4 description: - Allowed data rates for 802.11n with 3 or 4 spatial streams. elements: str type: list sae_groups: choices: - '19' - '20' - '21' - '1' - '2' - '5' - '14' - '15' - '16' - '17' - '18' - '27' - '28' - '29' - '30' - '31' description: - SAE-Groups. elements: str type: list sae_h2e_only: choices: - enable - disable description: - Use hash-to-element-only mechanism for PWE derivation . type: str sae_password: description: - WPA3 SAE password to be used to authenticate WiFi users. type: str sae_pk: choices: - enable - disable description: - Enable/disable WPA3 SAE-PK . type: str sae_private_key: description: - Private key used for WPA3 SAE-PK authentication. type: str scan_botnet_connections: choices: - disable - monitor - block description: - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str schedule: description: - Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space. elements: dict suboptions: name: description: - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str type: list secondary_wag_profile: description: - Secondary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str security: choices: - open - captive-portal - wep64 - wep128 - wpa-personal - wpa-personal+captive-portal - wpa-enterprise - wpa-only-personal - wpa-only-personal+captive-portal - wpa-only-enterprise - wpa2-only-personal - wpa2-only-personal+captive-portal - wpa2-only-enterprise - wpa3-enterprise - wpa3-only-enterprise - wpa3-enterprise-transition - wpa3-sae - wpa3-sae-transition - owe - osen description: - Security mode for the wireless interface . type: str security_exempt_list: description: - Optional security exempt list for captive portal authentication. Source user.security-exempt-list.name. type: str security_obsolete_option: choices: - enable - disable description: - Enable/disable obsolete security options. type: str security_redirect_url: description: - Optional URL for redirecting users after they pass captive portal authentication. type: str selected_usergroups: description: - Selective user groups that are permitted to authenticate. elements: dict suboptions: name: description: - User group name. Source user.group.name. type: str type: list split_tunneling: choices: - enable - disable description: - Enable/disable split tunneling . type: str ssid: description: - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. type: str sticky_client_remove: choices: - enable - disable description: - Enable/disable sticky client remove to maintain good signal level clients in SSID . type: str sticky_client_threshold_2g: description: - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20). type: str sticky_client_threshold_5g: description: - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20). type: str sticky_client_threshold_6g: description: - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20). type: str target_wake_time: choices: - enable - disable description: - Enable/disable 802.11ax target wake time . type: str tkip_counter_measure: choices: - enable - disable description: - Enable/disable TKIP counter measure. type: str tunnel_echo_interval: description: - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec). type: int tunnel_fallback_interval: description: - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec). type: int usergroup: description: - Firewall user group to be used to authenticate WiFi users. elements: dict suboptions: name: description: - User group name. Source user.group.name. type: str type: list utm_log: choices: - enable - disable description: - Enable/disable UTM logging. type: str utm_profile: description: - UTM profile name. Source wireless-controller.utm-profile.name. type: str utm_status: choices: - enable - disable description: - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. type: str vdom: description: - Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. type: str vlan_auto: choices: - enable - disable description: - Enable/disable automatic management of SSID VLAN interface. type: str vlan_name: description: - Table for mapping VLAN name to VLAN ID. elements: dict suboptions: name: description: - VLAN name. type: str vlan_id: description: - VLAN ID. type: int type: list vlan_pool: description: - VLAN pool. elements: dict suboptions: id: description: - ID. type: int wtp_group: description: - WTP group name. Source wireless-controller.wtp-group.name. type: str type: list vlan_pooling: choices: - wtp-group - round-robin - hash - disable description: - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. type: str vlanid: description: - Optional VLAN ID. type: int voice_enterprise: choices: - disable - enable description: - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . type: str webfilter_profile: description: - WebFilter profile name. Source webfilter.profile.name. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str