New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||||
---|---|---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||||
system_interface
-
|
Default: null
|
Configure interfaces.
|
||||
ac-name
-
|
PPPoE server name.
|
|||||
aggregate
-
|
Aggregate interface.
|
|||||
algorithm
-
|
|
Frame distribution algorithm.
|
||||
alias
-
|
Alias will be displayed with the interface name to make it easier to distinguish.
|
|||||
allowaccess
-
|
|
Permitted types of management access to this interface.
|
||||
ap-discover
-
|
|
Enable/disable automatic registration of unknown FortiAP devices.
|
||||
arpforward
-
|
|
Enable/disable ARP forwarding.
|
||||
auth-type
-
|
|
PPP authentication type to use.
|
||||
auto-auth-extension-device
-
|
|
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface.
|
||||
bfd
-
|
|
Bidirectional Forwarding Detection (BFD) settings.
|
||||
bfd-desired-min-tx
-
|
BFD desired minimal transmit interval.
|
|||||
bfd-detect-mult
-
|
BFD detection multiplier.
|
|||||
bfd-required-min-rx
-
|
BFD required minimal receive interval.
|
|||||
broadcast-forticlient-discovery
-
|
|
Enable/disable broadcasting FortiClient discovery messages.
|
||||
broadcast-forward
-
|
|
Enable/disable broadcast forwarding.
|
||||
captive-portal
-
|
Enable/disable captive portal.
|
|||||
cli-conn-status
-
|
CLI connection status.
|
|||||
color
-
|
Color of icon on the GUI.
|
|||||
dedicated-to
-
|
|
Configure interface for single purpose.
|
||||
defaultgw
-
|
|
Enable to get the gateway IP from the DHCP or PPPoE server.
|
||||
description
-
|
Description.
|
|||||
detected-peer-mtu
-
|
MTU of detected peer (0 - 4294967295).
|
|||||
detectprotocol
-
|
|
Protocols used to detect the server.
|
||||
detectserver
-
|
Gateway's ping server for this IP.
|
|||||
device-access-list
-
|
Device access list.
|
|||||
device-identification
-
|
|
Enable/disable passively gathering of device identity information about the devices on the network connected to this interface.
|
||||
device-identification-active-scan
-
|
|
Enable/disable active gathering of device identity information about the devices on the network connected to this interface.
|
||||
device-netscan
-
|
|
Enable/disable inclusion of devices detected on this interface in network vulnerability scans.
|
||||
device-user-identification
-
|
|
Enable/disable passive gathering of user identity information about users on this interface.
|
||||
devindex
-
|
Device Index.
|
|||||
dhcp-client-identifier
-
|
DHCP client identifier.
|
|||||
dhcp-relay-agent-option
-
|
|
Enable/disable DHCP relay agent option.
|
||||
dhcp-relay-ip
-
|
DHCP relay IP address.
|
|||||
dhcp-relay-service
-
|
|
Enable/disable allowing this interface to act as a DHCP relay.
|
||||
dhcp-relay-type
-
|
|
DHCP relay type (regular or IPsec).
|
||||
dhcp-renew-time
-
|
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
|
|||||
disc-retry-timeout
-
|
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
|
|||||
disconnect-threshold
-
|
Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
|
|||||
distance
-
|
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
|
|||||
dns-server-override
-
|
|
Enable/disable use DNS acquired by DHCP or PPPoE.
|
||||
drop-fragment
-
|
|
Enable/disable drop fragment packets.
|
||||
drop-overlapped-fragment
-
|
|
Enable/disable drop overlapped fragment packets.
|
||||
egress-shaping-profile
-
|
Outgoing traffic shaping profile.
|
|||||
endpoint-compliance
-
|
|
Enable/disable endpoint compliance enforcement.
|
||||
estimated-downstream-bandwidth
-
|
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
|
|||||
estimated-upstream-bandwidth
-
|
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
|
|||||
explicit-ftp-proxy
-
|
|
Enable/disable the explicit FTP proxy on this interface.
|
||||
explicit-web-proxy
-
|
|
Enable/disable the explicit web proxy on this interface.
|
||||
external
-
|
|
Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet).
|
||||
fail-action-on-extender
-
|
|
Action on extender when interface fail .
|
||||
fail-alert-interfaces
-
|
Names of the FortiGate interfaces from which the link failure alert is sent for this interface.
|
|||||
name
-
/ required
|
Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name.
|
|||||
fail-alert-method
-
|
|
Select link-failed-signal or link-down method to alert about a failed link.
|
||||
fail-detect
-
|
|
Enable/disable fail detection features for this interface.
|
||||
fail-detect-option
-
|
|
Options for detecting that this interface has failed.
|
||||
fortiheartbeat
-
|
|
Enable/disable FortiHeartBeat (FortiTelemetry on GUI).
|
||||
fortilink
-
|
|
Enable FortiLink to dedicate this interface to manage other Fortinet devices.
|
||||
fortilink-backup-link
-
|
fortilink split interface backup link.
|
|||||
fortilink-split-interface
-
|
|
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members" command).
|
||||
fortilink-stacking
-
|
|
Enable/disable FortiLink switch-stacking on this interface.
|
||||
forward-domain
-
|
Transparent mode forward domain.
|
|||||
gwdetect
-
|
|
Enable/disable detect gateway alive for first.
|
||||
ha-priority
-
|
HA election priority for the PING server.
|
|||||
icmp-accept-redirect
-
|
|
Enable/disable ICMP accept redirect.
|
||||
icmp-send-redirect
-
|
|
Enable/disable ICMP send redirect.
|
||||
ident-accept
-
|
|
Enable/disable authentication for this interface.
|
||||
idle-timeout
-
|
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
|
|||||
inbandwidth
-
|
Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited.
|
|||||
ingress-spillover-threshold
-
|
Ingress Spillover threshold (0 - 16776000 kbps).
|
|||||
interface
-
|
Interface name. Source system.interface.name.
|
|||||
internal
-
|
Implicitly created.
|
|||||
ip
-
|
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
|
|||||
ipmac
-
|
|
Enable/disable IP/MAC binding.
|
||||
ips-sniffer-mode
-
|
|
Enable/disable the use of this interface as a one-armed sniffer.
|
||||
ipunnumbered
-
|
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
|
|||||
ipv6
-
|
IPv6 of interface.
|
|||||
autoconf
-
|
|
Enable/disable address auto config.
|
||||
dhcp6-client-options
-
|
|
DHCPv6 client options.
|
||||
dhcp6-information-request
-
|
|
Enable/disable DHCPv6 information request.
|
||||
dhcp6-prefix-delegation
-
|
|
Enable/disable DHCPv6 prefix delegation.
|
||||
dhcp6-prefix-hint
-
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
|
|||||
dhcp6-prefix-hint-plt
-
|
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
|
|||||
dhcp6-prefix-hint-vlt
-
|
DHCPv6 prefix hint valid life time (sec).
|
|||||
dhcp6-relay-ip
-
|
DHCPv6 relay IP address.
|
|||||
dhcp6-relay-service
-
|
|
Enable/disable DHCPv6 relay.
|
||||
dhcp6-relay-type
-
|
|
DHCPv6 relay type.
|
||||
ip6-address
-
|
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
|
|||||
ip6-allowaccess
-
|
|
Allow management access to the interface.
|
||||
ip6-default-life
-
|
Default life (sec).
|
|||||
ip6-delegated-prefix-list
-
|
Advertised IPv6 delegated prefix list.
|
|||||
autonomous-flag
-
|
|
Enable/disable the autonomous flag.
|
||||
onlink-flag
-
|
|
Enable/disable the onlink flag.
|
||||
prefix-id
-
/ required
|
Prefix ID.
|
|||||
rdnss
-
|
Recursive DNS server option.
|
|||||
rdnss-service
-
|
|
Recursive DNS service option.
|
||||
subnet
-
|
Add subnet ID to routing prefix.
|
|||||
upstream-interface
-
|
Name of the interface that provides delegated information. Source system.interface.name.
|
|||||
ip6-dns-server-override
-
|
|
Enable/disable using the DNS server acquired by DHCP.
|
||||
ip6-extra-addr
-
|
Extra IPv6 address prefixes of interface.
|
|||||
prefix
-
/ required
|
IPv6 address prefix.
|
|||||
ip6-hop-limit
-
|
Hop limit (0 means unspecified).
|
|||||
ip6-link-mtu
-
|
IPv6 link MTU.
|
|||||
ip6-manage-flag
-
|
|
Enable/disable the managed flag.
|
||||
ip6-max-interval
-
|
IPv6 maximum interval (4 to 1800 sec).
|
|||||
ip6-min-interval
-
|
IPv6 minimum interval (3 to 1350 sec).
|
|||||
ip6-mode
-
|
|
Addressing mode (static, DHCP, delegated).
|
||||
ip6-other-flag
-
|
|
Enable/disable the other IPv6 flag.
|
||||
ip6-prefix-list
-
|
Advertised prefix list.
|
|||||
autonomous-flag
-
|
|
Enable/disable the autonomous flag.
|
||||
dnssl
-
|
DNS search list option.
|
|||||
domain
-
/ required
|
Domain name.
|
|||||
onlink-flag
-
|
|
Enable/disable the onlink flag.
|
||||
preferred-life-time
-
|
Preferred life time (sec).
|
|||||
prefix
-
/ required
|
IPv6 prefix.
|
|||||
rdnss
-
|
Recursive DNS server option.
|
|||||
valid-life-time
-
|
Valid life time (sec).
|
|||||
ip6-reachable-time
-
|
IPv6 reachable time (milliseconds; 0 means unspecified).
|
|||||
ip6-retrans-time
-
|
IPv6 retransmit time (milliseconds; 0 means unspecified).
|
|||||
ip6-send-adv
-
|
|
Enable/disable sending advertisements about the interface.
|
||||
ip6-subnet
-
|
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
|
|||||
ip6-upstream-interface
-
|
Interface name providing delegated information. Source system.interface.name.
|
|||||
nd-cert
-
|
Neighbor discovery certificate. Source certificate.local.name.
|
|||||
nd-cga-modifier
-
|
Neighbor discovery CGA modifier.
|
|||||
nd-mode
-
|
|
Neighbor discovery mode.
|
||||
nd-security-level
-
|
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0).
|
|||||
nd-timestamp-delta
-
|
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300).
|
|||||
nd-timestamp-fuzz
-
|
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1).
|
|||||
vrip6_link_local
-
|
Link-local IPv6 address of virtual router.
|
|||||
vrrp-virtual-mac6
-
|
|
Enable/disable virtual MAC for VRRP.
|
||||
vrrp6
-
|
IPv6 VRRP configuration.
|
|||||
accept-mode
-
|
|
Enable/disable accept mode.
|
||||
adv-interval
-
|
Advertisement interval (1 - 255 seconds).
|
|||||
preempt
-
|
|
Enable/disable preempt mode.
|
||||
priority
-
|
Priority of the virtual router (1 - 255).
|
|||||
start-time
-
|
Startup time (1 - 255 seconds).
|
|||||
status
-
|
|
Enable/disable VRRP.
|
||||
vrdst6
-
|
Monitor the route to this destination.
|
|||||
vrgrp
-
|
VRRP group ID (1 - 65535).
|
|||||
vrid
-
/ required
|
Virtual router identifier (1 - 255).
|
|||||
vrip6
-
|
IPv6 address of the virtual router.
|
|||||
l2forward
-
|
|
Enable/disable l2 forwarding.
|
||||
lacp-ha-slave
-
|
|
LACP HA slave.
|
||||
lacp-mode
-
|
|
LACP mode.
|
||||
lacp-speed
-
|
|
How often the interface sends LACP messages.
|
||||
lcp-echo-interval
-
|
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
|
|||||
lcp-max-echo-fails
-
|
Maximum missed LCP echo messages before disconnect.
|
|||||
link-up-delay
-
|
Number of milliseconds to wait before considering a link is up.
|
|||||
lldp-transmission
-
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
|
||||
macaddr
-
|
Change the interface's MAC address.
|
|||||
managed-device
-
|
Available when FortiLink is enabled, used for managed devices through FortiLink interface.
|
|||||
name
-
/ required
|
Managed dev identifier.
|
|||||
management-ip
-
|
High Availability in-band management IP address of this interface.
|
|||||
member
-
|
Physical interfaces that belong to the aggregate or redundant interface.
|
|||||
interface-name
-
/ required
|
Physical interface name. Source system.interface.name.
|
|||||
min-links
-
|
Minimum number of aggregated ports that must be up.
|
|||||
min-links-down
-
|
|
Action to take when less than the configured minimum number of links are active.
|
||||
mode
-
|
|
Addressing mode (static, DHCP, PPPoE).
|
||||
mtu
-
|
MTU value for this interface.
|
|||||
mtu-override
-
|
|
Enable to set a custom MTU for this interface.
|
||||
name
-
/ required
|
Name.
|
|||||
ndiscforward
-
|
|
Enable/disable NDISC forwarding.
|
||||
netbios-forward
-
|
|
Enable/disable NETBIOS forwarding.
|
||||
netflow-sampler
-
|
|
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both).
|
||||
outbandwidth
-
|
Bandwidth limit for outgoing traffic (0 - 16776000 kbps).
|
|||||
padt-retry-timeout
-
|
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
|
|||||
password
-
|
PPPoE account's password.
|
|||||
ping-serv-status
-
|
PING server status.
|
|||||
polling-interval
-
|
sFlow polling interval (1 - 255 sec).
|
|||||
pppoe-unnumbered-negotiate
-
|
|
Enable/disable PPPoE unnumbered negotiation.
|
||||
pptp-auth-type
-
|
|
PPTP authentication type.
|
||||
pptp-client
-
|
|
Enable/disable PPTP client.
|
||||
pptp-password
-
|
PPTP password.
|
|||||
pptp-server-ip
-
|
PPTP server IP address.
|
|||||
pptp-timeout
-
|
Idle timer in minutes (0 for disabled).
|
|||||
pptp-user
-
|
PPTP user name.
|
|||||
preserve-session-route
-
|
|
Enable/disable preservation of session route when dirty.
|
||||
priority
-
|
Priority of learned routes.
|
|||||
priority-override
-
|
|
Enable/disable fail back to higher priority port once recovered.
|
||||
proxy-captive-portal
-
|
|
Enable/disable proxy captive portal on this interface.
|
||||
redundant-interface
-
|
Redundant interface.
|
|||||
remote-ip
-
|
Remote IP address of tunnel.
|
|||||
replacemsg-override-group
-
|
Replacement message override group.
|
|||||
role
-
|
|
Interface role.
|
||||
sample-direction
-
|
|
Data that NetFlow collects (rx, tx, or both).
|
||||
sample-rate
-
|
sFlow sample rate (10 - 99999).
|
|||||
scan-botnet-connections
-
|
|
Enable monitoring or blocking connections to Botnet servers through this interface.
|
||||
secondary-IP
-
|
|
Enable/disable adding a secondary IP to this interface.
|
||||
secondaryip
-
|
Second IP address of interface.
|
|||||
allowaccess
-
|
|
Management access settings for the secondary IP address.
|
||||
detectprotocol
-
|
|
Protocols used to detect the server.
|
||||
detectserver
-
|
Gateway's ping server for this IP.
|
|||||
gwdetect
-
|
|
Enable/disable detect gateway alive for first.
|
||||
ha-priority
-
|
HA election priority for the PING server.
|
|||||
id
-
/ required
|
ID.
|
|||||
ip
-
|
Secondary IP address of the interface.
|
|||||
ping-serv-status
-
|
PING server status.
|
|||||
security-exempt-list
-
|
Name of security-exempt-list.
|
|||||
security-external-logout
-
|
URL of external authentication logout server.
|
|||||
security-external-web
-
|
URL of external authentication web server.
|
|||||
security-groups
-
|
User groups that can authenticate with the captive portal.
|
|||||
name
-
/ required
|
Names of user groups that can authenticate with the captive portal.
|
|||||
security-mac-auth-bypass
-
|
|
Enable/disable MAC authentication bypass.
|
||||
security-mode
-
|
|
Turn on captive portal authentication for this interface.
|
||||
security-redirect-url
-
|
URL redirection after disclaimer/authentication.
|
|||||
service-name
-
|
PPPoE service name.
|
|||||
sflow-sampler
-
|
|
Enable/disable sFlow on this interface.
|
||||
snmp-index
-
|
Permanent SNMP Index of the interface.
|
|||||
speed
-
|
|
Interface speed. The default setting and the options available depend on the interface hardware.
|
||||
spillover-threshold
-
|
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
|
|||||
src-check
-
|
|
Enable/disable source IP check.
|
||||
state
-
|
|
Indicates whether to create or remove the object
|
||||
status
-
|
|
Bring the interface up or shut the interface down.
|
||||
stpforward
-
|
|
Enable/disable STP forwarding.
|
||||
stpforward-mode
-
|
|
Configure STP forwarding mode.
|
||||
subst
-
|
|
Enable to always send packets from this interface to a destination MAC address.
|
||||
substitute-dst-mac
-
|
Destination MAC address that all packets are sent to from this interface.
|
|||||
switch
-
|
Contained in switch.
|
|||||
switch-controller-access-vlan
-
|
|
Block FortiSwitch port-to-port traffic.
|
||||
switch-controller-arp-inspection
-
|
|
Enable/disable FortiSwitch ARP inspection.
|
||||
switch-controller-dhcp-snooping
-
|
|
Switch controller DHCP snooping.
|
||||
switch-controller-dhcp-snooping-option82
-
|
|
Switch controller DHCP snooping option82.
|
||||
switch-controller-dhcp-snooping-verify-mac
-
|
|
Switch controller DHCP snooping verify MAC.
|
||||
switch-controller-igmp-snooping
-
|
|
Switch controller IGMP snooping.
|
||||
switch-controller-learning-limit
-
|
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
|
|||||
tagging
-
|
Config object tagging.
|
|||||
category
-
|
Tag category. Source system.object-tagging.category.
|
|||||
name
-
/ required
|
Tagging entry name.
|
|||||
tags
-
|
Tags.
|
|||||
name
-
/ required
|
Tag name. Source system.object-tagging.tags.name.
|
|||||
tcp-mss
-
|
TCP maximum segment size. 0 means do not change segment size.
|
|||||
trust-ip-1
-
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
|
|||||
trust-ip-2
-
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
|
|||||
trust-ip-3
-
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
|
|||||
trust-ip6-1
-
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
|
|||||
trust-ip6-2
-
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
|
|||||
trust-ip6-3
-
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
|
|||||
type
-
|
|
Interface type.
|
||||
username
-
|
Username of the PPPoE account, provided by your ISP.
|
|||||
vdom
-
|
Interface is in this virtual domain (VDOM). Source system.vdom.name.
|
|||||
vindex
-
|
Switch control interface VLAN ID.
|
|||||
vlanforward
-
|
|
Enable/disable traffic forwarding between VLANs on this interface.
|
||||
vlanid
-
|
VLAN ID (1 - 4094).
|
|||||
vrf
-
|
Virtual Routing Forwarding ID.
|
|||||
vrrp
-
|
VRRP configuration.
|
|||||
accept-mode
-
|
|
Enable/disable accept mode.
|
||||
adv-interval
-
|
Advertisement interval (1 - 255 seconds).
|
|||||
preempt
-
|
|
Enable/disable preempt mode.
|
||||
priority
-
|
Priority of the virtual router (1 - 255).
|
|||||
proxy-arp
-
|
VRRP Proxy ARP configuration.
|
|||||
id
-
/ required
|
ID.
|
|||||
ip
-
|
Set IP addresses of proxy ARP.
|
|||||
start-time
-
|
Startup time (1 - 255 seconds).
|
|||||
status
-
|
|
Enable/disable this VRRP configuration.
|
||||
version
-
|
|
VRRP version.
|
||||
vrdst
-
|
Monitor the route to this destination.
|
|||||
vrdst-priority
-
|
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
|
|||||
vrgrp
-
|
VRRP group ID (1 - 65535).
|
|||||
vrid
-
/ required
|
Virtual router identifier (1 - 255).
|
|||||
vrip
-
|
IP address of the virtual router.
|
|||||
vrrp-virtual-mac
-
|
|
Enable/disable use of virtual MAC for VRRP.
|
||||
wccp
-
|
|
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.
|
||||
weight
-
|
Default weight for static routes (if route has no weight configured).
|
|||||
wins-ip
-
|
WINS server IP.
|
|||||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure interfaces.
fortios_system_interface:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_interface:
state: "present"
ac-name: "<your_own_value>"
aggregate: "<your_own_value>"
algorithm: "L2"
alias: "<your_own_value>"
allowaccess: "ping"
ap-discover: "enable"
arpforward: "enable"
auth-type: "auto"
auto-auth-extension-device: "enable"
bfd: "global"
bfd-desired-min-tx: "13"
bfd-detect-mult: "14"
bfd-required-min-rx: "15"
broadcast-forticlient-discovery: "enable"
broadcast-forward: "enable"
captive-portal: "18"
cli-conn-status: "19"
color: "20"
dedicated-to: "none"
defaultgw: "enable"
description: "<your_own_value>"
detected-peer-mtu: "24"
detectprotocol: "ping"
detectserver: "<your_own_value>"
device-access-list: "<your_own_value>"
device-identification: "enable"
device-identification-active-scan: "enable"
device-netscan: "disable"
device-user-identification: "enable"
devindex: "32"
dhcp-client-identifier: "myId_33"
dhcp-relay-agent-option: "enable"
dhcp-relay-ip: "<your_own_value>"
dhcp-relay-service: "disable"
dhcp-relay-type: "regular"
dhcp-renew-time: "38"
disc-retry-timeout: "39"
disconnect-threshold: "40"
distance: "41"
dns-server-override: "enable"
drop-fragment: "enable"
drop-overlapped-fragment: "enable"
egress-shaping-profile: "<your_own_value>"
endpoint-compliance: "enable"
estimated-downstream-bandwidth: "47"
estimated-upstream-bandwidth: "48"
explicit-ftp-proxy: "enable"
explicit-web-proxy: "enable"
external: "enable"
fail-action-on-extender: "soft-restart"
fail-alert-interfaces:
-
name: "default_name_54 (source system.interface.name)"
fail-alert-method: "link-failed-signal"
fail-detect: "enable"
fail-detect-option: "detectserver"
fortiheartbeat: "enable"
fortilink: "enable"
fortilink-backup-link: "60"
fortilink-split-interface: "enable"
fortilink-stacking: "enable"
forward-domain: "63"
gwdetect: "enable"
ha-priority: "65"
icmp-accept-redirect: "enable"
icmp-send-redirect: "enable"
ident-accept: "enable"
idle-timeout: "69"
inbandwidth: "70"
ingress-spillover-threshold: "71"
interface: "<your_own_value> (source system.interface.name)"
internal: "73"
ip: "<your_own_value>"
ipmac: "enable"
ips-sniffer-mode: "enable"
ipunnumbered: "<your_own_value>"
ipv6:
autoconf: "enable"
dhcp6-client-options: "rapid"
dhcp6-information-request: "enable"
dhcp6-prefix-delegation: "enable"
dhcp6-prefix-hint: "<your_own_value>"
dhcp6-prefix-hint-plt: "84"
dhcp6-prefix-hint-vlt: "85"
dhcp6-relay-ip: "<your_own_value>"
dhcp6-relay-service: "disable"
dhcp6-relay-type: "regular"
ip6-address: "<your_own_value>"
ip6-allowaccess: "ping"
ip6-default-life: "91"
ip6-delegated-prefix-list:
-
autonomous-flag: "enable"
onlink-flag: "enable"
prefix-id: "95"
rdnss: "<your_own_value>"
rdnss-service: "delegated"
subnet: "<your_own_value>"
upstream-interface: "<your_own_value> (source system.interface.name)"
ip6-dns-server-override: "enable"
ip6-extra-addr:
-
prefix: "<your_own_value>"
ip6-hop-limit: "103"
ip6-link-mtu: "104"
ip6-manage-flag: "enable"
ip6-max-interval: "106"
ip6-min-interval: "107"
ip6-mode: "static"
ip6-other-flag: "enable"
ip6-prefix-list:
-
autonomous-flag: "enable"
dnssl:
-
domain: "<your_own_value>"
onlink-flag: "enable"
preferred-life-time: "115"
prefix: "<your_own_value>"
rdnss: "<your_own_value>"
valid-life-time: "118"
ip6-reachable-time: "119"
ip6-retrans-time: "120"
ip6-send-adv: "enable"
ip6-subnet: "<your_own_value>"
ip6-upstream-interface: "<your_own_value> (source system.interface.name)"
nd-cert: "<your_own_value> (source certificate.local.name)"
nd-cga-modifier: "<your_own_value>"
nd-mode: "basic"
nd-security-level: "127"
nd-timestamp-delta: "128"
nd-timestamp-fuzz: "129"
vrip6_link_local: "<your_own_value>"
vrrp-virtual-mac6: "enable"
vrrp6:
-
accept-mode: "enable"
adv-interval: "134"
preempt: "enable"
priority: "136"
start-time: "137"
status: "enable"
vrdst6: "<your_own_value>"
vrgrp: "140"
vrid: "141"
vrip6: "<your_own_value>"
l2forward: "enable"
lacp-ha-slave: "enable"
lacp-mode: "static"
lacp-speed: "slow"
lcp-echo-interval: "147"
lcp-max-echo-fails: "148"
link-up-delay: "149"
lldp-transmission: "enable"
macaddr: "<your_own_value>"
managed-device:
-
name: "default_name_153"
management-ip: "<your_own_value>"
member:
-
interface-name: "<your_own_value> (source system.interface.name)"
min-links: "157"
min-links-down: "operational"
mode: "static"
mtu: "160"
mtu-override: "enable"
name: "default_name_162"
ndiscforward: "enable"
netbios-forward: "disable"
netflow-sampler: "disable"
outbandwidth: "166"
padt-retry-timeout: "167"
password: "<your_own_value>"
ping-serv-status: "169"
polling-interval: "170"
pppoe-unnumbered-negotiate: "enable"
pptp-auth-type: "auto"
pptp-client: "enable"
pptp-password: "<your_own_value>"
pptp-server-ip: "<your_own_value>"
pptp-timeout: "176"
pptp-user: "<your_own_value>"
preserve-session-route: "enable"
priority: "179"
priority-override: "enable"
proxy-captive-portal: "enable"
redundant-interface: "<your_own_value>"
remote-ip: "<your_own_value>"
replacemsg-override-group: "<your_own_value>"
role: "lan"
sample-direction: "tx"
sample-rate: "187"
scan-botnet-connections: "disable"
secondary-IP: "enable"
secondaryip:
-
allowaccess: "ping"
detectprotocol: "ping"
detectserver: "<your_own_value>"
gwdetect: "enable"
ha-priority: "195"
id: "196"
ip: "<your_own_value>"
ping-serv-status: "198"
security-exempt-list: "<your_own_value>"
security-external-logout: "<your_own_value>"
security-external-web: "<your_own_value>"
security-groups:
-
name: "default_name_203"
security-mac-auth-bypass: "enable"
security-mode: "none"
security-redirect-url: "<your_own_value>"
service-name: "<your_own_value>"
sflow-sampler: "enable"
snmp-index: "209"
speed: "auto"
spillover-threshold: "211"
src-check: "enable"
status: "up"
stpforward: "enable"
stpforward-mode: "rpl-all-ext-id"
subst: "enable"
substitute-dst-mac: "<your_own_value>"
switch: "<your_own_value>"
switch-controller-access-vlan: "enable"
switch-controller-arp-inspection: "enable"
switch-controller-dhcp-snooping: "enable"
switch-controller-dhcp-snooping-option82: "enable"
switch-controller-dhcp-snooping-verify-mac: "enable"
switch-controller-igmp-snooping: "enable"
switch-controller-learning-limit: "225"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_228"
tags:
-
name: "default_name_230 (source system.object-tagging.tags.name)"
tcp-mss: "231"
trust-ip-1: "<your_own_value>"
trust-ip-2: "<your_own_value>"
trust-ip-3: "<your_own_value>"
trust-ip6-1: "<your_own_value>"
trust-ip6-2: "<your_own_value>"
trust-ip6-3: "<your_own_value>"
type: "physical"
username: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vindex: "241"
vlanforward: "enable"
vlanid: "243"
vrf: "244"
vrrp:
-
accept-mode: "enable"
adv-interval: "247"
preempt: "enable"
priority: "249"
proxy-arp:
-
id: "251"
ip: "<your_own_value>"
start-time: "253"
status: "enable"
version: "2"
vrdst: "<your_own_value>"
vrdst-priority: "257"
vrgrp: "258"
vrid: "259"
vrip: "<your_own_value>"
vrrp-virtual-mac: "enable"
wccp: "enable"
weight: "263"
wins-ip: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.