fmgd_system_settings – Configure VDOM settings.
Added in version 1.0.0.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible-core>=2.16.0
FortiManager Version Compatibility
Supported Version Ranges: v7.2.6 -> v7.2.12, v7.4.3 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- device - The parameter in requested url type: str required: true
- vdom - The parameter in requested url type: str required: true
- system_settings - Configure VDOM settings. type: dict
- allow_linkdown_path (Alias name: allow-linkdown-path) Enable/disable link down path. type: str choices: [disable, enable] more...
- allow_subnet_overlap (Alias name: allow-subnet-overlap) Enable/disable allowing interface subnets to use overlapping ip addresses. type: str choices: [disable, enable] more...
- application_bandwidth_tracking (Alias name: application-bandwidth-tracking) Enable/disable application bandwidth tracking. type: str choices: [disable, enable] more...
- asymroute Enable/disable ipv4 asymmetric routing. type: str choices: [disable, enable] more...
- asymroute_icmp (Alias name: asymroute-icmp) Enable/disable icmp asymmetric routing. type: str choices: [disable, enable] more...
- asymroute6 Enable/disable asymmetric ipv6 routing. type: str choices: [disable, enable] more...
- asymroute6_icmp (Alias name: asymroute6-icmp) Enable/disable asymmetric icmpv6 routing. type: str choices: [disable, enable] more...
- auxiliary_session (Alias name: auxiliary-session) Enable/disable auxiliary session. type: str choices: [disable, enable] more...
- bfd Enable/disable bi-directional forwarding detection (bfd) on all interfaces. type: str choices: [disable, enable] more...
- bfd_desired_min_tx (Alias name: bfd-desired-min-tx) Bfd desired minimal transmit interval (1 - 100000 ms, default = 250). type: int more...
- bfd_detect_mult (Alias name: bfd-detect-mult) Bfd detection multiplier (1 - 50, default = 3). type: int more...
- bfd_dont_enforce_src_port (Alias name: bfd-dont-enforce-src-port) Enable to not enforce verifying the source port of bfd packets. type: str choices: [disable, enable] more...
- bfd_required_min_rx (Alias name: bfd-required-min-rx) Bfd required minimal receive interval (1 - 100000 ms, default = 250). type: int more...
- block_land_attack (Alias name: block-land-attack) Enable/disable blocking of land attacks. type: str choices: [disable, enable] more...
- central_nat (Alias name: central-nat) Enable/disable central nat. type: str choices: [disable, enable] more...
- comments Vdom comments. type: str more...
- default_app_port_as_service (Alias name: default-app-port-as-service) Enable/disable policy service enforcement based on application default ports. type: str choices: [disable, enable] more...
- default_policy_expiry_days (Alias name: default-policy-expiry-days) Default policy expiry in days (0 - 365 days, default = 30). type: int more...
- default_voip_alg_mode (Alias name: default-voip-alg-mode) Configure how the fortigate handles voip traffic when a policy that accepts the traffic doesnt include a voip profile. type: str choices: [proxy-based, kernel-helper-based] more...
- deny_tcp_with_icmp (Alias name: deny-tcp-with-icmp) Enable/disable denying tcp by sending an icmp communication prohibited packet. type: str choices: [disable, enable] more...
- detect_unknown_esp (Alias name: detect-unknown-esp) Enable/disable detection of unknown esp packets (default = enable). type: str choices: [disable, enable] more...
- device Interface to use for management access for nat mode. type: list more...
- dhcp_proxy (Alias name: dhcp-proxy) Enable/disable the dhcp proxy. type: str choices: [disable, enable] more...
- dhcp_proxy_interface (Alias name: dhcp-proxy-interface) Specify outgoing interface to reach server. type: list more...
- dhcp_proxy_interface_select_method (Alias name: dhcp-proxy-interface-select-method) Specify how to select outgoing interface to reach server. type: str choices: [auto, sdwan, specify] more...
- dhcp_server_ip (Alias name: dhcp-server-ip) Dhcp server ipv4 address. type: list more...
- dhcp6_server_ip (Alias name: dhcp6-server-ip) Dhcpv6 server ipv6 address. type: list more...
- discovered_device_timeout (Alias name: discovered-device-timeout) Timeout for discovered devices (1 - 365 days, default = 28). type: int more...
- dp_load_distribution_method (Alias name: dp-load-distribution-method) Per vdom dp load distribution method. type: str choices: [src-ip, dst-ip, src-dst-ip, src-ip-sport, dst-ip-dport, src-dst-ip-sport-dport, to-master, derived, to-primary] more...
- dyn_addr_session_check (Alias name: dyn-addr-session-check) Enable/disable dirty session check caused by dynamic address updates. type: str choices: [disable, enable] more...
- ecmp_max_paths (Alias name: ecmp-max-paths) Maximum number of equal cost multi-path (ecmp) next-hops. type: int more...
- email_portal_check_dns (Alias name: email-portal-check-dns) Enable/disable using dns to validate email addresses collected by a captive portal. type: str choices: [disable, enable] more...
- ext_resource_session_check (Alias name: ext-resource-session-check) Enable/disable dirty session check caused by external resource updates. type: str choices: [disable, enable] more...
- firewall_session_dirty (Alias name: firewall-session-dirty) Select how to manage sessions affected by firewall policy configuration changes. type: str choices: [check-all, check-new, check-policy-option] more...
- fqdn_session_check (Alias name: fqdn-session-check) Enable/disable dirty session check caused by fqdn updates. type: str choices: [disable, enable] more...
- fw_session_hairpin (Alias name: fw-session-hairpin) Enable/disable checking for a matching policy each time hairpin traffic goes through the fortigate. type: str choices: [disable, enable] more...
- gateway Transparent mode ipv4 default gateway ip address. type: str more...
- gateway6 Transparent mode ipv6 default gateway ip address. type: str more...
- gtp_asym_fgsp (Alias name: gtp-asym-fgsp) Enable/disable gtp asymmetric traffic handling on fgsp. type: str choices: [disable, enable] more...
- gtp_monitor_mode (Alias name: gtp-monitor-mode) Enable/disable gtp monitor mode (vdom level). type: str choices: [disable, enable] more...
- gui_advanced_policy (Alias name: gui-advanced-policy) Enable/disable advanced policy configuration on the gui. type: str choices: [disable, enable] more...
- gui_advanced_wireless_features (Alias name: gui-advanced-wireless-features) Enable/disable advanced wireless features in gui. type: str choices: [disable, enable] more...
- gui_allow_unnamed_policy (Alias name: gui-allow-unnamed-policy) Enable/disable the requirement for policy naming on the gui. type: str choices: [disable, enable] more...
- gui_antivirus (Alias name: gui-antivirus) Enable/disable antivirus on the gui. type: str choices: [disable, enable] more...
- gui_ap_profile (Alias name: gui-ap-profile) Enable/disable fortiap profiles on the gui. type: str choices: [disable, enable] more...
- gui_application_control (Alias name: gui-application-control) Enable/disable application control on the gui. type: str choices: [disable, enable] more...
- gui_casb (Alias name: gui-casb) Enable/disable inline-casb on the gui. type: str choices: [disable, enable] more...
- gui_default_policy_columns (Alias name: gui-default-policy-columns) Default columns to display for policy lists on gui. type: list more...
- gui_dhcp_advanced (Alias name: gui-dhcp-advanced) Enable/disable advanced dhcp options on the gui. type: str choices: [disable, enable] more...
- gui_dlp_profile (Alias name: gui-dlp-profile) Enable/disable data loss prevention on the gui. type: str choices: [disable, enable] more...
- gui_dns_database (Alias name: gui-dns-database) Enable/disable dns database settings on the gui. type: str choices: [disable, enable] more...
- gui_dnsfilter (Alias name: gui-dnsfilter) Enable/disable dns filtering on the gui. type: str choices: [disable, enable] more...
- gui_dos_policy (Alias name: gui-dos-policy) Enable/disable dos policies on the gui. type: str choices: [disable, enable] more...
- gui_dynamic_device_os_id (Alias name: gui-dynamic-device-os-id) Enable/disable create dynamic addresses to manage known devices. type: str choices: [disable, enable] more...
- gui_dynamic_routing (Alias name: gui-dynamic-routing) Enable/disable dynamic routing on the gui. type: str choices: [disable, enable] more...
- gui_email_collection (Alias name: gui-email-collection) Enable/disable email collection on the gui. type: str choices: [disable, enable] more...
- gui_enforce_change_summary (Alias name: gui-enforce-change-summary) Enforce change summaries for select tables in the gui. type: str choices: [disable, require, optional] more...
- gui_explicit_proxy (Alias name: gui-explicit-proxy) Enable/disable the explicit proxy on the gui. type: str choices: [disable, enable] more...
- gui_file_filter (Alias name: gui-file-filter) Enable/disable file-filter on the gui. type: str choices: [disable, enable] more...
- gui_fortiap_split_tunneling (Alias name: gui-fortiap-split-tunneling) Enable/disable fortiap split tunneling on the gui. type: str choices: [disable, enable] more...
- gui_fortiextender_controller (Alias name: gui-fortiextender-controller) Enable/disable fortiextender on the gui. type: str choices: [disable, enable] more...
- gui_icap (Alias name: gui-icap) Enable/disable icap on the gui. type: str choices: [disable, enable] more...
- gui_implicit_policy (Alias name: gui-implicit-policy) Enable/disable implicit firewall policies on the gui. type: str choices: [disable, enable] more...
- gui_ips (Alias name: gui-ips) Enable/disable ips on the gui. type: str choices: [disable, enable] more...
- gui_load_balance (Alias name: gui-load-balance) Enable/disable server load balancing on the gui. type: str choices: [disable, enable] more...
- gui_local_in_policy (Alias name: gui-local-in-policy) Enable/disable local-in policies on the gui. type: str choices: [disable, enable] more...
- gui_multicast_policy (Alias name: gui-multicast-policy) Enable/disable multicast firewall policies on the gui. type: str choices: [disable, enable] more...
- gui_multiple_interface_policy (Alias name: gui-multiple-interface-policy) Enable/disable adding multiple interfaces to a policy on the gui. type: str choices: [disable, enable] more...
- gui_object_colors (Alias name: gui-object-colors) Enable/disable object colors on the gui. type: str choices: [disable, enable] more...
- gui_ot (Alias name: gui-ot) Enable/disable operational technology features on the gui. type: str choices: [disable, enable] more...
- gui_policy_based_ipsec (Alias name: gui-policy-based-ipsec) Enable/disable policy-based ipsec vpn on the gui. type: str choices: [disable, enable] more...
- gui_policy_disclaimer (Alias name: gui-policy-disclaimer) Enable/disable policy disclaimer on the gui. type: str choices: [disable, enable] more...
- gui_proxy_inspection (Alias name: gui-proxy-inspection) Enable/disable the proxy features on the gui. type: str choices: [disable, enable] more...
- gui_route_tag_address_creation (Alias name: gui-route-tag-address-creation) Enable/disable route-tag addresses on the gui. type: str choices: [disable, enable] more...
- gui_security_profile_group (Alias name: gui-security-profile-group) Enable/disable security profile groups on the gui. type: str choices: [disable, enable] more...
- gui_spamfilter (Alias name: gui-spamfilter) Enable/disable antispam on the gui. type: str choices: [disable, enable] more...
- gui_sslvpn (Alias name: gui-sslvpn) Enable/disable ssl-vpn settings pages on the gui. type: str choices: [disable, enable] more...
- gui_sslvpn_personal_bookmarks (Alias name: gui-sslvpn-personal-bookmarks) Enable/disable ssl-vpn personal bookmark management on the gui. type: str choices: [disable, enable] more...
- gui_sslvpn_realms (Alias name: gui-sslvpn-realms) Enable/disable ssl-vpn realms on the gui. type: str choices: [disable, enable] more...
- gui_switch_controller (Alias name: gui-switch-controller) Enable/disable the switch controller on the gui. type: str choices: [disable, enable] more...
- gui_threat_weight (Alias name: gui-threat-weight) Enable/disable threat weight on the gui. type: str choices: [disable, enable] more...
- gui_traffic_shaping (Alias name: gui-traffic-shaping) Enable/disable traffic shaping on the gui. type: str choices: [disable, enable] more...
- gui_videofilter (Alias name: gui-videofilter) Enable/disable video filtering on the gui. type: str choices: [disable, enable] more...
- gui_virtual_patch_profile (Alias name: gui-virtual-patch-profile) Enable/disable virtual patching on the gui. type: str choices: [disable, enable] more...
- gui_voip_profile (Alias name: gui-voip-profile) Enable/disable voip profiles on the gui. type: str choices: [disable, enable] more...
- gui_vpn (Alias name: gui-vpn) Enable/disable ipsec vpn settings pages on the gui. type: str choices: [disable, enable] more...
- gui_waf_profile (Alias name: gui-waf-profile) Enable/disable web application firewall on the gui. type: str choices: [disable, enable] more...
- gui_wan_load_balancing (Alias name: gui-wan-load-balancing) Enable/disable sd-wan on the gui. type: str choices: [disable, enable] more...
- gui_wanopt_cache (Alias name: gui-wanopt-cache) Enable/disable wan optimization and web caching on the gui. type: str choices: [disable, enable] more...
- gui_webfilter (Alias name: gui-webfilter) Enable/disable web filtering on the gui. type: str choices: [disable, enable] more...
- gui_webfilter_advanced (Alias name: gui-webfilter-advanced) Enable/disable advanced web filtering on the gui. type: str choices: [disable, enable] more...
- gui_wireless_controller (Alias name: gui-wireless-controller) Enable/disable the wireless controller on the gui. type: str choices: [disable, enable] more...
- gui_ztna (Alias name: gui-ztna) Enable/disable zero trust network access features on the gui. type: str choices: [disable, enable] more...
- h323_direct_model (Alias name: h323-direct-model) Enable/disable h323 direct model. type: str choices: [disable, enable] more...
- http_external_dest (Alias name: http-external-dest) Offload http traffic to fortiweb or forticache. type: str choices: [fortiweb, forticache] more...
- hyperscale_default_policy_action (Alias name: hyperscale-default-policy-action) Hyperscale default policy action. type: str choices: [drop-on-hardware, forward-to-host] more...
- ike_dn_format (Alias name: ike-dn-format) Configure ike asn. type: str choices: [with-space, no-space] more...
- ike_policy_route (Alias name: ike-policy-route) Enable/disable ike policy based routing (pbr). type: str choices: [disable, enable] more...
- ike_port (Alias name: ike-port) Udp port for ike/ipsec traffic (default 500). type: int more...
- ike_quick_crash_detect (Alias name: ike-quick-crash-detect) Enable/disable ike quick crash detection (rfc 6290). type: str choices: [disable, enable] more...
- ike_session_resume (Alias name: ike-session-resume) Enable/disable ikev2 session resumption (rfc 5723). type: str choices: [disable, enable] more...
- ike_tcp_port (Alias name: ike-tcp-port) Tcp port for ike/ipsec traffic (default 4500). type: int more...
- internet_service_app_ctrl_size (Alias name: internet-service-app-ctrl-size) Maximum number of tuple entries (protocol, port, ip address, application id) stored by the fortigate unit (0 - 4294967295, default = 32768). type: int more...
- internet_service_database_cache (Alias name: internet-service-database-cache) Enable/disable internet service database caching. type: str choices: [disable, enable] more...
- ip Ip address and netmask. type: list more...
- ip6 Ipv6 address prefix for nat mode. type: str more...
- lan_extension_controller_addr (Alias name: lan-extension-controller-addr) Controller ip address or fqdn to connect. type: str more...
- link_down_access (Alias name: link-down-access) Enable/disable link down access traffic. type: str choices: [disable, enable] more...
- lldp_reception (Alias name: lldp-reception) Enable/disable link layer discovery protocol (lldp) reception for this vdom or apply global settings to this vdom. type: str choices: [disable, enable, global] more...
- lldp_transmission (Alias name: lldp-transmission) Enable/disable link layer discovery protocol (lldp) transmission for this vdom or apply global settings to this vdom. type: str choices: [enable, disable, global] more...
- location_id (Alias name: location-id) Local location id in the form of an ipv4 address. type: str more...
- mac_ttl (Alias name: mac-ttl) Duration of mac addresses in transparent mode (300 - 8640000 sec, default = 300). type: int more...
- manageip Transparent mode ipv4 management ip address and netmask. type: list more...
- manageip6 Transparent mode ipv6 management ip address and netmask. type: str more...
- multicast_forward (Alias name: multicast-forward) Enable/disable multicast forwarding. type: str choices: [disable, enable] more...
- multicast_skip_policy (Alias name: multicast-skip-policy) Enable/disable allowing multicast traffic through the fortigate without a policy check. type: str choices: [disable, enable] more...
- multicast_ttl_notchange (Alias name: multicast-ttl-notchange) Enable/disable preventing the fortigate from changing the ttl for forwarded multicast packets. type: str choices: [disable, enable] more...
- nat46_force_ipv4_packet_forwarding (Alias name: nat46-force-ipv4-packet-forwarding) Enable/disable mandatory ipv4 packet forwarding in nat46. type: str choices: [disable, enable] more...
- nat46_generate_ipv6_fragment_header (Alias name: nat46-generate-ipv6-fragment-header) Enable/disable nat46 ipv6 fragment header generation. type: str choices: [disable, enable] more...
- nat64_force_ipv6_packet_forwarding (Alias name: nat64-force-ipv6-packet-forwarding) Enable/disable mandatory ipv6 packet forwarding in nat64. type: str choices: [disable, enable] more...
- ngfw_mode (Alias name: ngfw-mode) Next generation firewall (ngfw) mode. type: str choices: [profile-based, policy-based] more...
- npu_group_id (Alias name: npu-group-id) Npu-group-index. type: int more...
- opmode Firewall operation mode (nat or transparent). type: str choices: [nat, transparent] more...
- pfcp_monitor_mode (Alias name: pfcp-monitor-mode) Enable/disable pfcp monitor mode (vdom level). type: str choices: [disable, enable] more...
- policy_offload_level (Alias name: policy-offload-level) Configure firewall policy offload level. type: str choices: [disable, default, dos-offload, full-offload] more...
- prp_trailer_action (Alias name: prp-trailer-action) Enable/disable action to take on prp trailer. type: str choices: [disable, enable] more...
- sccp_port (Alias name: sccp-port) Tcp port the sccp proxy monitors for sccp traffic (0 - 65535, default = 2000). type: int more...
- sctp_session_without_init (Alias name: sctp-session-without-init) Enable/disable sctp session creation without sctp init. type: str choices: [disable, enable] more...
- ses_denied_traffic (Alias name: ses-denied-traffic) Enable/disable including denied session in the session table. type: str choices: [disable, enable] more...
- session_insert_trial (Alias name: session-insert-trial) Trial session insert. type: str choices: [disable, enable] more...
- sip_expectation (Alias name: sip-expectation) Enable/disable the sip kernel session helper to create an expectation for port 5060. type: str choices: [disable, enable] more...
- sip_nat_trace (Alias name: sip-nat-trace) Enable/disable recording the original sip source ip address when nat is used. type: str choices: [disable, enable] more...
- sip_ssl_port (Alias name: sip-ssl-port) Tcp port the sip proxy monitors for sip ssl/tls traffic (0 - 65535, default = 5061). type: int more...
- sip_tcp_port (Alias name: sip-tcp-port) Tcp port the sip proxy monitors for sip traffic (0 - 65535, default = 5060). type: list more...
- sip_udp_port (Alias name: sip-udp-port) Udp port the sip proxy monitors for sip traffic (0 - 65535, default = 5060). type: list more...
- snat_hairpin_traffic (Alias name: snat-hairpin-traffic) Enable/disable source nat (snat) for hairpin traffic. type: str choices: [disable, enable] more...
- status Enable/disable this vdom. type: str choices: [disable, enable] more...
- strict_src_check (Alias name: strict-src-check) Enable/disable strict source verification. type: str choices: [disable, enable] more...
- tcp_session_without_syn (Alias name: tcp-session-without-syn) Enable/disable allowing tcp session without syn flags. type: str choices: [disable, enable] more...
- trap_local_session (Alias name: trap-local-session) Enable/disable local-in traffic session traps. type: str choices: [disable, enable] more...
- trap_session_flag (Alias name: trap-session-flag) Trap session operation flags. type: str choices: [udp-both, udp-reply, tcpudp-both, tcpudp-reply, trap-none] more...
- utf8_spam_tagging (Alias name: utf8-spam-tagging) Enable/disable converting antispam tags to utf-8 for better non-ascii character support. type: str choices: [disable, enable] more...
- v4_ecmp_mode (Alias name: v4-ecmp-mode) Ipv4 equal-cost multi-path (ecmp) routing and load balancing mode. type: str choices: [source-ip-based, weight-based, usage-based, source-dest-ip-based] more...
- vdom_type (Alias name: vdom-type) Vdom type (traffic, lan-extension or admin). type: str choices: [traffic, admin, lan-extension] more...
- vpn_stats_log (Alias name: vpn-stats-log) Enable/disable periodic vpn log statistics for one or more types of vpn. type: list choices: [ipsec, pptp, l2tp, ssl] more...
- vpn_stats_period (Alias name: vpn-stats-period) Period to send vpn log statistics (0 or 60 - 86400 sec). type: int more...
- wccp_cache_engine (Alias name: wccp-cache-engine) Enable/disable wccp cache engine. type: str choices: [disable, enable] more...
- gui_endpoint_control_advanced (Alias name: gui-endpoint-control-advanced) Enable/disable advanced endpoint control options on the gui. type: str choices: [disable, enable] more...
- gui_endpoint_control (Alias name: gui-endpoint-control) Enable/disable endpoint control on the gui. type: str choices: [disable, enable] more...
- gui_local_reports (Alias name: gui-local-reports) Enable/disable local reports on the gui. type: str choices: [disable, enable] more...
- gui_nat46_64 (Alias name: gui-nat46-64) Enable/disable nat46 and nat64 settings on the gui. type: str choices: [disable, enable] more...
- gui_dynamic_profile_display (Alias name: gui-dynamic-profile-display) Enable/disable radius single sign on (rsso) on the gui. type: str choices: [disable, enable] more...
- gui_replacement_message_groups (Alias name: gui-replacement-message-groups) Enable/disable replacement message groups on the gui. type: str choices: [disable, enable] more...
- gui_domain_ip_reputation (Alias name: gui-domain-ip-reputation) Enable/disable domain and ip reputation on the gui. type: str choices: [disable, enable] more...
- gui_multiple_utm_profiles (Alias name: gui-multiple-utm-profiles) Enable/disable multiple utm profiles on the gui. type: str choices: [disable, enable] more...
- implicit_allow_dns (Alias name: implicit-allow-dns) Enable/disable implicitly allowing dns traffic. type: str choices: [disable, enable] more...
- gui_per_policy_disclaimer (Alias name: gui-per-policy-disclaimer) Enable/disable policy disclaimer on the gui. type: str choices: [disable, enable] more...
- consolidated_firewall_mode (Alias name: consolidated-firewall-mode) Consolidated firewall mode. type: str choices: [disable, enable] more...
- motherboard_traffic_forwarding (Alias name: motherboard-traffic-forwarding) Motherboard traffic forwarding. type: list choices: [icmp, admin, auth] more...
- gui_gtp (Alias name: gui-gtp) Enable/disable manage general radio packet service (gprs) protocols on the gui. type: str choices: [disable, enable] more...
- nonat_eif_key_sel (Alias name: nonat-eif-key-sel) Nonat eif tuple key selection. type: str choices: [dip-only, dip-dport, dip-dport-proto] more...
- ses_denied_multicast_traffic (Alias name: ses-denied-multicast-traffic) Enable/disable including denied multicast session in the session table. type: str choices: [disable, enable] more...
- dhcp_proxy_vrf_select (Alias name: dhcp-proxy-vrf-select) Vrf id used for connection to server. type: int more...
- dp_load_distribution_group (Alias name: dp-load-distribution-group) Per vdom dp load distribution group. type: list more...
- gui_dlp_advanced (Alias name: gui-dlp-advanced) Enable/disable show advanced dlp expressions on the gui. type: str choices: [disable, enable] more...
- gui_sslvpn_clients (Alias name: gui-sslvpn-clients) Enable/disable ssl-vpn clients on the gui. type: str choices: [disable, enable] more...
- intree_ses_best_route (Alias name: intree-ses-best-route) Force the intree session to always use the best route. type: str choices: [force, disable] more...
- gui_fortitelemetry (Alias name: gui-fortitelemetry) Enable/disable fortitelemetry on the gui. type: str choices: [disable, enable] more...
- ike_detailed_event_logs (Alias name: ike-detailed-event-logs) Enable/disable detail log for ike events. type: str choices: [disable, enable] more...
- forward_domain (Alias name: forward-domain) Forward domain. type: str choices: [disable, enable] more...
- wccp_local_route (Alias name: wccp-local-route) Wccp local route. type: str choices: [disable, enable] more...
- gui_dlp (Alias name: gui-dlp) Enable/disable dlp on the gui. type: str choices: [disable, enable] more...
- lan_extension_controller_port (Alias name: lan-extension-controller-port) Controller port to connect. type: int more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
gather_facts: false
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure VDOM settings.
fortinet.fmgdevice.fmgd_system_settings:
# bypass_validation: false
# workspace_locking_adom: <global or your adom name>
# workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
device: <your own value>
vdom: <your own value>
system_settings:
# allow_linkdown_path: <value in [disable, enable]>
# allow_subnet_overlap: <value in [disable, enable]>
# application_bandwidth_tracking: <value in [disable, enable]>
# asymroute: <value in [disable, enable]>
# asymroute_icmp: <value in [disable, enable]>
# asymroute6: <value in [disable, enable]>
# asymroute6_icmp: <value in [disable, enable]>
# auxiliary_session: <value in [disable, enable]>
# bfd: <value in [disable, enable]>
# bfd_desired_min_tx: <integer>
# bfd_detect_mult: <integer>
# bfd_dont_enforce_src_port: <value in [disable, enable]>
# bfd_required_min_rx: <integer>
# block_land_attack: <value in [disable, enable]>
# central_nat: <value in [disable, enable]>
# comments: <string>
# default_app_port_as_service: <value in [disable, enable]>
# default_policy_expiry_days: <integer>
# default_voip_alg_mode: <value in [proxy-based, kernel-helper-based]>
# deny_tcp_with_icmp: <value in [disable, enable]>
# detect_unknown_esp: <value in [disable, enable]>
# device: <list or string>
# dhcp_proxy: <value in [disable, enable]>
# dhcp_proxy_interface: <list or string>
# dhcp_proxy_interface_select_method: <value in [auto, sdwan, specify]>
# dhcp_server_ip: <list or string>
# dhcp6_server_ip: <list or string>
# discovered_device_timeout: <integer>
# dp_load_distribution_method: <value in [src-ip, dst-ip, src-dst-ip, ...]>
# dyn_addr_session_check: <value in [disable, enable]>
# ecmp_max_paths: <integer>
# email_portal_check_dns: <value in [disable, enable]>
# ext_resource_session_check: <value in [disable, enable]>
# firewall_session_dirty: <value in [check-all, check-new, check-policy-option]>
# fqdn_session_check: <value in [disable, enable]>
# fw_session_hairpin: <value in [disable, enable]>
# gateway: <string>
# gateway6: <string>
# gtp_asym_fgsp: <value in [disable, enable]>
# gtp_monitor_mode: <value in [disable, enable]>
# gui_advanced_policy: <value in [disable, enable]>
# gui_advanced_wireless_features: <value in [disable, enable]>
# gui_allow_unnamed_policy: <value in [disable, enable]>
# gui_antivirus: <value in [disable, enable]>
# gui_ap_profile: <value in [disable, enable]>
# gui_application_control: <value in [disable, enable]>
# gui_casb: <value in [disable, enable]>
# gui_default_policy_columns: <list or string>
# gui_dhcp_advanced: <value in [disable, enable]>
# gui_dlp_profile: <value in [disable, enable]>
# gui_dns_database: <value in [disable, enable]>
# gui_dnsfilter: <value in [disable, enable]>
# gui_dos_policy: <value in [disable, enable]>
# gui_dynamic_device_os_id: <value in [disable, enable]>
# gui_dynamic_routing: <value in [disable, enable]>
# gui_email_collection: <value in [disable, enable]>
# gui_enforce_change_summary: <value in [disable, require, optional]>
# gui_explicit_proxy: <value in [disable, enable]>
# gui_file_filter: <value in [disable, enable]>
# gui_fortiap_split_tunneling: <value in [disable, enable]>
# gui_fortiextender_controller: <value in [disable, enable]>
# gui_icap: <value in [disable, enable]>
# gui_implicit_policy: <value in [disable, enable]>
# gui_ips: <value in [disable, enable]>
# gui_load_balance: <value in [disable, enable]>
# gui_local_in_policy: <value in [disable, enable]>
# gui_multicast_policy: <value in [disable, enable]>
# gui_multiple_interface_policy: <value in [disable, enable]>
# gui_object_colors: <value in [disable, enable]>
# gui_ot: <value in [disable, enable]>
# gui_policy_based_ipsec: <value in [disable, enable]>
# gui_policy_disclaimer: <value in [disable, enable]>
# gui_proxy_inspection: <value in [disable, enable]>
# gui_route_tag_address_creation: <value in [disable, enable]>
# gui_security_profile_group: <value in [disable, enable]>
# gui_spamfilter: <value in [disable, enable]>
# gui_sslvpn: <value in [disable, enable]>
# gui_sslvpn_personal_bookmarks: <value in [disable, enable]>
# gui_sslvpn_realms: <value in [disable, enable]>
# gui_switch_controller: <value in [disable, enable]>
# gui_threat_weight: <value in [disable, enable]>
# gui_traffic_shaping: <value in [disable, enable]>
# gui_videofilter: <value in [disable, enable]>
# gui_virtual_patch_profile: <value in [disable, enable]>
# gui_voip_profile: <value in [disable, enable]>
# gui_vpn: <value in [disable, enable]>
# gui_waf_profile: <value in [disable, enable]>
# gui_wan_load_balancing: <value in [disable, enable]>
# gui_wanopt_cache: <value in [disable, enable]>
# gui_webfilter: <value in [disable, enable]>
# gui_webfilter_advanced: <value in [disable, enable]>
# gui_wireless_controller: <value in [disable, enable]>
# gui_ztna: <value in [disable, enable]>
# h323_direct_model: <value in [disable, enable]>
# http_external_dest: <value in [fortiweb, forticache]>
# hyperscale_default_policy_action: <value in [drop-on-hardware, forward-to-host]>
# ike_dn_format: <value in [with-space, no-space]>
# ike_policy_route: <value in [disable, enable]>
# ike_port: <integer>
# ike_quick_crash_detect: <value in [disable, enable]>
# ike_session_resume: <value in [disable, enable]>
# ike_tcp_port: <integer>
# internet_service_app_ctrl_size: <integer>
# internet_service_database_cache: <value in [disable, enable]>
# ip: <list or string>
# ip6: <string>
# lan_extension_controller_addr: <string>
# link_down_access: <value in [disable, enable]>
# lldp_reception: <value in [disable, enable, global]>
# lldp_transmission: <value in [enable, disable, global]>
# location_id: <string>
# mac_ttl: <integer>
# manageip: <list or string>
# manageip6: <string>
# multicast_forward: <value in [disable, enable]>
# multicast_skip_policy: <value in [disable, enable]>
# multicast_ttl_notchange: <value in [disable, enable]>
# nat46_force_ipv4_packet_forwarding: <value in [disable, enable]>
# nat46_generate_ipv6_fragment_header: <value in [disable, enable]>
# nat64_force_ipv6_packet_forwarding: <value in [disable, enable]>
# ngfw_mode: <value in [profile-based, policy-based]>
# npu_group_id: <integer>
# opmode: <value in [nat, transparent]>
# pfcp_monitor_mode: <value in [disable, enable]>
# policy_offload_level: <value in [disable, default, dos-offload, ...]>
# prp_trailer_action: <value in [disable, enable]>
# sccp_port: <integer>
# sctp_session_without_init: <value in [disable, enable]>
# ses_denied_traffic: <value in [disable, enable]>
# session_insert_trial: <value in [disable, enable]>
# sip_expectation: <value in [disable, enable]>
# sip_nat_trace: <value in [disable, enable]>
# sip_ssl_port: <integer>
# sip_tcp_port: <list or integer>
# sip_udp_port: <list or integer>
# snat_hairpin_traffic: <value in [disable, enable]>
# status: <value in [disable, enable]>
# strict_src_check: <value in [disable, enable]>
# tcp_session_without_syn: <value in [disable, enable]>
# trap_local_session: <value in [disable, enable]>
# trap_session_flag: <value in [udp-both, udp-reply, tcpudp-both, ...]>
# utf8_spam_tagging: <value in [disable, enable]>
# v4_ecmp_mode: <value in [source-ip-based, weight-based, usage-based, ...]>
# vdom_type: <value in [traffic, admin, lan-extension]>
# vpn_stats_log:
# - "ipsec"
# - "pptp"
# - "l2tp"
# - "ssl"
# vpn_stats_period: <integer>
# wccp_cache_engine: <value in [disable, enable]>
# gui_endpoint_control_advanced: <value in [disable, enable]>
# gui_endpoint_control: <value in [disable, enable]>
# gui_local_reports: <value in [disable, enable]>
# gui_nat46_64: <value in [disable, enable]>
# gui_dynamic_profile_display: <value in [disable, enable]>
# gui_replacement_message_groups: <value in [disable, enable]>
# gui_domain_ip_reputation: <value in [disable, enable]>
# gui_multiple_utm_profiles: <value in [disable, enable]>
# implicit_allow_dns: <value in [disable, enable]>
# gui_per_policy_disclaimer: <value in [disable, enable]>
# consolidated_firewall_mode: <value in [disable, enable]>
# motherboard_traffic_forwarding:
# - "icmp"
# - "admin"
# - "auth"
# gui_gtp: <value in [disable, enable]>
# nonat_eif_key_sel: <value in [dip-only, dip-dport, dip-dport-proto]>
# ses_denied_multicast_traffic: <value in [disable, enable]>
# dhcp_proxy_vrf_select: <integer>
# dp_load_distribution_group: <list or string>
# gui_dlp_advanced: <value in [disable, enable]>
# gui_sslvpn_clients: <value in [disable, enable]>
# intree_ses_best_route: <value in [force, disable]>
# gui_fortitelemetry: <value in [disable, enable]>
# ike_detailed_event_logs: <value in [disable, enable]>
# forward_domain: <value in [disable, enable]>
# wccp_local_route: <value in [disable, enable]>
# gui_dlp: <value in [disable, enable]>
# lan_extension_controller_port: <integer>
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.