fmgd_wireless_vap – Configure Virtual Access Points (VAPs).

Added in version 1.0.0.

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • Tested with FortiManager v7.x.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible-core>=2.16.0

FortiManager Version Compatibility

Supported Version Ranges: v7.2.6 -> v7.2.12, v7.4.3 -> latest

Parameters

  • access_token -The token to access FortiManager without using username and password. type: str required: false
  • bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
  • proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
  • state - The directive to create, update or delete an object type: str required: true choices: present, absent
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
  • device - The parameter in requested url type: str required: true
  • vdom - The parameter in requested url type: str required: true
  • wireless_vap - Configure Virtual Access Points type: dict
    • d80211k (Alias name: 80211k) Enable/disable 802. type: str choices: [disable, enable] more...
    • d80211v (Alias name: 80211v) Enable/disable 802. type: str choices: [disable, enable] more...
    • _centmgmt Centmgmt. type: str choices: [disable, enable] default: enable more...
    • _dhcp_svr_id Dhcp svr id. type: list more...
    • _intf_allowaccess Intf allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
    • _intf_device_access_list (Alias name: _intf_device-access-list) Intf device access list. type: list more...
    • _intf_device_identification (Alias name: _intf_device-identification) Intf device identification. type: str choices: [disable, enable] default: disable more...
    • _intf_device_netscan (Alias name: _intf_device-netscan) Intf device netscan. type: str choices: [disable, enable] default: disable more...
    • _intf_dhcp_relay_ip (Alias name: _intf_dhcp-relay-ip) Intf dhcp relay ip. type: list more...
    • _intf_dhcp_relay_service (Alias name: _intf_dhcp-relay-service) Intf dhcp relay service. type: str choices: [disable, enable] default: disable more...
    • _intf_dhcp_relay_type (Alias name: _intf_dhcp-relay-type) Intf dhcp relay type. type: str choices: [regular, ipsec] default: regular more...
    • _intf_dhcp6_relay_ip (Alias name: _intf_dhcp6-relay-ip) Intf dhcp6 relay ip. type: list more...
    • _intf_dhcp6_relay_service (Alias name: _intf_dhcp6-relay-service) Intf dhcp6 relay service. type: str choices: [disable, enable] default: disable more...
    • _intf_dhcp6_relay_type (Alias name: _intf_dhcp6-relay-type) Intf dhcp6 relay type. type: str choices: [regular] default: regular more...
    • _intf_ip Support meta variable type: list more...
    • _intf_ip6_address (Alias name: _intf_ip6-address) Support meta variable type: str more...
    • _intf_ip6_allowaccess (Alias name: _intf_ip6-allowaccess) Intf ip6 allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
    • _intf_listen_forticlient_connection (Alias name: _intf_listen-forticlient-connection) Intf listen forticlient connection. type: str choices: [disable, enable] default: disable more...
    • _is_factory_setting Is factory setting. type: str choices: [disable, enable, ext] default: disable more...
    • access_control_list (Alias name: access-control-list) Profile name for access-control-list. type: list more...
    • additional_akms (Alias name: additional-akms) Additional akms. type: list choices: [akm6, akm24] more...
    • address_group (Alias name: address-group) Firewall address group name. type: list more...
    • address_group_policy (Alias name: address-group-policy) Configure mac address filtering policy for mac addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
    • akm24_only (Alias name: akm24-only) Wpa3 sae using group-dependent hash only (default = disable). type: str choices: [disable, enable] more...
    • alias Alias. type: str more...
    • antivirus_profile (Alias name: antivirus-profile) Antivirus profile name. type: list more...
    • application_detection_engine (Alias name: application-detection-engine) Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
    • application_dscp_marking (Alias name: application-dscp-marking) Enable/disable application attribute based dscp marking (default = disable). type: str choices: [disable, enable] more...
    • application_list (Alias name: application-list) Application control list name. type: list more...
    • application_report_intv (Alias name: application-report-intv) Application report interval (30 - 864000 sec, default = 120). type: int more...
    • atf_weight (Alias name: atf-weight) Airtime weight in percentage (default = 20). type: int more...
    • auth Authentication protocol. type: str choices: [radius, usergroup, psk] more...
    • auth_cert (Alias name: auth-cert) Https server certificate. type: list more...
    • auth_portal_addr (Alias name: auth-portal-addr) Address of captive portal. type: str more...
    • beacon_advertising (Alias name: beacon-advertising) Fortinet beacon advertising ie data (default = empty). type: list choices: [name, model, serial-number] more...
    • beacon_protection (Alias name: beacon-protection) Enable/disable beacon protection support (default = disable). type: str choices: [disable, enable] more...
    • broadcast_ssid (Alias name: broadcast-ssid) Enable/disable broadcasting the ssid (default = enable). type: str choices: [disable, enable] more...
    • broadcast_suppression (Alias name: broadcast-suppression) Optional suppression of broadcast messages. type: list choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
    • bss_color_partial (Alias name: bss-color-partial) Enable/disable 802. type: str choices: [disable, enable] more...
    • bstm_disassociation_imminent (Alias name: bstm-disassociation-imminent) Enable/disable forcing of disassociation after the bstm request timer has been reached (default = enable). type: str choices: [disable, enable] more...
    • bstm_load_balancing_disassoc_timer (Alias name: bstm-load-balancing-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to ap load-balancing (0 to 30, default = 10). type: int more...
    • bstm_rssi_disassoc_timer (Alias name: bstm-rssi-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to low rssi (0 to 2000, default = 200). type: int more...
    • captive_portal (Alias name: captive-portal) Enable/disable captive portal. type: str choices: [disable, enable] more...
    • captive_portal_ac_name (Alias name: captive-portal-ac-name) Local-bridging captive portal ac-name. type: str more...
    • captive_portal_auth_timeout (Alias name: captive-portal-auth-timeout) Hard timeout - ap will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0). type: int more...
    • captive_portal_fw_accounting (Alias name: captive-portal-fw-accounting) Enable/disable radius accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
    • dhcp_address_enforcement (Alias name: dhcp-address-enforcement) Enable/disable dhcp address enforcement (default = disable). type: str choices: [disable, enable] more...
    • dhcp_lease_time (Alias name: dhcp-lease-time) Dhcp lease time in seconds for nat ip address. type: int more...
    • dhcp_option43_insertion (Alias name: dhcp-option43-insertion) Enable/disable insertion of dhcp option 43 (default = enable). type: str choices: [disable, enable] more...
    • dhcp_option82_circuit_id_insertion (Alias name: dhcp-option82-circuit-id-insertion) Enable/disable dhcp option 82 circuit-id insert (default = disable). type: str choices: [disable, style-1, style-2, style-3] more...
    • dhcp_option82_insertion (Alias name: dhcp-option82-insertion) Enable/disable dhcp option 82 insert (default = disable). type: str choices: [disable, enable] more...
    • dhcp_option82_remote_id_insertion (Alias name: dhcp-option82-remote-id-insertion) Enable/disable dhcp option 82 remote-id insert (default = disable). type: str choices: [disable, style-1] more...
    • dynamic_vlan (Alias name: dynamic-vlan) Enable/disable dynamic vlan assignment. type: str choices: [disable, enable] more...
    • dynamic_mapping Dynamic mapping. type: list more...
      • d80211k (Alias name: 80211k) Enable/disable 802. type: str choices: [disable, enable] more...
      • d80211v (Alias name: 80211v) Enable/disable 802. type: str choices: [disable, enable] more...
      • _centmgmt Centmgmt. type: str choices: [disable, enable] default: enable more...
      • _dhcp_svr_id Dhcp svr id. type: list more...
      • _intf_allowaccess Intf allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, capwap, dnp, ftm, fabric, speed-test] more...
      • _intf_device_access_list (Alias name: _intf_device-access-list) Intf device access list. type: list more...
      • _intf_device_identification (Alias name: _intf_device-identification) Intf device identification. type: str choices: [disable, enable] default: disable more...
      • _intf_device_netscan (Alias name: _intf_device-netscan) Intf device netscan. type: str choices: [disable, enable] default: disable more...
      • _intf_dhcp_relay_ip (Alias name: _intf_dhcp-relay-ip) Intf dhcp relay ip. type: list more...
      • _intf_dhcp_relay_service (Alias name: _intf_dhcp-relay-service) Intf dhcp relay service. type: str choices: [disable, enable] default: disable more...
      • _intf_dhcp_relay_type (Alias name: _intf_dhcp-relay-type) Intf dhcp relay type. type: str choices: [regular, ipsec] default: regular more...
      • _intf_dhcp6_relay_ip (Alias name: _intf_dhcp6-relay-ip) Intf dhcp6 relay ip. type: list more...
      • _intf_dhcp6_relay_service (Alias name: _intf_dhcp6-relay-service) Intf dhcp6 relay service. type: str choices: [disable, enable] default: disable more...
      • _intf_dhcp6_relay_type (Alias name: _intf_dhcp6-relay-type) Intf dhcp6 relay type. type: str choices: [regular] default: regular more...
      • _intf_ip Support meta variable type: list more...
      • _intf_ip6_address (Alias name: _intf_ip6-address) Support meta variable type: str more...
      • _intf_ip6_allowaccess (Alias name: _intf_ip6-allowaccess) Intf ip6 allowaccess. type: list choices: [https, ping, ssh, snmp, http, telnet, any, fgfm, capwap] more...
      • _intf_listen_forticlient_connection (Alias name: _intf_listen-forticlient-connection) Intf listen forticlient connection. type: str choices: [disable, enable] default: disable more...
      • _is_factory_setting Is factory setting. type: str choices: [disable, enable, ext] default: disable more...
      • _scope Scope. type: list more...
        • name Name. type: str more...
        • vdom Vdom. type: str more...
      • access_control_list (Alias name: access-control-list) Profile name for access-control-list. type: list more...
      • acct_interim_interval (Alias name: acct-interim-interval) Wifi radius accounting interim interval (60 - 86400 sec, default = 0). type: int more...
      • additional_akms (Alias name: additional-akms) Additional akms. type: list choices: [akm6, akm24] more...
      • address_group (Alias name: address-group) Firewall address group name. type: list more...
      • address_group_policy (Alias name: address-group-policy) Configure mac address filtering policy for mac addresses that are in the address-group. type: str choices: [disable, allow, deny] more...
      • akm24_only (Alias name: akm24-only) Wpa3 sae using group-dependent hash only (default = disable). type: str choices: [disable, enable] more...
      • alias Alias. type: str more...
      • antivirus_profile (Alias name: antivirus-profile) Antivirus profile name. type: list more...
      • application_detection_engine (Alias name: application-detection-engine) Enable/disable application detection engine (default = disable). type: str choices: [disable, enable] more...
      • application_dscp_marking (Alias name: application-dscp-marking) Enable/disable application attribute based dscp marking (default = disable). type: str choices: [disable, enable] more...
      • application_list (Alias name: application-list) Application control list name. type: list more...
      • application_report_intv (Alias name: application-report-intv) Application report interval (30 - 864000 sec, default = 120). type: int more...
      • atf_weight (Alias name: atf-weight) Airtime weight in percentage (default = 20). type: int more...
      • auth Authentication protocol. type: str choices: [radius, usergroup, psk] more...
      • auth_cert (Alias name: auth-cert) Https server certificate. type: list more...
      • auth_portal_addr (Alias name: auth-portal-addr) Address of captive portal. type: str more...
      • beacon_advertising (Alias name: beacon-advertising) Fortinet beacon advertising ie data (default = empty). type: list choices: [name, model, serial-number] more...
      • beacon_protection (Alias name: beacon-protection) Enable/disable beacon protection support (default = disable). type: str choices: [disable, enable] more...
      • broadcast_ssid (Alias name: broadcast-ssid) Enable/disable broadcasting the ssid (default = enable). type: str choices: [disable, enable] more...
      • broadcast_suppression (Alias name: broadcast-suppression) Optional suppression of broadcast messages. type: list choices: [dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast] more...
      • bss_color_partial (Alias name: bss-color-partial) Enable/disable 802. type: str choices: [disable, enable] more...
      • bstm_disassociation_imminent (Alias name: bstm-disassociation-imminent) Enable/disable forcing of disassociation after the bstm request timer has been reached (default = enable). type: str choices: [disable, enable] more...
      • bstm_load_balancing_disassoc_timer (Alias name: bstm-load-balancing-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to ap load-balancing (0 to 30, default = 10). type: int more...
      • bstm_rssi_disassoc_timer (Alias name: bstm-rssi-disassoc-timer) Time interval for client to voluntarily leave ap before forcing a disassociation due to low rssi (0 to 2000, default = 200). type: int more...
      • captive_portal (Alias name: captive-portal) Enable/disable captive portal. type: str choices: [disable, enable] more...
      • captive_portal_ac_name (Alias name: captive-portal-ac-name) Local-bridging captive portal ac-name. type: str more...
      • captive_portal_auth_timeout (Alias name: captive-portal-auth-timeout) Hard timeout - ap will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0). type: int more...
      • captive_portal_fw_accounting (Alias name: captive-portal-fw-accounting) Enable/disable radius accounting for captive portal firewall authentication session. type: str choices: [disable, enable] more...
      • captive_portal_macauth_radius_secret (Alias name: captive-portal-macauth-radius-secret) Secret key to access the macauth radius server. type: list more...
      • captive_portal_macauth_radius_server (Alias name: captive-portal-macauth-radius-server) Captive portal external radius server domain name or ip address. type: str more...
      • captive_portal_radius_secret (Alias name: captive-portal-radius-secret) Secret key to access the radius server. type: list more...
      • captive_portal_radius_server (Alias name: captive-portal-radius-server) Captive portal radius server domain name or ip address. type: str more...
      • captive_portal_session_timeout_interval (Alias name: captive-portal-session-timeout-interval) Session timeout interval (0 - 864000 sec, default = 0). type: int more...
      • client_count (Alias name: client-count) Client count. type: int more...
      • dhcp_address_enforcement (Alias name: dhcp-address-enforcement) Enable/disable dhcp address enforcement (default = disable). type: str choices: [disable, enable] more...
      • dhcp_lease_time (Alias name: dhcp-lease-time) Dhcp lease time in seconds for nat ip address. type: int more...
      • dhcp_option43_insertion (Alias name: dhcp-option43-insertion) Enable/disable insertion of dhcp option 43 (default = enable). type: str choices: [disable, enable] more...
      • dhcp_option82_circuit_id_insertion (Alias name: dhcp-option82-circuit-id-insertion) Enable/disable dhcp option 82 circuit-id insert (default = disable). type: str choices: [disable, style-1, style-2, style-3] more...
      • dhcp_option82_insertion (Alias name: dhcp-option82-insertion) Enable/disable dhcp option 82 insert (default = disable). type: str choices: [disable, enable] more...
      • dhcp_option82_remote_id_insertion (Alias name: dhcp-option82-remote-id-insertion) Enable/disable dhcp option 82 remote-id insert (default = disable). type: str choices: [disable, style-1] more...
      • dynamic_vlan (Alias name: dynamic-vlan) Enable/disable dynamic vlan assignment. type: str choices: [disable, enable] more...
      • eap_reauth (Alias name: eap-reauth) Enable/disable eap re-authentication for wpa-enterprise security. type: str choices: [disable, enable] more...
      • eap_reauth_intv (Alias name: eap-reauth-intv) Eap re-authentication interval (1800 - 864000 sec, default = 86400). type: int more...
      • eapol_key_retries (Alias name: eapol-key-retries) Enable/disable retransmission of eapol-key frames (message 3/4 and group message 1/2) (default = enable). type: str choices: [disable, enable] more...
      • encrypt Encryption protocol to use (only available when security is set to a wpa type). type: str choices: [TKIP, AES, TKIP-AES] more...
      • external_fast_roaming (Alias name: external-fast-roaming) Enable/disable fast roaming or pre-authentication with external aps not managed by the fortigate (default = disable). type: str choices: [disable, enable] more...
      • external_logout (Alias name: external-logout) Url of external authentication logout server. type: str more...
      • external_web (Alias name: external-web) Url of external authentication web server. type: str more...
      • external_web_format (Alias name: external-web-format) Url query parameter detection (default = auto-detect). type: str choices: [auto-detect, no-query-string, partial-query-string] more...
      • fast_bss_transition (Alias name: fast-bss-transition) Enable/disable 802. type: str choices: [disable, enable] more...
      • fast_roaming (Alias name: fast-roaming) Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). type: str choices: [disable, enable] more...
      • ft_mobility_domain (Alias name: ft-mobility-domain) Mobility domain identifier in ft (1 - 65535, default = 1000). type: int more...
      • ft_over_ds (Alias name: ft-over-ds) Enable/disable ft over the distribution system (ds). type: str choices: [disable, enable] more...
      • ft_r0_key_lifetime (Alias name: ft-r0-key-lifetime) Lifetime of the pmk-r0 key in ft, 1-65535 minutes. type: int more...
      • gas_comeback_delay (Alias name: gas-comeback-delay) Gas comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
      • gas_fragmentation_limit (Alias name: gas-fragmentation-limit) Gas fragmentation limit (512 - 4096, default = 1024). type: int more...
      • gtk_rekey (Alias name: gtk-rekey) Enable/disable gtk rekey for wpa security. type: str choices: [disable, enable] more...
      • gtk_rekey_intv (Alias name: gtk-rekey-intv) Gtk rekey interval (600 - 864000 sec, default = 86400). type: int more...
      • high_efficiency (Alias name: high-efficiency) Enable/disable 802. type: str choices: [disable, enable] more...
      • hotspot20_profile (Alias name: hotspot20-profile) Hotspot 2. type: list more...
      • igmp_snooping (Alias name: igmp-snooping) Enable/disable igmp snooping. type: str choices: [disable, enable] more...
      • intra_vap_privacy (Alias name: intra-vap-privacy) Enable/disable blocking communication between clients on the same ssid (called intra-ssid privacy) (default = disable). type: str choices: [disable, enable] more...
      • ip Ip address and subnet mask for the local standalone nat subnet. type: list more...
      • ips_sensor (Alias name: ips-sensor) Ips sensor name. type: list more...
      • ipv6_rules (Alias name: ipv6-rules) Optional rules of ipv6 packets. type: list choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
      • key Wep key. type: list more...
      • keyindex Wep key index (1 - 4). type: int more...
      • l3_roaming (Alias name: l3-roaming) Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
      • l3_roaming_mode (Alias name: l3-roaming-mode) Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
      • ldpc Vap low-density parity-check (ldpc) coding configuration. type: str choices: [disable, tx, rx, rxtx] more...
      • local_authentication (Alias name: local-authentication) Enable/disable ap local authentication. type: str choices: [disable, enable] more...
      • local_bridging (Alias name: local-bridging) Enable/disable bridging of wireless and ethernet interfaces on the fortiap (default = disable). type: str choices: [disable, enable] more...
      • local_lan (Alias name: local-lan) Allow/deny traffic destined for a class a, b, or c private ip address (default = allow). type: str choices: [deny, allow] more...
      • local_standalone (Alias name: local-standalone) Enable/disable ap local standalone (default = disable). type: str choices: [disable, enable] more...
      • local_standalone_dns (Alias name: local-standalone-dns) Enable/disable ap local standalone dns. type: str choices: [disable, enable] more...
      • local_standalone_dns_ip (Alias name: local-standalone-dns-ip) Ipv4 addresses for the local standalone dns. type: list more...
      • local_standalone_nat (Alias name: local-standalone-nat) Enable/disable ap local standalone nat mode. type: str choices: [disable, enable] more...
      • local_switching (Alias name: local-switching) Local switching. type: str choices: [disable, enable] more...
      • mac_auth_bypass (Alias name: mac-auth-bypass) Enable/disable mac authentication bypass. type: str choices: [disable, enable] more...
      • mac_called_station_delimiter (Alias name: mac-called-station-delimiter) Mac called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
      • mac_calling_station_delimiter (Alias name: mac-calling-station-delimiter) Mac calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
      • mac_case (Alias name: mac-case) Mac case (default = uppercase). type: str choices: [uppercase, lowercase] more...
      • mac_filter (Alias name: mac-filter) Enable/disable mac filtering to block wireless clients by mac address. type: str choices: [disable, enable] more...
      • mac_filter_policy_other (Alias name: mac-filter-policy-other) Allow or block clients with mac addresses that are not in the filter list. type: str choices: [deny, allow] more...
      • mac_password_delimiter (Alias name: mac-password-delimiter) Mac authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
      • mac_username_delimiter (Alias name: mac-username-delimiter) Mac authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
      • max_clients (Alias name: max-clients) Maximum number of clients that can connect simultaneously to the vap (default = 0, meaning no limitation). type: int more...
      • max_clients_ap (Alias name: max-clients-ap) Maximum number of clients that can connect simultaneously to the vap per ap radio (default = 0, meaning no limitation). type: int more...
      • mbo Enable/disable multiband operation (default = disable). type: str choices: [disable, enable] more...
      • mbo_cell_data_conn_pref (Alias name: mbo-cell-data-conn-pref) Mbo cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
      • me_disable_thresh (Alias name: me-disable-thresh) Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
      • mesh_backhaul (Alias name: mesh-backhaul) Enable/disable using this vap as a wifi mesh backhaul (default = disable). type: str choices: [disable, enable] more...
      • mpsk Enable/disable multiple psk authentication. type: str choices: [disable, enable] more...
      • mpsk_concurrent_clients (Alias name: mpsk-concurrent-clients) Maximum number of concurrent clients that connect using the same passphrase in multiple psk authentication (0 - 65535, default = 0, meaning no limitation). type: int more...
      • mpsk_profile (Alias name: mpsk-profile) Mpsk profile name. type: list more...
      • mu_mimo (Alias name: mu-mimo) Enable/disable multi-user mimo (default = enable). type: str choices: [disable, enable] more...
      • multicast_enhance (Alias name: multicast-enhance) Enable/disable converting multicast to unicast to improve performance (default = disable). type: str choices: [disable, enable] more...
      • multicast_rate (Alias name: multicast-rate) Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). type: str choices: [0, 6000, 12000, 24000] more...
      • nac Enable/disable network access control. type: str choices: [disable, enable] more...
      • nac_profile (Alias name: nac-profile) Nac profile name. type: list more...
      • nas_filter_rule (Alias name: nas-filter-rule) Enable/disable nas filter rule support (default = disable). type: str choices: [disable, enable] more...
      • neighbor_report_dual_band (Alias name: neighbor-report-dual-band) Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
      • okc Enable/disable opportunistic key caching (okc) (default = enable). type: str choices: [disable, enable] more...
      • osen Enable/disable osen as part of key management (default = disable). type: str choices: [disable, enable] more...
      • owe_groups (Alias name: owe-groups) Owe-groups. type: list choices: [19, 20, 21] more...
      • owe_transition (Alias name: owe-transition) Enable/disable owe transition mode support. type: str choices: [disable, enable] more...
      • owe_transition_ssid (Alias name: owe-transition-ssid) Owe transition mode peer ssid. type: str more...
      • passphrase Wpa pre-shared key (psk) to be used to authenticate wifi users. type: list more...
      • pmf Protected management frames (pmf) support (default = disable). type: str choices: [disable, enable, optional] more...
      • pmf_assoc_comeback_timeout (Alias name: pmf-assoc-comeback-timeout) Protected management frames (pmf) comeback maximum timeout (1-20 sec). type: int more...
      • pmf_sa_query_retry_timeout (Alias name: pmf-sa-query-retry-timeout) Protected management frames (pmf) sa query retry timeout interval (1 - 5 100s of msec). type: int more...
      • port_macauth (Alias name: port-macauth) Enable/disable lan port mac authentication (default = disable). type: str choices: [disable, radius, address-group] more...
      • port_macauth_reauth_timeout (Alias name: port-macauth-reauth-timeout) Lan port mac authentication re-authentication timeout value (default = 7200 sec). type: int more...
      • port_macauth_timeout (Alias name: port-macauth-timeout) Lan port mac authentication idle timeout value (default = 600 sec). type: int more...
      • portal_message_override_group (Alias name: portal-message-override-group) Replacement message group for this vap (only available when security is set to a captive portal type). type: list more...
      • portal_type (Alias name: portal-type) Captive portal functionality. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
      • primary_wag_profile (Alias name: primary-wag-profile) Primary wireless access gateway profile name. type: list more...
      • probe_resp_suppression (Alias name: probe-resp-suppression) Enable/disable probe response suppression (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
      • probe_resp_threshold (Alias name: probe-resp-threshold) Minimum signal level/threshold in dbm required for the ap response to probe requests (-95 to -20, default = -80). type: str more...
      • ptk_rekey (Alias name: ptk-rekey) Enable/disable ptk rekey for wpa-enterprise security. type: str choices: [disable, enable] more...
      • ptk_rekey_intv (Alias name: ptk-rekey-intv) Ptk rekey interval (600 - 864000 sec, default = 86400). type: int more...
      • qos_profile (Alias name: qos-profile) Quality of service profile name. type: list more...
      • quarantine Enable/disable station quarantine (default = enable). type: str choices: [disable, enable] more...
      • radio_2g_threshold (Alias name: radio-2g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 2. type: str more...
      • radio_5g_threshold (Alias name: radio-5g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 5g band(-95 to -20, default = -76). type: str more...
      • radio_sensitivity (Alias name: radio-sensitivity) Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
      • radius_mac_auth (Alias name: radius-mac-auth) Enable/disable radius-based mac authentication of clients (default = disable). type: str choices: [disable, enable] more...
      • radius_mac_auth_block_interval (Alias name: radius-mac-auth-block-interval) Dont send radius mac auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
      • radius_mac_auth_server (Alias name: radius-mac-auth-server) Radius-based mac authentication server. type: list more...
      • radius_mac_auth_usergroups (Alias name: radius-mac-auth-usergroups) Selective user groups that are permitted for radius mac authentication. type: list more...
      • radius_mac_mpsk_auth (Alias name: radius-mac-mpsk-auth) Enable/disable radius-based mac authentication of clients for mpsk authentication (default = disable). type: str choices: [disable, enable] more...
      • radius_mac_mpsk_timeout (Alias name: radius-mac-mpsk-timeout) Radius mac mpsk cache timeout interval (0 or 300 - 864000, default = 86400, 0 to disable caching). type: int more...
      • radius_server (Alias name: radius-server) Radius server to be used to authenticate wifi users. type: list more...
      • rates_11a (Alias name: rates-11a) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
      • rates_11ac_mcs_map (Alias name: rates-11ac-mcs-map) Comma separated list of max supported vht mcs for spatial streams 1 through 8. type: str more...
      • rates_11ac_ss12 (Alias name: rates-11ac-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
      • rates_11ac_ss34 (Alias name: rates-11ac-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
      • rates_11ax_mcs_map (Alias name: rates-11ax-mcs-map) Comma separated list of max supported he mcs for spatial streams 1 through 8. type: str more...
      • rates_11ax_ss12 (Alias name: rates-11ax-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
      • rates_11ax_ss34 (Alias name: rates-11ax-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
      • rates_11be_mcs_map (Alias name: rates-11be-mcs-map) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 20mhz/40mhz/80mhz bandwidth. type: str more...
      • rates_11be_mcs_map_160 (Alias name: rates-11be-mcs-map-160) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 160mhz bandwidth. type: str more...
      • rates_11be_mcs_map_320 (Alias name: rates-11be-mcs-map-320) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 320mhz bandwidth. type: str more...
      • rates_11bg (Alias name: rates-11bg) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
      • rates_11n_ss12 (Alias name: rates-11n-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
      • rates_11n_ss34 (Alias name: rates-11n-ss34) Allowed data rates for 802. type: list choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
      • roaming_acct_interim_update (Alias name: roaming-acct-interim-update) Enable/disable using accounting interim update instead of accounting start/stop on roaming for wpa-enterprise security. type: str choices: [disable, enable] more...
      • sae_groups (Alias name: sae-groups) Sae-groups. type: list choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
      • sae_h2e_only (Alias name: sae-h2e-only) Use hash-to-element-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
      • sae_hnp_only (Alias name: sae-hnp-only) Use hunting-and-pecking-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
      • sae_password (Alias name: sae-password) Wpa3 sae password to be used to authenticate wifi users. type: list more...
      • sae_pk (Alias name: sae-pk) Enable/disable wpa3 sae-pk (default = disable). type: str choices: [disable, enable] more...
      • sae_private_key (Alias name: sae-private-key) Private key used for wpa3 sae-pk authentication. type: str more...
      • scan_botnet_connections (Alias name: scan-botnet-connections) Block or monitor connections to botnet servers or disable botnet scanning. type: str choices: [disable, block, monitor] more...
      • schedule Firewall schedules for enabling this vap on the fortiap. type: list more...
      • secondary_wag_profile (Alias name: secondary-wag-profile) Secondary wireless access gateway profile name. type: list more...
      • security Security mode for the wireless interface (default = wpa2-only-personal). type: str choices: [None, wep64, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
      • security_exempt_list (Alias name: security-exempt-list) Optional security exempt list for captive portal authentication. type: list more...
      • security_obsolete_option (Alias name: security-obsolete-option) Enable/disable obsolete security options. type: str choices: [disable, enable] more...
      • security_redirect_url (Alias name: security-redirect-url) Optional url for redirecting users after they pass captive portal authentication. type: str more...
      • selected_usergroups (Alias name: selected-usergroups) Selective user groups that are permitted to authenticate. type: list more...
      • split_tunneling (Alias name: split-tunneling) Enable/disable split tunneling (default = disable). type: str choices: [disable, enable] more...
      • ssid Ieee 802. type: str more...
      • sticky_client_remove (Alias name: sticky-client-remove) Enable/disable sticky client remove to maintain good signal level clients in ssid (default = disable). type: str choices: [disable, enable] more...
      • sticky_client_threshold_2g (Alias name: sticky-client-threshold-2g) Minimum signal level/threshold in dbm required for the 2g client to be serviced by the ap (-95 to -20, default = -79). type: str more...
      • sticky_client_threshold_5g (Alias name: sticky-client-threshold-5g) Minimum signal level/threshold in dbm required for the 5g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
      • sticky_client_threshold_6g (Alias name: sticky-client-threshold-6g) Minimum signal level/threshold in dbm required for the 6g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
      • target_wake_time (Alias name: target-wake-time) Enable/disable 802. type: str choices: [disable, enable] more...
      • tkip_counter_measure (Alias name: tkip-counter-measure) Enable/disable tkip counter measure. type: str choices: [disable, enable] more...
      • tunnel_echo_interval (Alias name: tunnel-echo-interval) The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). type: int more...
      • tunnel_fallback_interval (Alias name: tunnel-fallback-interval) The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). type: int more...
      • usergroup Firewall user group to be used to authenticate wifi users. type: list more...
      • utm_log (Alias name: utm-log) Enable/disable utm logging. type: str choices: [disable, enable] more...
      • utm_profile (Alias name: utm-profile) Utm profile name. type: list more...
      • utm_status (Alias name: utm-status) Enable to add one or more security profiles (av, ips, etc. type: str choices: [disable, enable] more...
      • vdom Vdom. type: list more...
      • vlan_auto (Alias name: vlan-auto) Enable/disable automatic management of ssid vlan interface. type: str choices: [disable, enable] more...
      • vlan_pooling (Alias name: vlan-pooling) Enable/disable vlan pooling, to allow grouping of multiple wireless controller vlans into vlan pools (default = disable). type: str choices: [wtp-group, round-robin, hash, disable] more...
      • vlanid Optional vlan id. type: int more...
      • voice_enterprise (Alias name: voice-enterprise) Enable/disable 802. type: str choices: [disable, enable] more...
      • webfilter_profile (Alias name: webfilter-profile) Webfilter profile name. type: list more...
      • _intf_ip_managed_by_fortiipam (Alias name: _intf_ip-managed-by-fortiipam) Intf ip managed by fortiipam. type: str choices: [disable, enable, inherit-global] more...
      • _intf_managed_subnetwork_size (Alias name: _intf_managed-subnetwork-size) Intf managed subnetwork size. type: str choices: [32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536] default: 256 more...
      • domain_name_stripping (Alias name: domain-name-stripping) Enable/disable stripping domain name from identity (default = disable). type: str choices: [disable, enable] more...
      • local_lan_partition (Alias name: local-lan-partition) Enable/disable segregating client traffic to local lan side (default = disable). type: str choices: [disable, enable] more...
      • _intf_role Intf role. type: str choices: [lan, wan, dmz, undefined] default: lan more...
      • called_station_id_type (Alias name: called-station-id-type) The format type of radius attribute called-station-id (default = mac). type: str choices: [mac, ip, apname] more...
      • external_pre_auth (Alias name: external-pre-auth) Enable/disable pre-authentication with external aps not managed by the fortigate (default = disable). type: str choices: [disable, enable] more...
      • pre_auth (Alias name: pre-auth) Enable/disable pre-authentication, where supported by clients (default = enable). type: str choices: [disable, enable] more...
      • _intf_ip6_send_adv (Alias name: _intf_ip6-send-adv) Intf ip6 send adv. type: str choices: [disable, enable] more...
      • ip6_prefix_list (Alias name: ip6-prefix-list) Ip6 prefix list. type: list more...
        • autonomous_flag (Alias name: autonomous-flag) Autonomous flag. type: str choices: [disable, enable] more...
        • dnssl Dnssl. type: list more...
        • onlink_flag (Alias name: onlink-flag) Onlink flag. type: str choices: [disable, enable] more...
        • preferred_life_time (Alias name: preferred-life-time) Preferred life time. type: int more...
        • prefix Prefix. type: str more...
        • rdnss Rdnss. type: list more...
        • valid_life_time (Alias name: valid-life-time) Valid life time. type: int more...
      • _intf_vrf Intf vrf. type: int default: 0 more...
      • captive_network_assistant_bypass (Alias name: captive-network-assistant-bypass) Enable/disable captive network assistant bypass. type: str choices: [disable, enable] more...
      • mlo Enable/disable wifi7 multi-link-operation (default = disable). type: str choices: [disable, enable] more...
    • eap_reauth (Alias name: eap-reauth) Enable/disable eap re-authentication for wpa-enterprise security. type: str choices: [disable, enable] more...
    • eap_reauth_intv (Alias name: eap-reauth-intv) Eap re-authentication interval (1800 - 864000 sec, default = 86400). type: int more...
    • eapol_key_retries (Alias name: eapol-key-retries) Enable/disable retransmission of eapol-key frames (message 3/4 and group message 1/2) (default = enable). type: str choices: [disable, enable] more...
    • encrypt Encryption protocol to use (only available when security is set to a wpa type). type: str choices: [TKIP, AES, TKIP-AES] more...
    • external_fast_roaming (Alias name: external-fast-roaming) Enable/disable fast roaming or pre-authentication with external aps not managed by the fortigate (default = disable). type: str choices: [disable, enable] more...
    • external_logout (Alias name: external-logout) Url of external authentication logout server. type: str more...
    • external_web (Alias name: external-web) Url of external authentication web server. type: str more...
    • external_web_format (Alias name: external-web-format) Url query parameter detection (default = auto-detect). type: str choices: [auto-detect, no-query-string, partial-query-string] more...
    • fast_bss_transition (Alias name: fast-bss-transition) Enable/disable 802. type: str choices: [disable, enable] more...
    • fast_roaming (Alias name: fast-roaming) Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). type: str choices: [disable, enable] more...
    • ft_mobility_domain (Alias name: ft-mobility-domain) Mobility domain identifier in ft (1 - 65535, default = 1000). type: int more...
    • ft_over_ds (Alias name: ft-over-ds) Enable/disable ft over the distribution system (ds). type: str choices: [disable, enable] more...
    • ft_r0_key_lifetime (Alias name: ft-r0-key-lifetime) Lifetime of the pmk-r0 key in ft, 1-65535 minutes. type: int more...
    • gas_comeback_delay (Alias name: gas-comeback-delay) Gas comeback delay (0 or 100 - 10000 milliseconds, default = 500). type: int more...
    • gas_fragmentation_limit (Alias name: gas-fragmentation-limit) Gas fragmentation limit (512 - 4096, default = 1024). type: int more...
    • gtk_rekey (Alias name: gtk-rekey) Enable/disable gtk rekey for wpa security. type: str choices: [disable, enable] more...
    • gtk_rekey_intv (Alias name: gtk-rekey-intv) Gtk rekey interval (600 - 864000 sec, default = 86400). type: int more...
    • high_efficiency (Alias name: high-efficiency) Enable/disable 802. type: str choices: [disable, enable] more...
    • hotspot20_profile (Alias name: hotspot20-profile) Hotspot 2. type: list more...
    • igmp_snooping (Alias name: igmp-snooping) Enable/disable igmp snooping. type: str choices: [disable, enable] more...
    • intra_vap_privacy (Alias name: intra-vap-privacy) Enable/disable blocking communication between clients on the same ssid (called intra-ssid privacy) (default = disable). type: str choices: [disable, enable] more...
    • ip Ip address and subnet mask for the local standalone nat subnet. type: list more...
    • ips_sensor (Alias name: ips-sensor) Ips sensor name. type: list more...
    • ipv6_rules (Alias name: ipv6-rules) Optional rules of ipv6 packets. type: list choices: [drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad] more...
    • key Wep key. type: list more...
    • keyindex Wep key index (1 - 4). type: int more...
    • l3_roaming (Alias name: l3-roaming) Enable/disable layer 3 roaming (default = disable). type: str choices: [disable, enable] more...
    • l3_roaming_mode (Alias name: l3-roaming-mode) Select the way that layer 3 roaming traffic is passed (default = direct). type: str choices: [direct, indirect] more...
    • ldpc Vap low-density parity-check (ldpc) coding configuration. type: str choices: [disable, tx, rx, rxtx] more...
    • local_authentication (Alias name: local-authentication) Enable/disable ap local authentication. type: str choices: [disable, enable] more...
    • local_bridging (Alias name: local-bridging) Enable/disable bridging of wireless and ethernet interfaces on the fortiap (default = disable). type: str choices: [disable, enable] more...
    • local_lan (Alias name: local-lan) Allow/deny traffic destined for a class a, b, or c private ip address (default = allow). type: str choices: [deny, allow] more...
    • local_standalone (Alias name: local-standalone) Enable/disable ap local standalone (default = disable). type: str choices: [disable, enable] more...
    • local_standalone_dns (Alias name: local-standalone-dns) Enable/disable ap local standalone dns. type: str choices: [disable, enable] more...
    • local_standalone_dns_ip (Alias name: local-standalone-dns-ip) Ipv4 addresses for the local standalone dns. type: list more...
    • local_standalone_nat (Alias name: local-standalone-nat) Enable/disable ap local standalone nat mode. type: str choices: [disable, enable] more...
    • mac_auth_bypass (Alias name: mac-auth-bypass) Enable/disable mac authentication bypass. type: str choices: [disable, enable] more...
    • mac_called_station_delimiter (Alias name: mac-called-station-delimiter) Mac called station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • mac_calling_station_delimiter (Alias name: mac-calling-station-delimiter) Mac calling station delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • mac_case (Alias name: mac-case) Mac case (default = uppercase). type: str choices: [uppercase, lowercase] more...
    • mac_password_delimiter (Alias name: mac-password-delimiter) Mac authentication password delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • mac_username_delimiter (Alias name: mac-username-delimiter) Mac authentication username delimiter (default = hyphen). type: str choices: [hyphen, single-hyphen, colon, none] more...
    • max_clients (Alias name: max-clients) Maximum number of clients that can connect simultaneously to the vap (default = 0, meaning no limitation). type: int more...
    • max_clients_ap (Alias name: max-clients-ap) Maximum number of clients that can connect simultaneously to the vap per ap radio (default = 0, meaning no limitation). type: int more...
    • mbo Enable/disable multiband operation (default = disable). type: str choices: [disable, enable] more...
    • mbo_cell_data_conn_pref (Alias name: mbo-cell-data-conn-pref) Mbo cell data connection preference (0, 1, or 255, default = 1). type: str choices: [excluded, prefer-not, prefer-use] more...
    • me_disable_thresh (Alias name: me-disable-thresh) Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
    • mesh_backhaul (Alias name: mesh-backhaul) Enable/disable using this vap as a wifi mesh backhaul (default = disable). type: str choices: [disable, enable] more...
    • mpsk_profile (Alias name: mpsk-profile) Mpsk profile name. type: list more...
    • mu_mimo (Alias name: mu-mimo) Enable/disable multi-user mimo (default = enable). type: str choices: [disable, enable] more...
    • multicast_enhance (Alias name: multicast-enhance) Enable/disable converting multicast to unicast to improve performance (default = disable). type: str choices: [disable, enable] more...
    • multicast_rate (Alias name: multicast-rate) Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). type: str choices: [0, 6000, 12000, 24000] more...
    • nac Enable/disable network access control. type: str choices: [disable, enable] more...
    • nac_profile (Alias name: nac-profile) Nac profile name. type: list more...
    • name Virtual ap name. type: str more...
    • nas_filter_rule (Alias name: nas-filter-rule) Enable/disable nas filter rule support (default = disable). type: str choices: [disable, enable] more...
    • neighbor_report_dual_band (Alias name: neighbor-report-dual-band) Enable/disable dual-band neighbor report (default = disable). type: str choices: [disable, enable] more...
    • okc Enable/disable opportunistic key caching (okc) (default = enable). type: str choices: [disable, enable] more...
    • osen Enable/disable osen as part of key management (default = disable). type: str choices: [disable, enable] more...
    • owe_groups (Alias name: owe-groups) Owe-groups. type: list choices: [19, 20, 21] more...
    • owe_transition (Alias name: owe-transition) Enable/disable owe transition mode support. type: str choices: [disable, enable] more...
    • owe_transition_ssid (Alias name: owe-transition-ssid) Owe transition mode peer ssid. type: str more...
    • passphrase Wpa pre-shared key (psk) to be used to authenticate wifi users. type: list more...
    • pmf Protected management frames (pmf) support (default = disable). type: str choices: [disable, enable, optional] more...
    • pmf_assoc_comeback_timeout (Alias name: pmf-assoc-comeback-timeout) Protected management frames (pmf) comeback maximum timeout (1-20 sec). type: int more...
    • pmf_sa_query_retry_timeout (Alias name: pmf-sa-query-retry-timeout) Protected management frames (pmf) sa query retry timeout interval (1 - 5 100s of msec). type: int more...
    • port_macauth (Alias name: port-macauth) Enable/disable lan port mac authentication (default = disable). type: str choices: [disable, radius, address-group] more...
    • port_macauth_reauth_timeout (Alias name: port-macauth-reauth-timeout) Lan port mac authentication re-authentication timeout value (default = 7200 sec). type: int more...
    • port_macauth_timeout (Alias name: port-macauth-timeout) Lan port mac authentication idle timeout value (default = 600 sec). type: int more...
    • portal_message_override_group (Alias name: portal-message-override-group) Replacement message group for this vap (only available when security is set to a captive portal type). type: list more...
    • portal_message_overrides (Alias name: portal-message-overrides) Portal message overrides. type: dict more...
      • auth_disclaimer_page (Alias name: auth-disclaimer-page) Override auth-disclaimer-page message with message from portal-message-overrides group. type: str more...
      • auth_login_failed_page (Alias name: auth-login-failed-page) Override auth-login-failed-page message with message from portal-message-overrides group. type: str more...
      • auth_login_page (Alias name: auth-login-page) Override auth-login-page message with message from portal-message-overrides group. type: str more...
      • auth_reject_page (Alias name: auth-reject-page) Override auth-reject-page message with message from portal-message-overrides group. type: str more...
    • portal_type (Alias name: portal-type) Captive portal functionality. type: str choices: [auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth] more...
    • primary_wag_profile (Alias name: primary-wag-profile) Primary wireless access gateway profile name. type: list more...
    • probe_resp_suppression (Alias name: probe-resp-suppression) Enable/disable probe response suppression (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
    • probe_resp_threshold (Alias name: probe-resp-threshold) Minimum signal level/threshold in dbm required for the ap response to probe requests (-95 to -20, default = -80). type: str more...
    • ptk_rekey (Alias name: ptk-rekey) Enable/disable ptk rekey for wpa-enterprise security. type: str choices: [disable, enable] more...
    • ptk_rekey_intv (Alias name: ptk-rekey-intv) Ptk rekey interval (600 - 864000 sec, default = 86400). type: int more...
    • qos_profile (Alias name: qos-profile) Quality of service profile name. type: list more...
    • quarantine Enable/disable station quarantine (default = enable). type: str choices: [disable, enable] more...
    • radio_2g_threshold (Alias name: radio-2g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 2. type: str more...
    • radio_5g_threshold (Alias name: radio-5g-threshold) Minimum signal level/threshold in dbm required for the ap response to receive a packet in 5g band(-95 to -20, default = -76). type: str more...
    • radio_sensitivity (Alias name: radio-sensitivity) Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). type: str choices: [disable, enable] more...
    • radius_mac_auth (Alias name: radius-mac-auth) Enable/disable radius-based mac authentication of clients (default = disable). type: str choices: [disable, enable] more...
    • radius_mac_auth_block_interval (Alias name: radius-mac-auth-block-interval) Dont send radius mac auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). type: int more...
    • radius_mac_auth_server (Alias name: radius-mac-auth-server) Radius-based mac authentication server. type: list more...
    • radius_mac_auth_usergroups (Alias name: radius-mac-auth-usergroups) Selective user groups that are permitted for radius mac authentication. type: list more...
    • radius_mac_mpsk_auth (Alias name: radius-mac-mpsk-auth) Enable/disable radius-based mac authentication of clients for mpsk authentication (default = disable). type: str choices: [disable, enable] more...
    • radius_mac_mpsk_timeout (Alias name: radius-mac-mpsk-timeout) Radius mac mpsk cache timeout interval (0 or 300 - 864000, default = 86400, 0 to disable caching). type: int more...
    • radius_server (Alias name: radius-server) Radius server to be used to authenticate wifi users. type: list more...
    • rates_11a (Alias name: rates-11a) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
    • rates_11ac_mcs_map (Alias name: rates-11ac-mcs-map) Comma separated list of max supported vht mcs for spatial streams 1 through 8. type: str more...
    • rates_11ax_mcs_map (Alias name: rates-11ax-mcs-map) Comma separated list of max supported he mcs for spatial streams 1 through 8. type: str more...
    • rates_11be_mcs_map (Alias name: rates-11be-mcs-map) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 20mhz/40mhz/80mhz bandwidth. type: str more...
    • rates_11be_mcs_map_160 (Alias name: rates-11be-mcs-map-160) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 160mhz bandwidth. type: str more...
    • rates_11be_mcs_map_320 (Alias name: rates-11be-mcs-map-320) Comma separated list of max nss that supports eht-mcs 0-9, 10-11, 12-13 for 320mhz bandwidth. type: str more...
    • rates_11bg (Alias name: rates-11bg) Allowed data rates for 802. type: list choices: [1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic] more...
    • rates_11n_ss12 (Alias name: rates-11n-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2] more...
    • rates_11n_ss34 (Alias name: rates-11n-ss34) Allowed data rates for 802. type: list choices: [mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4] more...
    • roaming_acct_interim_update (Alias name: roaming-acct-interim-update) Enable/disable using accounting interim update instead of accounting start/stop on roaming for wpa-enterprise security. type: str choices: [disable, enable] more...
    • sae_groups (Alias name: sae-groups) Sae-groups. type: list choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31] more...
    • sae_h2e_only (Alias name: sae-h2e-only) Use hash-to-element-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
    • sae_hnp_only (Alias name: sae-hnp-only) Use hunting-and-pecking-only mechanism for pwe derivation (default = disable). type: str choices: [disable, enable] more...
    • sae_password (Alias name: sae-password) Wpa3 sae password to be used to authenticate wifi users. type: list more...
    • sae_pk (Alias name: sae-pk) Enable/disable wpa3 sae-pk (default = disable). type: str choices: [disable, enable] more...
    • sae_private_key (Alias name: sae-private-key) Private key used for wpa3 sae-pk authentication. type: str more...
    • scan_botnet_connections (Alias name: scan-botnet-connections) Block or monitor connections to botnet servers or disable botnet scanning. type: str choices: [disable, block, monitor] more...
    • schedule Firewall schedules for enabling this vap on the fortiap. type: list more...
    • secondary_wag_profile (Alias name: secondary-wag-profile) Secondary wireless access gateway profile name. type: list more...
    • security Security mode for the wireless interface (default = wpa2-only-personal). type: str choices: [None, wep64, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition, wpa3-only-enterprise, wpa3-enterprise-transition] more...
    • security_exempt_list (Alias name: security-exempt-list) Optional security exempt list for captive portal authentication. type: list more...
    • security_obsolete_option (Alias name: security-obsolete-option) Enable/disable obsolete security options. type: str choices: [disable, enable] more...
    • security_redirect_url (Alias name: security-redirect-url) Optional url for redirecting users after they pass captive portal authentication. type: str more...
    • selected_usergroups (Alias name: selected-usergroups) Selective user groups that are permitted to authenticate. type: list more...
    • split_tunneling (Alias name: split-tunneling) Enable/disable split tunneling (default = disable). type: str choices: [disable, enable] more...
    • ssid Ieee 802. type: str more...
    • sticky_client_remove (Alias name: sticky-client-remove) Enable/disable sticky client remove to maintain good signal level clients in ssid (default = disable). type: str choices: [disable, enable] more...
    • sticky_client_threshold_2g (Alias name: sticky-client-threshold-2g) Minimum signal level/threshold in dbm required for the 2g client to be serviced by the ap (-95 to -20, default = -79). type: str more...
    • sticky_client_threshold_5g (Alias name: sticky-client-threshold-5g) Minimum signal level/threshold in dbm required for the 5g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
    • sticky_client_threshold_6g (Alias name: sticky-client-threshold-6g) Minimum signal level/threshold in dbm required for the 6g client to be serviced by the ap (-95 to -20, default = -76). type: str more...
    • target_wake_time (Alias name: target-wake-time) Enable/disable 802. type: str choices: [disable, enable] more...
    • tkip_counter_measure (Alias name: tkip-counter-measure) Enable/disable tkip counter measure. type: str choices: [disable, enable] more...
    • tunnel_echo_interval (Alias name: tunnel-echo-interval) The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). type: int more...
    • tunnel_fallback_interval (Alias name: tunnel-fallback-interval) The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). type: int more...
    • usergroup Firewall user group to be used to authenticate wifi users. type: list more...
    • utm_log (Alias name: utm-log) Enable/disable utm logging. type: str choices: [disable, enable] more...
    • utm_profile (Alias name: utm-profile) Utm profile name. type: list more...
    • utm_status (Alias name: utm-status) Enable to add one or more security profiles (av, ips, etc. type: str choices: [disable, enable] more...
    • vlan_auto (Alias name: vlan-auto) Enable/disable automatic management of ssid vlan interface. type: str choices: [disable, enable] more...
    • vlan_name (Alias name: vlan-name) Vlan name. type: list more...
      • name Vlan name. type: str more...
      • vlan_id (Alias name: vlan-id) Vlan ids (maximum 8 vlan ids). type: int more...
    • vlan_pool (Alias name: vlan-pool) Vlan pool. type: list more...
      • _wtp_group (Alias name: _wtp-group) Wtp group. type: str more...
      • id Id. type: int more...
      • wtp_group (Alias name: wtp-group) Wtp group name. type: list more...
    • vlan_pooling (Alias name: vlan-pooling) Enable/disable vlan pooling, to allow grouping of multiple wireless controller vlans into vlan pools (default = disable). type: str choices: [wtp-group, round-robin, hash, disable] more...
    • vlanid Optional vlan id. type: int more...
    • voice_enterprise (Alias name: voice-enterprise) Enable/disable 802. type: str choices: [disable, enable] more...
    • webfilter_profile (Alias name: webfilter-profile) Webfilter profile name. type: list more...
    • mac_filter_policy_other (Alias name: mac-filter-policy-other) Allow or block clients with mac addresses that are not in the filter list. type: str choices: [deny, allow] more...
    • mac_filter (Alias name: mac-filter) Enable/disable mac filtering to block wireless clients by mac address. type: str choices: [disable, enable] more...
    • rates_11ax_ss12 (Alias name: rates-11ax-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2] more...
    • rates_11ac_ss34 (Alias name: rates-11ac-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4] more...
    • rates_11ax_ss34 (Alias name: rates-11ax-ss34) Allowed data rates for 802. type: list choices: [mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4] more...
    • rates_11ac_ss12 (Alias name: rates-11ac-ss12) Allowed data rates for 802. type: list choices: [mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2] more...
    • mac_filter_list (Alias name: mac-filter-list) Mac filter list. type: list more...
      • id Id. type: int more...
      • mac Mac address. type: str more...
      • mac_filter_policy (Alias name: mac-filter-policy) Deny or allow the client with this mac address. type: str choices: [deny, allow] more...
    • mpsk_key (Alias name: mpsk-key) Mpsk key. type: list more...
      • comment Comment. type: str more...
      • concurrent_clients (Alias name: concurrent-clients) Number of clients that can connect using this pre-shared key. type: str more...
      • key_name (Alias name: key-name) Pre-shared key name. type: str more...
      • mpsk_schedules (Alias name: mpsk-schedules) Firewall schedule for mpsk passphrase. type: list more...
      • passphrase Wpa pre-shared key. type: list more...
    • mpsk Enable/disable multiple psk authentication. type: str choices: [disable, enable] more...
    • mpsk_concurrent_clients (Alias name: mpsk-concurrent-clients) Maximum number of concurrent clients that connect using the same passphrase in multiple psk authentication (0 - 65535, default = 0, meaning no limitation). type: int more...
    • acct_interim_interval (Alias name: acct-interim-interval) Wifi radius accounting interim interval (60 - 86400 sec, default = 0). type: int more...
    • captive_portal_radius_server (Alias name: captive-portal-radius-server) Captive portal radius server domain name or ip address. type: str more...
    • captive_portal_session_timeout_interval (Alias name: captive-portal-session-timeout-interval) Session timeout interval (0 - 864000 sec, default = 0). type: int more...
    • captive_portal_radius_secret (Alias name: captive-portal-radius-secret) Secret key to access the radius server. type: list more...
    • captive_portal_macauth_radius_secret (Alias name: captive-portal-macauth-radius-secret) Secret key to access the macauth radius server. type: list more...
    • captive_portal_macauth_radius_server (Alias name: captive-portal-macauth-radius-server) Captive portal external radius server domain name or ip address. type: str more...
    • _intf_ip_managed_by_fortiipam (Alias name: _intf_ip-managed-by-fortiipam) Intf ip managed by fortiipam. type: str choices: [disable, enable, inherit-global] more...
    • _intf_managed_subnetwork_size (Alias name: _intf_managed-subnetwork-size) Intf managed subnetwork size. type: str choices: [32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536] default: 256 more...
    • domain_name_stripping (Alias name: domain-name-stripping) Enable/disable stripping domain name from identity (default = disable). type: str choices: [disable, enable] more...
    • local_lan_partition (Alias name: local-lan-partition) Enable/disable segregating client traffic to local lan side (default = disable). type: str choices: [disable, enable] more...
    • _intf_role Intf role. type: str choices: [lan, wan, dmz, undefined] default: lan more...
    • called_station_id_type (Alias name: called-station-id-type) The format type of radius attribute called-station-id (default = mac). type: str choices: [mac, ip, apname] more...
    • external_pre_auth (Alias name: external-pre-auth) Enable/disable pre-authentication with external aps not managed by the fortigate (default = disable). type: str choices: [disable, enable] more...
    • pre_auth (Alias name: pre-auth) Enable/disable pre-authentication, where supported by clients (default = enable). type: str choices: [disable, enable] more...
    • _intf_ip6_send_adv (Alias name: _intf_ip6-send-adv) Intf ip6 send adv. type: str choices: [disable, enable] more...
    • ip6_prefix_list (Alias name: ip6-prefix-list) Ip6 prefix list. type: list more...
      • autonomous_flag (Alias name: autonomous-flag) Autonomous flag. type: str choices: [disable, enable] more...
      • dnssl Dnssl. type: list more...
      • onlink_flag (Alias name: onlink-flag) Onlink flag. type: str choices: [disable, enable] more...
      • preferred_life_time (Alias name: preferred-life-time) Preferred life time. type: int more...
      • prefix Prefix. type: str more...
      • rdnss Rdnss. type: list more...
      • valid_life_time (Alias name: valid-life-time) Valid life time. type: int more...
    • _intf_vrf Intf vrf. type: int default: 0 more...
    • captive_network_assistant_bypass (Alias name: captive-network-assistant-bypass) Enable/disable captive network assistant bypass. type: str choices: [disable, enable] more...
    • mlo Enable/disable wifi7 multi-link-operation (default = disable). type: str choices: [disable, enable] more...

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state: present directive.

  • To delete an object, use state: absent directive

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  gather_facts: false
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure Virtual Access Points
      fortinet.fmgdevice.fmgd_wireless_vap:
        # bypass_validation: false
        # workspace_locking_adom: <global or your adom name>
        # workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        device: <your own value>
        vdom: <your own value>
        state: present # <value in [present, absent]>
        wireless_vap:
          name: "your value" # Required variable, string
          # d80211k: <value in [disable, enable]>
          # d80211v: <value in [disable, enable]>
          # _centmgmt: <value in [disable, enable]>
          # _dhcp_svr_id: <list or string>
          # _intf_allowaccess:
          #   - "https"
          #   - "ping"
          #   - "ssh"
          #   - "snmp"
          #   - "http"
          #   - "telnet"
          #   - "fgfm"
          #   - "radius-acct"
          #   - "probe-response"
          #   - "capwap"
          #   - "dnp"
          #   - "ftm"
          #   - "fabric"
          #   - "speed-test"
          # _intf_device_access_list: <list or string>
          # _intf_device_identification: <value in [disable, enable]>
          # _intf_device_netscan: <value in [disable, enable]>
          # _intf_dhcp_relay_ip: <list or string>
          # _intf_dhcp_relay_service: <value in [disable, enable]>
          # _intf_dhcp_relay_type: <value in [regular, ipsec]>
          # _intf_dhcp6_relay_ip: <list or string>
          # _intf_dhcp6_relay_service: <value in [disable, enable]>
          # _intf_dhcp6_relay_type: <value in [regular]>
          # _intf_ip: <list or string>
          # _intf_ip6_address: <string>
          # _intf_ip6_allowaccess:
          #   - "https"
          #   - "ping"
          #   - "ssh"
          #   - "snmp"
          #   - "http"
          #   - "telnet"
          #   - "any"
          #   - "fgfm"
          #   - "capwap"
          # _intf_listen_forticlient_connection: <value in [disable, enable]>
          # _is_factory_setting: <value in [disable, enable, ext]>
          # access_control_list: <list or string>
          # additional_akms:
          #   - "akm6"
          #   - "akm24"
          # address_group: <list or string>
          # address_group_policy: <value in [disable, allow, deny]>
          # akm24_only: <value in [disable, enable]>
          # alias: <string>
          # antivirus_profile: <list or string>
          # application_detection_engine: <value in [disable, enable]>
          # application_dscp_marking: <value in [disable, enable]>
          # application_list: <list or string>
          # application_report_intv: <integer>
          # atf_weight: <integer>
          # auth: <value in [radius, usergroup, psk]>
          # auth_cert: <list or string>
          # auth_portal_addr: <string>
          # beacon_advertising:
          #   - "name"
          #   - "model"
          #   - "serial-number"
          # beacon_protection: <value in [disable, enable]>
          # broadcast_ssid: <value in [disable, enable]>
          # broadcast_suppression:
          #   - "dhcp"
          #   - "arp"
          #   - "dhcp2"
          #   - "arp2"
          #   - "netbios-ns"
          #   - "netbios-ds"
          #   - "arp3"
          #   - "dhcp-up"
          #   - "dhcp-down"
          #   - "arp-known"
          #   - "arp-unknown"
          #   - "arp-reply"
          #   - "ipv6"
          #   - "dhcp-starvation"
          #   - "arp-poison"
          #   - "all-other-mc"
          #   - "all-other-bc"
          #   - "arp-proxy"
          #   - "dhcp-ucast"
          # bss_color_partial: <value in [disable, enable]>
          # bstm_disassociation_imminent: <value in [disable, enable]>
          # bstm_load_balancing_disassoc_timer: <integer>
          # bstm_rssi_disassoc_timer: <integer>
          # captive_portal: <value in [disable, enable]>
          # captive_portal_ac_name: <string>
          # captive_portal_auth_timeout: <integer>
          # captive_portal_fw_accounting: <value in [disable, enable]>
          # dhcp_address_enforcement: <value in [disable, enable]>
          # dhcp_lease_time: <integer>
          # dhcp_option43_insertion: <value in [disable, enable]>
          # dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
          # dhcp_option82_insertion: <value in [disable, enable]>
          # dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
          # dynamic_vlan: <value in [disable, enable]>
          # dynamic_mapping:
          #   - d80211k: <value in [disable, enable]>
          #     d80211v: <value in [disable, enable]>
          #     _centmgmt: <value in [disable, enable]>
          #     _dhcp_svr_id: <list or string>
          #     _intf_allowaccess:
          #       - "https"
          #       - "ping"
          #       - "ssh"
          #       - "snmp"
          #       - "http"
          #       - "telnet"
          #       - "fgfm"
          #       - "radius-acct"
          #       - "probe-response"
          #       - "capwap"
          #       - "dnp"
          #       - "ftm"
          #       - "fabric"
          #       - "speed-test"
          #     _intf_device_access_list: <list or string>
          #     _intf_device_identification: <value in [disable, enable]>
          #     _intf_device_netscan: <value in [disable, enable]>
          #     _intf_dhcp_relay_ip: <list or string>
          #     _intf_dhcp_relay_service: <value in [disable, enable]>
          #     _intf_dhcp_relay_type: <value in [regular, ipsec]>
          #     _intf_dhcp6_relay_ip: <list or string>
          #     _intf_dhcp6_relay_service: <value in [disable, enable]>
          #     _intf_dhcp6_relay_type: <value in [regular]>
          #     _intf_ip: <list or string>
          #     _intf_ip6_address: <string>
          #     _intf_ip6_allowaccess:
          #       - "https"
          #       - "ping"
          #       - "ssh"
          #       - "snmp"
          #       - "http"
          #       - "telnet"
          #       - "any"
          #       - "fgfm"
          #       - "capwap"
          #     _intf_listen_forticlient_connection: <value in [disable, enable]>
          #     _is_factory_setting: <value in [disable, enable, ext]>
          #     _scope:
          #       - name: <string>
          #         vdom: <string>
          #     access_control_list: <list or string>
          #     acct_interim_interval: <integer>
          #     additional_akms:
          #       - "akm6"
          #       - "akm24"
          #     address_group: <list or string>
          #     address_group_policy: <value in [disable, allow, deny]>
          #     akm24_only: <value in [disable, enable]>
          #     alias: <string>
          #     antivirus_profile: <list or string>
          #     application_detection_engine: <value in [disable, enable]>
          #     application_dscp_marking: <value in [disable, enable]>
          #     application_list: <list or string>
          #     application_report_intv: <integer>
          #     atf_weight: <integer>
          #     auth: <value in [radius, usergroup, psk]>
          #     auth_cert: <list or string>
          #     auth_portal_addr: <string>
          #     beacon_advertising:
          #       - "name"
          #       - "model"
          #       - "serial-number"
          #     beacon_protection: <value in [disable, enable]>
          #     broadcast_ssid: <value in [disable, enable]>
          #     broadcast_suppression:
          #       - "dhcp"
          #       - "arp"
          #       - "dhcp2"
          #       - "arp2"
          #       - "netbios-ns"
          #       - "netbios-ds"
          #       - "arp3"
          #       - "dhcp-up"
          #       - "dhcp-down"
          #       - "arp-known"
          #       - "arp-unknown"
          #       - "arp-reply"
          #       - "ipv6"
          #       - "dhcp-starvation"
          #       - "arp-poison"
          #       - "all-other-mc"
          #       - "all-other-bc"
          #       - "arp-proxy"
          #       - "dhcp-ucast"
          #     bss_color_partial: <value in [disable, enable]>
          #     bstm_disassociation_imminent: <value in [disable, enable]>
          #     bstm_load_balancing_disassoc_timer: <integer>
          #     bstm_rssi_disassoc_timer: <integer>
          #     captive_portal: <value in [disable, enable]>
          #     captive_portal_ac_name: <string>
          #     captive_portal_auth_timeout: <integer>
          #     captive_portal_fw_accounting: <value in [disable, enable]>
          #     captive_portal_macauth_radius_secret: <list or string>
          #     captive_portal_macauth_radius_server: <string>
          #     captive_portal_radius_secret: <list or string>
          #     captive_portal_radius_server: <string>
          #     captive_portal_session_timeout_interval: <integer>
          #     client_count: <integer>
          #     dhcp_address_enforcement: <value in [disable, enable]>
          #     dhcp_lease_time: <integer>
          #     dhcp_option43_insertion: <value in [disable, enable]>
          #     dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
          #     dhcp_option82_insertion: <value in [disable, enable]>
          #     dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
          #     dynamic_vlan: <value in [disable, enable]>
          #     eap_reauth: <value in [disable, enable]>
          #     eap_reauth_intv: <integer>
          #     eapol_key_retries: <value in [disable, enable]>
          #     encrypt: <value in [TKIP, AES, TKIP-AES]>
          #     external_fast_roaming: <value in [disable, enable]>
          #     external_logout: <string>
          #     external_web: <string>
          #     external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
          #     fast_bss_transition: <value in [disable, enable]>
          #     fast_roaming: <value in [disable, enable]>
          #     ft_mobility_domain: <integer>
          #     ft_over_ds: <value in [disable, enable]>
          #     ft_r0_key_lifetime: <integer>
          #     gas_comeback_delay: <integer>
          #     gas_fragmentation_limit: <integer>
          #     gtk_rekey: <value in [disable, enable]>
          #     gtk_rekey_intv: <integer>
          #     high_efficiency: <value in [disable, enable]>
          #     hotspot20_profile: <list or string>
          #     igmp_snooping: <value in [disable, enable]>
          #     intra_vap_privacy: <value in [disable, enable]>
          #     ip: <list or string>
          #     ips_sensor: <list or string>
          #     ipv6_rules:
          #       - "drop-icmp6ra"
          #       - "drop-icmp6rs"
          #       - "drop-llmnr6"
          #       - "drop-icmp6mld2"
          #       - "drop-dhcp6s"
          #       - "drop-dhcp6c"
          #       - "ndp-proxy"
          #       - "drop-ns-dad"
          #       - "drop-ns-nondad"
          #     key: <list or string>
          #     keyindex: <integer>
          #     l3_roaming: <value in [disable, enable]>
          #     l3_roaming_mode: <value in [direct, indirect]>
          #     ldpc: <value in [disable, tx, rx, ...]>
          #     local_authentication: <value in [disable, enable]>
          #     local_bridging: <value in [disable, enable]>
          #     local_lan: <value in [deny, allow]>
          #     local_standalone: <value in [disable, enable]>
          #     local_standalone_dns: <value in [disable, enable]>
          #     local_standalone_dns_ip: <list or string>
          #     local_standalone_nat: <value in [disable, enable]>
          #     local_switching: <value in [disable, enable]>
          #     mac_auth_bypass: <value in [disable, enable]>
          #     mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          #     mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          #     mac_case: <value in [uppercase, lowercase]>
          #     mac_filter: <value in [disable, enable]>
          #     mac_filter_policy_other: <value in [deny, allow]>
          #     mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          #     mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          #     max_clients: <integer>
          #     max_clients_ap: <integer>
          #     mbo: <value in [disable, enable]>
          #     mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
          #     me_disable_thresh: <integer>
          #     mesh_backhaul: <value in [disable, enable]>
          #     mpsk: <value in [disable, enable]>
          #     mpsk_concurrent_clients: <integer>
          #     mpsk_profile: <list or string>
          #     mu_mimo: <value in [disable, enable]>
          #     multicast_enhance: <value in [disable, enable]>
          #     multicast_rate: <value in [0, 6000, 12000, ...]>
          #     nac: <value in [disable, enable]>
          #     nac_profile: <list or string>
          #     nas_filter_rule: <value in [disable, enable]>
          #     neighbor_report_dual_band: <value in [disable, enable]>
          #     okc: <value in [disable, enable]>
          #     osen: <value in [disable, enable]>
          #     owe_groups:
          #       - "19"
          #       - "20"
          #       - "21"
          #     owe_transition: <value in [disable, enable]>
          #     owe_transition_ssid: <string>
          #     passphrase: <list or string>
          #     pmf: <value in [disable, enable, optional]>
          #     pmf_assoc_comeback_timeout: <integer>
          #     pmf_sa_query_retry_timeout: <integer>
          #     port_macauth: <value in [disable, radius, address-group]>
          #     port_macauth_reauth_timeout: <integer>
          #     port_macauth_timeout: <integer>
          #     portal_message_override_group: <list or string>
          #     portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
          #     primary_wag_profile: <list or string>
          #     probe_resp_suppression: <value in [disable, enable]>
          #     probe_resp_threshold: <string>
          #     ptk_rekey: <value in [disable, enable]>
          #     ptk_rekey_intv: <integer>
          #     qos_profile: <list or string>
          #     quarantine: <value in [disable, enable]>
          #     radio_2g_threshold: <string>
          #     radio_5g_threshold: <string>
          #     radio_sensitivity: <value in [disable, enable]>
          #     radius_mac_auth: <value in [disable, enable]>
          #     radius_mac_auth_block_interval: <integer>
          #     radius_mac_auth_server: <list or string>
          #     radius_mac_auth_usergroups: <list or string>
          #     radius_mac_mpsk_auth: <value in [disable, enable]>
          #     radius_mac_mpsk_timeout: <integer>
          #     radius_server: <list or string>
          #     rates_11a:
          #       - "1"
          #       - "1-basic"
          #       - "2"
          #       - "2-basic"
          #       - "5.5"
          #       - "5.5-basic"
          #       - "6"
          #       - "6-basic"
          #       - "9"
          #       - "9-basic"
          #       - "12"
          #       - "12-basic"
          #       - "18"
          #       - "18-basic"
          #       - "24"
          #       - "24-basic"
          #       - "36"
          #       - "36-basic"
          #       - "48"
          #       - "48-basic"
          #       - "54"
          #       - "54-basic"
          #       - "11"
          #       - "11-basic"
          #     rates_11ac_mcs_map: <string>
          #     rates_11ac_ss12:
          #       - "mcs0/1"
          #       - "mcs1/1"
          #       - "mcs2/1"
          #       - "mcs3/1"
          #       - "mcs4/1"
          #       - "mcs5/1"
          #       - "mcs6/1"
          #       - "mcs7/1"
          #       - "mcs8/1"
          #       - "mcs9/1"
          #       - "mcs0/2"
          #       - "mcs1/2"
          #       - "mcs2/2"
          #       - "mcs3/2"
          #       - "mcs4/2"
          #       - "mcs5/2"
          #       - "mcs6/2"
          #       - "mcs7/2"
          #       - "mcs8/2"
          #       - "mcs9/2"
          #       - "mcs10/1"
          #       - "mcs11/1"
          #       - "mcs10/2"
          #       - "mcs11/2"
          #     rates_11ac_ss34:
          #       - "mcs0/3"
          #       - "mcs1/3"
          #       - "mcs2/3"
          #       - "mcs3/3"
          #       - "mcs4/3"
          #       - "mcs5/3"
          #       - "mcs6/3"
          #       - "mcs7/3"
          #       - "mcs8/3"
          #       - "mcs9/3"
          #       - "mcs0/4"
          #       - "mcs1/4"
          #       - "mcs2/4"
          #       - "mcs3/4"
          #       - "mcs4/4"
          #       - "mcs5/4"
          #       - "mcs6/4"
          #       - "mcs7/4"
          #       - "mcs8/4"
          #       - "mcs9/4"
          #       - "mcs10/3"
          #       - "mcs11/3"
          #       - "mcs10/4"
          #       - "mcs11/4"
          #     rates_11ax_mcs_map: <string>
          #     rates_11ax_ss12:
          #       - "mcs0/1"
          #       - "mcs1/1"
          #       - "mcs2/1"
          #       - "mcs3/1"
          #       - "mcs4/1"
          #       - "mcs5/1"
          #       - "mcs6/1"
          #       - "mcs7/1"
          #       - "mcs8/1"
          #       - "mcs9/1"
          #       - "mcs10/1"
          #       - "mcs11/1"
          #       - "mcs0/2"
          #       - "mcs1/2"
          #       - "mcs2/2"
          #       - "mcs3/2"
          #       - "mcs4/2"
          #       - "mcs5/2"
          #       - "mcs6/2"
          #       - "mcs7/2"
          #       - "mcs8/2"
          #       - "mcs9/2"
          #       - "mcs10/2"
          #       - "mcs11/2"
          #     rates_11ax_ss34:
          #       - "mcs0/3"
          #       - "mcs1/3"
          #       - "mcs2/3"
          #       - "mcs3/3"
          #       - "mcs4/3"
          #       - "mcs5/3"
          #       - "mcs6/3"
          #       - "mcs7/3"
          #       - "mcs8/3"
          #       - "mcs9/3"
          #       - "mcs10/3"
          #       - "mcs11/3"
          #       - "mcs0/4"
          #       - "mcs1/4"
          #       - "mcs2/4"
          #       - "mcs3/4"
          #       - "mcs4/4"
          #       - "mcs5/4"
          #       - "mcs6/4"
          #       - "mcs7/4"
          #       - "mcs8/4"
          #       - "mcs9/4"
          #       - "mcs10/4"
          #       - "mcs11/4"
          #     rates_11be_mcs_map: <string>
          #     rates_11be_mcs_map_160: <string>
          #     rates_11be_mcs_map_320: <string>
          #     rates_11bg:
          #       - "1"
          #       - "1-basic"
          #       - "2"
          #       - "2-basic"
          #       - "5.5"
          #       - "5.5-basic"
          #       - "6"
          #       - "6-basic"
          #       - "9"
          #       - "9-basic"
          #       - "12"
          #       - "12-basic"
          #       - "18"
          #       - "18-basic"
          #       - "24"
          #       - "24-basic"
          #       - "36"
          #       - "36-basic"
          #       - "48"
          #       - "48-basic"
          #       - "54"
          #       - "54-basic"
          #       - "11"
          #       - "11-basic"
          #     rates_11n_ss12:
          #       - "mcs0/1"
          #       - "mcs1/1"
          #       - "mcs2/1"
          #       - "mcs3/1"
          #       - "mcs4/1"
          #       - "mcs5/1"
          #       - "mcs6/1"
          #       - "mcs7/1"
          #       - "mcs8/2"
          #       - "mcs9/2"
          #       - "mcs10/2"
          #       - "mcs11/2"
          #       - "mcs12/2"
          #       - "mcs13/2"
          #       - "mcs14/2"
          #       - "mcs15/2"
          #     rates_11n_ss34:
          #       - "mcs16/3"
          #       - "mcs17/3"
          #       - "mcs18/3"
          #       - "mcs19/3"
          #       - "mcs20/3"
          #       - "mcs21/3"
          #       - "mcs22/3"
          #       - "mcs23/3"
          #       - "mcs24/4"
          #       - "mcs25/4"
          #       - "mcs26/4"
          #       - "mcs27/4"
          #       - "mcs28/4"
          #       - "mcs29/4"
          #       - "mcs30/4"
          #       - "mcs31/4"
          #     roaming_acct_interim_update: <value in [disable, enable]>
          #     sae_groups:
          #       - "1"
          #       - "2"
          #       - "5"
          #       - "14"
          #       - "15"
          #       - "16"
          #       - "17"
          #       - "18"
          #       - "19"
          #       - "20"
          #       - "21"
          #       - "27"
          #       - "28"
          #       - "29"
          #       - "30"
          #       - "31"
          #     sae_h2e_only: <value in [disable, enable]>
          #     sae_hnp_only: <value in [disable, enable]>
          #     sae_password: <list or string>
          #     sae_pk: <value in [disable, enable]>
          #     sae_private_key: <string>
          #     scan_botnet_connections: <value in [disable, block, monitor]>
          #     schedule: <list or string>
          #     secondary_wag_profile: <list or string>
          #     security: <value in [None, wep64, wep128, ...]>
          #     security_exempt_list: <list or string>
          #     security_obsolete_option: <value in [disable, enable]>
          #     security_redirect_url: <string>
          #     selected_usergroups: <list or string>
          #     split_tunneling: <value in [disable, enable]>
          #     ssid: <string>
          #     sticky_client_remove: <value in [disable, enable]>
          #     sticky_client_threshold_2g: <string>
          #     sticky_client_threshold_5g: <string>
          #     sticky_client_threshold_6g: <string>
          #     target_wake_time: <value in [disable, enable]>
          #     tkip_counter_measure: <value in [disable, enable]>
          #     tunnel_echo_interval: <integer>
          #     tunnel_fallback_interval: <integer>
          #     usergroup: <list or string>
          #     utm_log: <value in [disable, enable]>
          #     utm_profile: <list or string>
          #     utm_status: <value in [disable, enable]>
          #     vdom: <list or string>
          #     vlan_auto: <value in [disable, enable]>
          #     vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
          #     vlanid: <integer>
          #     voice_enterprise: <value in [disable, enable]>
          #     webfilter_profile: <list or string>
          #     _intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
          #     _intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
          #     domain_name_stripping: <value in [disable, enable]>
          #     local_lan_partition: <value in [disable, enable]>
          #     _intf_role: <value in [lan, wan, dmz, ...]>
          #     called_station_id_type: <value in [mac, ip, apname]>
          #     external_pre_auth: <value in [disable, enable]>
          #     pre_auth: <value in [disable, enable]>
          #     _intf_ip6_send_adv: <value in [disable, enable]>
          #     ip6_prefix_list:
          #       - autonomous_flag: <value in [disable, enable]>
          #         dnssl: <list or string>
          #         onlink_flag: <value in [disable, enable]>
          #         preferred_life_time: <integer>
          #         prefix: <string>
          #         rdnss: <list or string>
          #         valid_life_time: <integer>
          #     _intf_vrf: <integer>
          #     captive_network_assistant_bypass: <value in [disable, enable]>
          #     mlo: <value in [disable, enable]>
          # eap_reauth: <value in [disable, enable]>
          # eap_reauth_intv: <integer>
          # eapol_key_retries: <value in [disable, enable]>
          # encrypt: <value in [TKIP, AES, TKIP-AES]>
          # external_fast_roaming: <value in [disable, enable]>
          # external_logout: <string>
          # external_web: <string>
          # external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
          # fast_bss_transition: <value in [disable, enable]>
          # fast_roaming: <value in [disable, enable]>
          # ft_mobility_domain: <integer>
          # ft_over_ds: <value in [disable, enable]>
          # ft_r0_key_lifetime: <integer>
          # gas_comeback_delay: <integer>
          # gas_fragmentation_limit: <integer>
          # gtk_rekey: <value in [disable, enable]>
          # gtk_rekey_intv: <integer>
          # high_efficiency: <value in [disable, enable]>
          # hotspot20_profile: <list or string>
          # igmp_snooping: <value in [disable, enable]>
          # intra_vap_privacy: <value in [disable, enable]>
          # ip: <list or string>
          # ips_sensor: <list or string>
          # ipv6_rules:
          #   - "drop-icmp6ra"
          #   - "drop-icmp6rs"
          #   - "drop-llmnr6"
          #   - "drop-icmp6mld2"
          #   - "drop-dhcp6s"
          #   - "drop-dhcp6c"
          #   - "ndp-proxy"
          #   - "drop-ns-dad"
          #   - "drop-ns-nondad"
          # key: <list or string>
          # keyindex: <integer>
          # l3_roaming: <value in [disable, enable]>
          # l3_roaming_mode: <value in [direct, indirect]>
          # ldpc: <value in [disable, tx, rx, ...]>
          # local_authentication: <value in [disable, enable]>
          # local_bridging: <value in [disable, enable]>
          # local_lan: <value in [deny, allow]>
          # local_standalone: <value in [disable, enable]>
          # local_standalone_dns: <value in [disable, enable]>
          # local_standalone_dns_ip: <list or string>
          # local_standalone_nat: <value in [disable, enable]>
          # mac_auth_bypass: <value in [disable, enable]>
          # mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          # mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          # mac_case: <value in [uppercase, lowercase]>
          # mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          # mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          # max_clients: <integer>
          # max_clients_ap: <integer>
          # mbo: <value in [disable, enable]>
          # mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
          # me_disable_thresh: <integer>
          # mesh_backhaul: <value in [disable, enable]>
          # mpsk_profile: <list or string>
          # mu_mimo: <value in [disable, enable]>
          # multicast_enhance: <value in [disable, enable]>
          # multicast_rate: <value in [0, 6000, 12000, ...]>
          # nac: <value in [disable, enable]>
          # nac_profile: <list or string>
          # nas_filter_rule: <value in [disable, enable]>
          # neighbor_report_dual_band: <value in [disable, enable]>
          # okc: <value in [disable, enable]>
          # osen: <value in [disable, enable]>
          # owe_groups:
          #   - "19"
          #   - "20"
          #   - "21"
          # owe_transition: <value in [disable, enable]>
          # owe_transition_ssid: <string>
          # passphrase: <list or string>
          # pmf: <value in [disable, enable, optional]>
          # pmf_assoc_comeback_timeout: <integer>
          # pmf_sa_query_retry_timeout: <integer>
          # port_macauth: <value in [disable, radius, address-group]>
          # port_macauth_reauth_timeout: <integer>
          # port_macauth_timeout: <integer>
          # portal_message_override_group: <list or string>
          # portal_message_overrides:
          #   auth_disclaimer_page: <string>
          #   auth_login_failed_page: <string>
          #   auth_login_page: <string>
          #   auth_reject_page: <string>
          # portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
          # primary_wag_profile: <list or string>
          # probe_resp_suppression: <value in [disable, enable]>
          # probe_resp_threshold: <string>
          # ptk_rekey: <value in [disable, enable]>
          # ptk_rekey_intv: <integer>
          # qos_profile: <list or string>
          # quarantine: <value in [disable, enable]>
          # radio_2g_threshold: <string>
          # radio_5g_threshold: <string>
          # radio_sensitivity: <value in [disable, enable]>
          # radius_mac_auth: <value in [disable, enable]>
          # radius_mac_auth_block_interval: <integer>
          # radius_mac_auth_server: <list or string>
          # radius_mac_auth_usergroups: <list or string>
          # radius_mac_mpsk_auth: <value in [disable, enable]>
          # radius_mac_mpsk_timeout: <integer>
          # radius_server: <list or string>
          # rates_11a:
          #   - "1"
          #   - "1-basic"
          #   - "2"
          #   - "2-basic"
          #   - "5.5"
          #   - "5.5-basic"
          #   - "6"
          #   - "6-basic"
          #   - "9"
          #   - "9-basic"
          #   - "12"
          #   - "12-basic"
          #   - "18"
          #   - "18-basic"
          #   - "24"
          #   - "24-basic"
          #   - "36"
          #   - "36-basic"
          #   - "48"
          #   - "48-basic"
          #   - "54"
          #   - "54-basic"
          #   - "11"
          #   - "11-basic"
          # rates_11ac_mcs_map: <string>
          # rates_11ax_mcs_map: <string>
          # rates_11be_mcs_map: <string>
          # rates_11be_mcs_map_160: <string>
          # rates_11be_mcs_map_320: <string>
          # rates_11bg:
          #   - "1"
          #   - "1-basic"
          #   - "2"
          #   - "2-basic"
          #   - "5.5"
          #   - "5.5-basic"
          #   - "6"
          #   - "6-basic"
          #   - "9"
          #   - "9-basic"
          #   - "12"
          #   - "12-basic"
          #   - "18"
          #   - "18-basic"
          #   - "24"
          #   - "24-basic"
          #   - "36"
          #   - "36-basic"
          #   - "48"
          #   - "48-basic"
          #   - "54"
          #   - "54-basic"
          #   - "11"
          #   - "11-basic"
          # rates_11n_ss12:
          #   - "mcs0/1"
          #   - "mcs1/1"
          #   - "mcs2/1"
          #   - "mcs3/1"
          #   - "mcs4/1"
          #   - "mcs5/1"
          #   - "mcs6/1"
          #   - "mcs7/1"
          #   - "mcs8/2"
          #   - "mcs9/2"
          #   - "mcs10/2"
          #   - "mcs11/2"
          #   - "mcs12/2"
          #   - "mcs13/2"
          #   - "mcs14/2"
          #   - "mcs15/2"
          # rates_11n_ss34:
          #   - "mcs16/3"
          #   - "mcs17/3"
          #   - "mcs18/3"
          #   - "mcs19/3"
          #   - "mcs20/3"
          #   - "mcs21/3"
          #   - "mcs22/3"
          #   - "mcs23/3"
          #   - "mcs24/4"
          #   - "mcs25/4"
          #   - "mcs26/4"
          #   - "mcs27/4"
          #   - "mcs28/4"
          #   - "mcs29/4"
          #   - "mcs30/4"
          #   - "mcs31/4"
          # roaming_acct_interim_update: <value in [disable, enable]>
          # sae_groups:
          #   - "1"
          #   - "2"
          #   - "5"
          #   - "14"
          #   - "15"
          #   - "16"
          #   - "17"
          #   - "18"
          #   - "19"
          #   - "20"
          #   - "21"
          #   - "27"
          #   - "28"
          #   - "29"
          #   - "30"
          #   - "31"
          # sae_h2e_only: <value in [disable, enable]>
          # sae_hnp_only: <value in [disable, enable]>
          # sae_password: <list or string>
          # sae_pk: <value in [disable, enable]>
          # sae_private_key: <string>
          # scan_botnet_connections: <value in [disable, block, monitor]>
          # schedule: <list or string>
          # secondary_wag_profile: <list or string>
          # security: <value in [None, wep64, wep128, ...]>
          # security_exempt_list: <list or string>
          # security_obsolete_option: <value in [disable, enable]>
          # security_redirect_url: <string>
          # selected_usergroups: <list or string>
          # split_tunneling: <value in [disable, enable]>
          # ssid: <string>
          # sticky_client_remove: <value in [disable, enable]>
          # sticky_client_threshold_2g: <string>
          # sticky_client_threshold_5g: <string>
          # sticky_client_threshold_6g: <string>
          # target_wake_time: <value in [disable, enable]>
          # tkip_counter_measure: <value in [disable, enable]>
          # tunnel_echo_interval: <integer>
          # tunnel_fallback_interval: <integer>
          # usergroup: <list or string>
          # utm_log: <value in [disable, enable]>
          # utm_profile: <list or string>
          # utm_status: <value in [disable, enable]>
          # vlan_auto: <value in [disable, enable]>
          # vlan_name:
          #   - name: <string>
          #     vlan_id: <integer>
          # vlan_pool:
          #   - _wtp_group: <string>
          #     id: <integer>
          #     wtp_group: <list or string>
          # vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
          # vlanid: <integer>
          # voice_enterprise: <value in [disable, enable]>
          # webfilter_profile: <list or string>
          # mac_filter_policy_other: <value in [deny, allow]>
          # mac_filter: <value in [disable, enable]>
          # rates_11ax_ss12:
          #   - "mcs0/1"
          #   - "mcs1/1"
          #   - "mcs2/1"
          #   - "mcs3/1"
          #   - "mcs4/1"
          #   - "mcs5/1"
          #   - "mcs6/1"
          #   - "mcs7/1"
          #   - "mcs8/1"
          #   - "mcs9/1"
          #   - "mcs10/1"
          #   - "mcs11/1"
          #   - "mcs0/2"
          #   - "mcs1/2"
          #   - "mcs2/2"
          #   - "mcs3/2"
          #   - "mcs4/2"
          #   - "mcs5/2"
          #   - "mcs6/2"
          #   - "mcs7/2"
          #   - "mcs8/2"
          #   - "mcs9/2"
          #   - "mcs10/2"
          #   - "mcs11/2"
          # rates_11ac_ss34:
          #   - "mcs0/3"
          #   - "mcs1/3"
          #   - "mcs2/3"
          #   - "mcs3/3"
          #   - "mcs4/3"
          #   - "mcs5/3"
          #   - "mcs6/3"
          #   - "mcs7/3"
          #   - "mcs8/3"
          #   - "mcs9/3"
          #   - "mcs0/4"
          #   - "mcs1/4"
          #   - "mcs2/4"
          #   - "mcs3/4"
          #   - "mcs4/4"
          #   - "mcs5/4"
          #   - "mcs6/4"
          #   - "mcs7/4"
          #   - "mcs8/4"
          #   - "mcs9/4"
          #   - "mcs10/3"
          #   - "mcs11/3"
          #   - "mcs10/4"
          #   - "mcs11/4"
          # rates_11ax_ss34:
          #   - "mcs0/3"
          #   - "mcs1/3"
          #   - "mcs2/3"
          #   - "mcs3/3"
          #   - "mcs4/3"
          #   - "mcs5/3"
          #   - "mcs6/3"
          #   - "mcs7/3"
          #   - "mcs8/3"
          #   - "mcs9/3"
          #   - "mcs10/3"
          #   - "mcs11/3"
          #   - "mcs0/4"
          #   - "mcs1/4"
          #   - "mcs2/4"
          #   - "mcs3/4"
          #   - "mcs4/4"
          #   - "mcs5/4"
          #   - "mcs6/4"
          #   - "mcs7/4"
          #   - "mcs8/4"
          #   - "mcs9/4"
          #   - "mcs10/4"
          #   - "mcs11/4"
          # rates_11ac_ss12:
          #   - "mcs0/1"
          #   - "mcs1/1"
          #   - "mcs2/1"
          #   - "mcs3/1"
          #   - "mcs4/1"
          #   - "mcs5/1"
          #   - "mcs6/1"
          #   - "mcs7/1"
          #   - "mcs8/1"
          #   - "mcs9/1"
          #   - "mcs0/2"
          #   - "mcs1/2"
          #   - "mcs2/2"
          #   - "mcs3/2"
          #   - "mcs4/2"
          #   - "mcs5/2"
          #   - "mcs6/2"
          #   - "mcs7/2"
          #   - "mcs8/2"
          #   - "mcs9/2"
          #   - "mcs10/1"
          #   - "mcs11/1"
          #   - "mcs10/2"
          #   - "mcs11/2"
          # mac_filter_list:
          #   - id: <integer>
          #     mac: <string>
          #     mac_filter_policy: <value in [deny, allow]>
          # mpsk_key:
          #   - comment: <string>
          #     concurrent_clients: <string>
          #     key_name: <string>
          #     mpsk_schedules: <list or string>
          #     passphrase: <list or string>
          # mpsk: <value in [disable, enable]>
          # mpsk_concurrent_clients: <integer>
          # acct_interim_interval: <integer>
          # captive_portal_radius_server: <string>
          # captive_portal_session_timeout_interval: <integer>
          # captive_portal_radius_secret: <list or string>
          # captive_portal_macauth_radius_secret: <list or string>
          # captive_portal_macauth_radius_server: <string>
          # _intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
          # _intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
          # domain_name_stripping: <value in [disable, enable]>
          # local_lan_partition: <value in [disable, enable]>
          # _intf_role: <value in [lan, wan, dmz, ...]>
          # called_station_id_type: <value in [mac, ip, apname]>
          # external_pre_auth: <value in [disable, enable]>
          # pre_auth: <value in [disable, enable]>
          # _intf_ip6_send_adv: <value in [disable, enable]>
          # ip6_prefix_list:
          #   - autonomous_flag: <value in [disable, enable]>
          #     dnssl: <list or string>
          #     onlink_flag: <value in [disable, enable]>
          #     preferred_life_time: <integer>
          #     prefix: <string>
          #     rdnss: <list or string>
          #     valid_life_time: <integer>
          # _intf_vrf: <integer>
          # captive_network_assistant_bypass: <value in [disable, enable]>
          # mlo: <value in [disable, enable]>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)