fortinet.fortimanager.fmgr_vap – Configure Virtual Access Points
Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| adom string / required | the parameter (adom) in requested url | ||||
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |||
| enable_log boolean |
| Enable/Disable logging for task | |||
| proposed_method string |
| The overridden method for the underlying Json RPC request | |||
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | ||||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | ||||
| state string / required |
| the directive to create, update or delete an object | |||
| vap dictionary | the top level parameters set | ||||
| _centmgmt string |
| no description | |||
| _dhcp_svr_id string | no description | ||||
| _intf_allowaccess list / elements=string |
| no description | |||
| _intf_device-access-list string | no description | ||||
| _intf_device-identification string |
| no description | |||
| _intf_device-netscan string |
| no description | |||
| _intf_dhcp-relay-ip string | no description | ||||
| _intf_dhcp-relay-service string |
| no description | |||
| _intf_dhcp-relay-type string |
| no description | |||
| _intf_dhcp6-relay-ip string | no description | ||||
| _intf_dhcp6-relay-service string |
| no description | |||
| _intf_dhcp6-relay-type string |
| no description | |||
| _intf_ip string | no description | ||||
| _intf_ip6-address string | no description | ||||
| _intf_ip6-allowaccess list / elements=string |
| no description | |||
| _intf_listen-forticlient-connection string |
| no description | |||
| access-control-list string | access-control-list profile name. | ||||
| acct-interim-interval integer | WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). | ||||
| additional-akms list / elements=string |
| no description | |||
| address-group string | Address group ID. | ||||
| alias string | Alias. | ||||
| atf-weight integer | Airtime weight in percentage (default = 20). | ||||
| auth string |
| Authentication protocol. | |||
| broadcast-ssid string |
| Enable/disable broadcasting the SSID (default = enable). | |||
| broadcast-suppression list / elements=string |
| no description | |||
| bss-color-partial string |
| Enable/disable 802.11ax partial BSS color (default = enable). | |||
| bstm-disassociation-imminent string |
| Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). | |||
| bstm-load-balancing-disassoc-timer integer | Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = ... | ||||
| bstm-rssi-disassoc-timer integer | Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200). | ||||
| captive-portal-ac-name string | Local-bridging captive portal ac-name. | ||||
| captive-portal-auth-timeout integer | Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0). | ||||
| captive-portal-macauth-radius-secret string | no description | ||||
| captive-portal-macauth-radius-server string | Captive portal external RADIUS server domain name or IP address. | ||||
| captive-portal-radius-secret string | no description | ||||
| captive-portal-radius-server string | Captive portal RADIUS server domain name or IP address. | ||||
| captive-portal-session-timeout-interval integer | Session timeout interval (0 - 864000 sec, default = 0). | ||||
| dhcp-address-enforcement string |
| Enable/disable DHCP address enforcement (default = disable). | |||
| dhcp-lease-time integer | DHCP lease time in seconds for NAT IP address. | ||||
| dhcp-option43-insertion string |
| Enable/disable insertion of DHCP option 43 (default = enable). | |||
| dhcp-option82-circuit-id-insertion string |
| Enable/disable DHCP option 82 circuit-id insert (default = disable). | |||
| dhcp-option82-insertion string |
| Enable/disable DHCP option 82 insert (default = disable). | |||
| dhcp-option82-remote-id-insertion string |
| Enable/disable DHCP option 82 remote-id insert (default = disable). | |||
| dynamic-vlan string |
| Enable/disable dynamic VLAN assignment. | |||
| dynamic_mapping list / elements=string | no description | ||||
| _centmgmt string |
| no description | |||
| _dhcp_svr_id string | no description | ||||
| _intf_allowaccess list / elements=string |
| no description | |||
| _intf_device-access-list string | no description | ||||
| _intf_device-identification string |
| no description | |||
| _intf_device-netscan string |
| no description | |||
| _intf_dhcp-relay-ip string | no description | ||||
| _intf_dhcp-relay-service string |
| no description | |||
| _intf_dhcp-relay-type string |
| no description | |||
| _intf_dhcp6-relay-ip string | no description | ||||
| _intf_dhcp6-relay-service string |
| no description | |||
| _intf_dhcp6-relay-type string |
| no description | |||
| _intf_ip string | no description | ||||
| _intf_ip6-address string | no description | ||||
| _intf_ip6-allowaccess list / elements=string |
| no description | |||
| _intf_listen-forticlient-connection string |
| no description | |||
| _scope list / elements=string | no description | ||||
| name string | no description | ||||
| vdom string | no description | ||||
| access-control-list string | no description | ||||
| acct-interim-interval integer | no description | ||||
| additional-akms list / elements=string |
| no description | |||
| address-group string | no description | ||||
| alias string | no description | ||||
| atf-weight integer | no description | ||||
| auth string |
| no description | |||
| broadcast-ssid string |
| no description | |||
| broadcast-suppression list / elements=string |
| no description | |||
| bss-color-partial string |
| no description | |||
| bstm-disassociation-imminent string |
| Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). | |||
| bstm-load-balancing-disassoc-timer integer | Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, de... | ||||
| bstm-rssi-disassoc-timer integer | Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default =... | ||||
| captive-portal-ac-name string | no description | ||||
| captive-portal-auth-timeout integer | no description | ||||
| captive-portal-macauth-radius-secret string | no description | ||||
| captive-portal-macauth-radius-server string | no description | ||||
| captive-portal-radius-secret string | no description | ||||
| captive-portal-radius-server string | no description | ||||
| captive-portal-session-timeout-interval integer | no description | ||||
| client-count integer | no description | ||||
| dhcp-address-enforcement string |
| Enable/disable DHCP address enforcement (default = disable). | |||
| dhcp-lease-time integer | no description | ||||
| dhcp-option43-insertion string |
| no description | |||
| dhcp-option82-circuit-id-insertion string |
| no description | |||
| dhcp-option82-insertion string |
| no description | |||
| dhcp-option82-remote-id-insertion string |
| no description | |||
| dynamic-vlan string |
| no description | |||
| eap-reauth string |
| no description | |||
| eap-reauth-intv integer | no description | ||||
| eapol-key-retries string |
| no description | |||
| encrypt string |
| no description | |||
| external-fast-roaming string |
| no description | |||
| external-logout string | no description | ||||
| external-web string | no description | ||||
| external-web-format string |
| no description | |||
| fast-bss-transition string |
| no description | |||
| fast-roaming string |
| no description | |||
| ft-mobility-domain integer | no description | ||||
| ft-over-ds string |
| no description | |||
| ft-r0-key-lifetime integer | no description | ||||
| gas-comeback-delay integer | GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). | ||||
| gas-fragmentation-limit integer | GAS fragmentation limit (512 - 4096, default = 1024). | ||||
| gtk-rekey string |
| no description | |||
| gtk-rekey-intv integer | no description | ||||
| high-efficiency string |
| no description | |||
| hotspot20-profile string | no description | ||||
| igmp-snooping string |
| Enable/disable IGMP snooping. | |||
| intra-vap-privacy string |
| no description | |||
| ip string | no description | ||||
| ipv6-rules list / elements=string |
| no description | |||
| key string | no description | ||||
| keyindex integer | no description | ||||
| ldpc string |
| no description | |||
| local-authentication string |
| no description | |||
| local-bridging string |
| no description | |||
| local-lan string |
| no description | |||
| local-standalone string |
| no description | |||
| local-standalone-nat string |
| no description | |||
| local-switching string |
| no description | |||
| mac-auth-bypass string |
| no description | |||
| mac-called-station-delimiter string |
| MAC called station delimiter (default = hyphen). | |||
| mac-calling-station-delimiter string |
| MAC calling station delimiter (default = hyphen). | |||
| mac-case string |
| MAC case (default = uppercase). | |||
| mac-filter string |
| no description | |||
| mac-filter-policy-other string |
| no description | |||
| mac-password-delimiter string |
| MAC authentication password delimiter (default = hyphen). | |||
| mac-username-delimiter string |
| MAC authentication username delimiter (default = hyphen). | |||
| max-clients integer | no description | ||||
| max-clients-ap integer | no description | ||||
| mbo string |
| Enable/disable Multiband Operation (default = disable). | |||
| mbo-cell-data-conn-pref string |
| MBO cell data connection preference (0, 1, or 255, default = 1). | |||
| me-disable-thresh integer | no description | ||||
| mesh-backhaul string |
| no description | |||
| mpsk string |
| no description | |||
| mpsk-concurrent-clients integer | no description | ||||
| mpsk-profile string | no description | ||||
| mu-mimo string |
| no description | |||
| multicast-enhance string |
| no description | |||
| multicast-rate string |
| no description | |||
| nac string |
| Enable/disable network access control. | |||
| nac-profile string | NAC profile name. | ||||
| neighbor-report-dual-band string |
| Enable/disable dual-band neighbor report (default = disable). | |||
| okc string |
| no description | |||
| owe-groups list / elements=string |
| no description | |||
| owe-transition string |
| no description | |||
| owe-transition-ssid string | no description | ||||
| passphrase string | no description | ||||
| pmf string |
| no description | |||
| pmf-assoc-comeback-timeout integer | no description | ||||
| pmf-sa-query-retry-timeout integer | no description | ||||
| port-macauth string |
| Enable/disable LAN port MAC authentication (default = disable). | |||
| port-macauth-reauth-timeout integer | LAN port MAC authentication re-authentication timeout value (default = 7200 sec). | ||||
| port-macauth-timeout integer | LAN port MAC authentication idle timeout value (default = 600 sec). | ||||
| portal-message-override-group string | no description | ||||
| portal-type string |
| no description | |||
| primary-wag-profile string | no description | ||||
| probe-resp-suppression string |
| no description | |||
| probe-resp-threshold string | no description | ||||
| ptk-rekey string |
| no description | |||
| ptk-rekey-intv integer | no description | ||||
| qos-profile string | no description | ||||
| quarantine string |
| no description | |||
| radio-2g-threshold string | no description | ||||
| radio-5g-threshold string | no description | ||||
| radio-sensitivity string |
| no description | |||
| radius-mac-auth string |
| no description | |||
| radius-mac-auth-server string | no description | ||||
| radius-mac-auth-usergroups string | no description | ||||
| radius-server string | no description | ||||
| rates-11a list / elements=string |
| no description | |||
| rates-11ac-ss12 list / elements=string |
| no description | |||
| rates-11ac-ss34 list / elements=string |
| no description | |||
| rates-11bg list / elements=string |
| no description | |||
| rates-11n-ss12 list / elements=string |
| no description | |||
| rates-11n-ss34 list / elements=string |
| no description | |||
| sae-groups list / elements=string |
| no description | |||
| sae-password string | no description | ||||
| schedule string | no description | ||||
| secondary-wag-profile string | no description | ||||
| security string |
| no description | |||
| security-exempt-list string | no description | ||||
| security-obsolete-option string |
| no description | |||
| security-redirect-url string | no description | ||||
| selected-usergroups string | no description | ||||
| split-tunneling string |
| no description | |||
| ssid string | no description | ||||
| sticky-client-remove string |
| no description | |||
| sticky-client-threshold-2g string | no description | ||||
| sticky-client-threshold-5g string | no description | ||||
| target-wake-time string |
| no description | |||
| tkip-counter-measure string |
| no description | |||
| tunnel-echo-interval integer | no description | ||||
| tunnel-fallback-interval integer | no description | ||||
| usergroup string | no description | ||||
| utm-profile string | no description | ||||
| vdom string | no description | ||||
| vlan-auto string |
| no description | |||
| vlan-pooling string |
| no description | |||
| vlanid integer | no description | ||||
| voice-enterprise string |
| no description | |||
| eap-reauth string |
| Enable/disable EAP re-authentication for WPA-Enterprise security. | |||
| eap-reauth-intv integer | EAP re-authentication interval (1800 - 864000 sec, default = 86400). | ||||
| eapol-key-retries string |
| Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). | |||
| encrypt string |
| Encryption protocol to use (only available when security is set to a WPA type). | |||
| external-fast-roaming string |
| Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). | |||
| external-logout string | URL of external authentication logout server. | ||||
| external-web string | URL of external authentication web server. | ||||
| external-web-format string |
| URL query parameter detection (default = auto-detect). | |||
| fast-bss-transition string |
| Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). | |||
| fast-roaming string |
| Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). | |||
| ft-mobility-domain integer | Mobility domain identifier in FT (1 - 65535, default = 1000). | ||||
| ft-over-ds string |
| Enable/disable FT over the Distribution System (DS). | |||
| ft-r0-key-lifetime integer | Lifetime of the PMK-R0 key in FT, 1-65535 minutes. | ||||
| gas-comeback-delay integer | GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). | ||||
| gas-fragmentation-limit integer | GAS fragmentation limit (512 - 4096, default = 1024). | ||||
| gtk-rekey string |
| Enable/disable GTK rekey for WPA security. | |||
| gtk-rekey-intv integer | GTK rekey interval (1800 - 864000 sec, default = 86400). | ||||
| high-efficiency string |
| Enable/disable 802.11ax high efficiency (default = enable). | |||
| hotspot20-profile string | Hotspot 2.0 profile name. | ||||
| igmp-snooping string |
| Enable/disable IGMP snooping. | |||
| intra-vap-privacy string |
| Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). | |||
| ip string | IP address and subnet mask for the local standalone NAT subnet. | ||||
| ipv6-rules list / elements=string |
| no description | |||
| key string | no description | ||||
| keyindex integer | WEP key index (1 - 4). | ||||
| ldpc string |
| VAP low-density parity-check (LDPC) coding configuration. | |||
| local-authentication string |
| Enable/disable AP local authentication. | |||
| local-bridging string |
| Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). | |||
| local-lan string |
| Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). | |||
| local-standalone string |
| Enable/disable AP local standalone (default = disable). | |||
| local-standalone-nat string |
| Enable/disable AP local standalone NAT mode. | |||
| mac-auth-bypass string |
| Enable/disable MAC authentication bypass. | |||
| mac-called-station-delimiter string |
| MAC called station delimiter (default = hyphen). | |||
| mac-calling-station-delimiter string |
| MAC calling station delimiter (default = hyphen). | |||
| mac-case string |
| MAC case (default = uppercase). | |||
| mac-filter string |
| Enable/disable MAC filtering to block wireless clients by mac address. | |||
| mac-filter-list list / elements=string | no description | ||||
| id integer | ID. | ||||
| mac string | MAC address. | ||||
| mac-filter-policy string |
| Deny or allow the client with this MAC address. | |||
| mac-filter-policy-other string |
| Allow or block clients with MAC addresses that are not in the filter list. | |||
| mac-password-delimiter string |
| MAC authentication password delimiter (default = hyphen). | |||
| mac-username-delimiter string |
| MAC authentication username delimiter (default = hyphen). | |||
| max-clients integer | Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). | ||||
| max-clients-ap integer | Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation). | ||||
| mbo string |
| Enable/disable Multiband Operation (default = disable). | |||
| mbo-cell-data-conn-pref string |
| MBO cell data connection preference (0, 1, or 255, default = 1). | |||
| me-disable-thresh integer | Disable multicast enhancement when this many clients are receiving multicast traffic. | ||||
| mesh-backhaul string |
| Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set t... | |||
| mpsk string |
| Enable/disable multiple pre-shared keys (PSKs.) | |||
| mpsk-concurrent-clients integer | Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. | ||||
| mpsk-key list / elements=string | no description | ||||
| comment string | Comment. | ||||
| concurrent-clients string | Number of clients that can connect using this pre-shared key. | ||||
| key-name string | Pre-shared key name. | ||||
| mpsk-schedules string | Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. | ||||
| passphrase string | no description | ||||
| mpsk-profile string | MPSK profile name. | ||||
| mu-mimo string |
| Enable/disable Multi-user MIMO (default = enable). | |||
| multicast-enhance string |
| Enable/disable converting multicast to unicast to improve performance (default = disable). | |||
| multicast-rate string |
| Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). | |||
| nac string |
| Enable/disable network access control. | |||
| nac-profile string | NAC profile name. | ||||
| name string | Virtual AP name. | ||||
| neighbor-report-dual-band string |
| Enable/disable dual-band neighbor report (default = disable). | |||
| okc string |
| Enable/disable Opportunistic Key Caching (OKC) (default = enable). | |||
| owe-groups list / elements=string |
| no description | |||
| owe-transition string |
| Enable/disable OWE transition mode support. | |||
| owe-transition-ssid string | OWE transition mode peer SSID. | ||||
| passphrase string | no description | ||||
| pmf string |
| Protected Management Frames (PMF) support (default = disable). | |||
| pmf-assoc-comeback-timeout integer | Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). | ||||
| pmf-sa-query-retry-timeout integer | Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). | ||||
| port-macauth string |
| Enable/disable LAN port MAC authentication (default = disable). | |||
| port-macauth-reauth-timeout integer | LAN port MAC authentication re-authentication timeout value (default = 7200 sec). | ||||
| port-macauth-timeout integer | LAN port MAC authentication idle timeout value (default = 600 sec). | ||||
| portal-message-override-group string | Replacement message group for this VAP (only available when security is set to a captive portal type). | ||||
| portal-message-overrides dictionary | no description | ||||
| auth-disclaimer-page string | Override auth-disclaimer-page message with message from portal-message-overrides group. | ||||
| auth-login-failed-page string | Override auth-login-failed-page message with message from portal-message-overrides group. | ||||
| auth-login-page string | Override auth-login-page message with message from portal-message-overrides group. | ||||
| auth-reject-page string | Override auth-reject-page message with message from portal-message-overrides group. | ||||
| portal-type string |
| Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. | |||
| primary-wag-profile string | Primary wireless access gateway profile name. | ||||
| probe-resp-suppression string |
| Enable/disable probe response suppression (to ignore weak signals) (default = disable). | |||
| probe-resp-threshold string | Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80). | ||||
| ptk-rekey string |
| Enable/disable PTK rekey for WPA-Enterprise security. | |||
| ptk-rekey-intv integer | PTK rekey interval (1800 - 864000 sec, default = 86400). | ||||
| qos-profile string | Quality of service profile name. | ||||
| quarantine string |
| Enable/disable station quarantine (default = enable). | |||
| radio-2g-threshold string | Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79). | ||||
| radio-5g-threshold string | Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76). | ||||
| radio-sensitivity string |
| Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). | |||
| radius-mac-auth string |
| Enable/disable RADIUS-based MAC authentication of clients (default = disable). | |||
| radius-mac-auth-server string | RADIUS-based MAC authentication server. | ||||
| radius-mac-auth-usergroups string | no description | ||||
| radius-server string | RADIUS server to be used to authenticate WiFi users. | ||||
| rates-11a list / elements=string |
| no description | |||
| rates-11ac-ss12 list / elements=string |
| no description | |||
| rates-11ac-ss34 list / elements=string |
| no description | |||
| rates-11bg list / elements=string |
| no description | |||
| rates-11n-ss12 list / elements=string |
| no description | |||
| rates-11n-ss34 list / elements=string |
| no description | |||
| sae-groups list / elements=string |
| no description | |||
| sae-password string | no description | ||||
| schedule string | VAP schedule name. | ||||
| secondary-wag-profile string | Secondary wireless access gateway profile name. | ||||
| security string |
| Security mode for the wireless interface (default = wpa2-only-personal). | |||
| security-exempt-list string | Optional security exempt list for captive portal authentication. | ||||
| security-obsolete-option string |
| Enable/disable obsolete security options. | |||
| security-redirect-url string | Optional URL for redirecting users after they pass captive portal authentication. | ||||
| selected-usergroups string | Selective user groups that are permitted to authenticate. | ||||
| split-tunneling string |
| Enable/disable split tunneling (default = disable). | |||
| ssid string | IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configur... | ||||
| sticky-client-remove string |
| Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). | |||
| sticky-client-threshold-2g string | Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79). | ||||
| sticky-client-threshold-5g string | Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76). | ||||
| target-wake-time string |
| Enable/disable 802.11ax target wake time (default = enable). | |||
| tkip-counter-measure string |
| Enable/disable TKIP counter measure. | |||
| tunnel-echo-interval integer | The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). | ||||
| tunnel-fallback-interval integer | The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). | ||||
| usergroup string | Firewall user group to be used to authenticate WiFi users. | ||||
| utm-profile string | UTM profile name. | ||||
| vdom string | Name of the VDOM that the Virtual AP has been added to. | ||||
| vlan-auto string |
| Enable/disable automatic management of SSID VLAN interface. | |||
| vlan-pool list / elements=string | no description | ||||
| _wtp-group string | no description | ||||
| id integer | ID. | ||||
| wtp-group string | WTP group name. | ||||
| vlan-pooling string |
| Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When... | |||
| vlanid integer | Optional VLAN ID. | ||||
| voice-enterprise string |
| Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). | |||
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | |||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fmgr_vap:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
acct-interim-interval: <value of integer>
alias: <value of string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
acct-interim-interval: <value of integer>
address-group: <value of string>
alias: <value of string>
atf-weight: <value of integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
client-count: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
mu-mimo: <value in [disable, enable]>
_intf_device-access-list: <value of string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <value of string>
secondary-wag-profile: <value of string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <value of integer>
tunnel-fallback-interval: <value of integer>
access-control-list: <value of string>
captive-portal-auth-timeout: <value of integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <value of string>
sticky-client-threshold-5g: <value of string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <value of string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <value of integer>
port-macauth-timeout: <value of integer>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <value of integer>
bstm-rssi-disassoc-timer: <value of integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <value of integer>
gas-fragmentation-limit: <value of integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <value of string>
neighbor-report-dual-band: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-list:
-
id: <value of integer>
mac: <value of string>
mac-filter-policy: <value in [deny, allow]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
mpsk-key:
-
comment: <value of string>
concurrent-clients: <value of string>
key-name: <value of string>
passphrase: <value of string>
mpsk-schedules: <value of string>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
name: <value of string>
okc: <value in [disable, enable]>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pool:
-
_wtp-group: <value of string>
id: <value of integer>
wtp-group: <value of string>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
address-group: <value of string>
atf-weight: <value of integer>
mu-mimo: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
_intf_device-access-list: <value of string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <value of string>
secondary-wag-profile: <value of string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <value of integer>
tunnel-fallback-interval: <value of integer>
access-control-list: <value of string>
captive-portal-auth-timeout: <value of integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <value of string>
sticky-client-threshold-5g: <value of string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <value of string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <value of integer>
port-macauth-timeout: <value of integer>
portal-message-overrides:
auth-disclaimer-page: <value of string>
auth-login-failed-page: <value of string>
auth-login-page: <value of string>
auth-reject-page: <value of string>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <value of integer>
bstm-rssi-disassoc-timer: <value of integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <value of integer>
gas-fragmentation-limit: <value of integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <value of string>
neighbor-report-dual-band: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_vap_module.html