New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | |||||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||||
| password string | Default: "" | FortiOS or FortiGate password. | ||||
| ssl_verify boolean added in 2.9 |
| Ensures FortiGate certificate must be verified by a proper CA. | ||||
| state string added in 2.9 |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||||
| system_interface dictionary | Default: null | Configure interfaces. | ||||
| ac_name string | PPPoE server name. | |||||
| aggregate string | Aggregate interface. | |||||
| algorithm string |
| Frame distribution algorithm. | ||||
| alias string | Alias will be displayed with the interface name to make it easier to distinguish. | |||||
| allowaccess list |
| Permitted types of management access to this interface. | ||||
| ap_discover string |
| Enable/disable automatic registration of unknown FortiAP devices. | ||||
| arpforward string |
| Enable/disable ARP forwarding. | ||||
| auth_type string |
| PPP authentication type to use. | ||||
| auto_auth_extension_device string |
| Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. | ||||
| bfd string |
| Bidirectional Forwarding Detection (BFD) settings. | ||||
| bfd_desired_min_tx integer | BFD desired minimal transmit interval. | |||||
| bfd_detect_mult integer | BFD detection multiplier. | |||||
| bfd_required_min_rx integer | BFD required minimal receive interval. | |||||
| broadcast_forticlient_discovery string |
| Enable/disable broadcasting FortiClient discovery messages. | ||||
| broadcast_forward string |
| Enable/disable broadcast forwarding. | ||||
| captive_portal integer | Enable/disable captive portal. | |||||
| cli_conn_status integer | CLI connection status. | |||||
| color integer | Color of icon on the GUI. | |||||
| dedicated_to string |
| Configure interface for single purpose. | ||||
| defaultgw string |
| Enable to get the gateway IP from the DHCP or PPPoE server. | ||||
| description string | Description. | |||||
| detected_peer_mtu integer | MTU of detected peer (0 - 4294967295). | |||||
| detectprotocol string |
| Protocols used to detect the server. | ||||
| detectserver string | Gateway's ping server for this IP. | |||||
| device_access_list string | Device access list. | |||||
| device_identification string |
| Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. | ||||
| device_identification_active_scan string |
| Enable/disable active gathering of device identity information about the devices on the network connected to this interface. | ||||
| device_netscan string |
| Enable/disable inclusion of devices detected on this interface in network vulnerability scans. | ||||
| device_user_identification string |
| Enable/disable passive gathering of user identity information about users on this interface. | ||||
| devindex integer | Device Index. | |||||
| dhcp_client_identifier string | DHCP client identifier. | |||||
| dhcp_relay_agent_option string |
| Enable/disable DHCP relay agent option. | ||||
| dhcp_relay_ip string | DHCP relay IP address. | |||||
| dhcp_relay_service string |
| Enable/disable allowing this interface to act as a DHCP relay. | ||||
| dhcp_relay_type string |
| DHCP relay type (regular or IPsec). | ||||
| dhcp_renew_time integer | DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. | |||||
| disc_retry_timeout integer | Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. | |||||
| disconnect_threshold integer | Time in milliseconds to wait before sending a notification that this interface is down or disconnected. | |||||
| distance integer | Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. | |||||
| dns_server_override string |
| Enable/disable use DNS acquired by DHCP or PPPoE. | ||||
| drop_fragment string |
| Enable/disable drop fragment packets. | ||||
| drop_overlapped_fragment string |
| Enable/disable drop overlapped fragment packets. | ||||
| egress_shaping_profile string | Outgoing traffic shaping profile. | |||||
| endpoint_compliance string |
| Enable/disable endpoint compliance enforcement. | ||||
| estimated_downstream_bandwidth integer | Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. | |||||
| estimated_upstream_bandwidth integer | Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. | |||||
| explicit_ftp_proxy string |
| Enable/disable the explicit FTP proxy on this interface. | ||||
| explicit_web_proxy string |
| Enable/disable the explicit web proxy on this interface. | ||||
| external string |
| Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). | ||||
| fail_action_on_extender string |
| Action on extender when interface fail . | ||||
| fail_alert_interfaces list | Names of the FortiGate interfaces from which the link failure alert is sent for this interface. | |||||
| name string / required | Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name. | |||||
| fail_alert_method string |
| Select link-failed-signal or link-down method to alert about a failed link. | ||||
| fail_detect string |
| Enable/disable fail detection features for this interface. | ||||
| fail_detect_option string |
| Options for detecting that this interface has failed. | ||||
| fortiheartbeat string |
| Enable/disable FortiHeartBeat (FortiTelemetry on GUI). | ||||
| fortilink string |
| Enable FortiLink to dedicate this interface to manage other Fortinet devices. | ||||
| fortilink_backup_link integer | fortilink split interface backup link. | |||||
| fortilink_split_interface string |
| Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members" command). | ||||
| fortilink_stacking string |
| Enable/disable FortiLink switch-stacking on this interface. | ||||
| forward_domain integer | Transparent mode forward domain. | |||||
| gwdetect string |
| Enable/disable detect gateway alive for first. | ||||
| ha_priority integer | HA election priority for the PING server. | |||||
| icmp_accept_redirect string |
| Enable/disable ICMP accept redirect. | ||||
| icmp_send_redirect string |
| Enable/disable ICMP send redirect. | ||||
| ident_accept string |
| Enable/disable authentication for this interface. | ||||
| idle_timeout integer | PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. | |||||
| inbandwidth integer | Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. | |||||
| ingress_spillover_threshold integer | Ingress Spillover threshold (0 - 16776000 kbps). | |||||
| interface string | Interface name. Source system.interface.name. | |||||
| internal integer | Implicitly created. | |||||
| ip string | Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. | |||||
| ipmac string |
| Enable/disable IP/MAC binding. | ||||
| ips_sniffer_mode string |
| Enable/disable the use of this interface as a one-armed sniffer. | ||||
| ipunnumbered string | Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. | |||||
| ipv6 dictionary | IPv6 of interface. | |||||
| autoconf string |
| Enable/disable address auto config. | ||||
| dhcp6_client_options string |
| DHCPv6 client options. | ||||
| dhcp6_information_request string |
| Enable/disable DHCPv6 information request. | ||||
| dhcp6_prefix_delegation string |
| Enable/disable DHCPv6 prefix delegation. | ||||
| dhcp6_prefix_hint string | DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. | |||||
| dhcp6_prefix_hint_plt integer | DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. | |||||
| dhcp6_prefix_hint_vlt integer | DHCPv6 prefix hint valid life time (sec). | |||||
| dhcp6_relay_ip string | DHCPv6 relay IP address. | |||||
| dhcp6_relay_service string |
| Enable/disable DHCPv6 relay. | ||||
| dhcp6_relay_type string |
| DHCPv6 relay type. | ||||
| ip6_address string | Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx | |||||
| ip6_allowaccess list |
| Allow management access to the interface. | ||||
| ip6_default_life integer | Default life (sec). | |||||
| ip6_delegated_prefix_list list | Advertised IPv6 delegated prefix list. | |||||
| autonomous_flag string |
| Enable/disable the autonomous flag. | ||||
| onlink_flag string |
| Enable/disable the onlink flag. | ||||
| prefix_id integer | Prefix ID. | |||||
| rdnss string | Recursive DNS server option. | |||||
| rdnss_service string |
| Recursive DNS service option. | ||||
| subnet string | Add subnet ID to routing prefix. | |||||
| upstream_interface string | Name of the interface that provides delegated information. Source system.interface.name. | |||||
| ip6_dns_server_override string |
| Enable/disable using the DNS server acquired by DHCP. | ||||
| ip6_extra_addr list | Extra IPv6 address prefixes of interface. | |||||
| prefix string / required | IPv6 address prefix. | |||||
| ip6_hop_limit integer | Hop limit (0 means unspecified). | |||||
| ip6_link_mtu integer | IPv6 link MTU. | |||||
| ip6_manage_flag string |
| Enable/disable the managed flag. | ||||
| ip6_max_interval integer | IPv6 maximum interval (4 to 1800 sec). | |||||
| ip6_min_interval integer | IPv6 minimum interval (3 to 1350 sec). | |||||
| ip6_mode string |
| Addressing mode (static, DHCP, delegated). | ||||
| ip6_other_flag string |
| Enable/disable the other IPv6 flag. | ||||
| ip6_prefix_list list | Advertised prefix list. | |||||
| autonomous_flag string |
| Enable/disable the autonomous flag. | ||||
| dnssl list | DNS search list option. | |||||
| domain string / required | Domain name. | |||||
| onlink_flag string |
| Enable/disable the onlink flag. | ||||
| preferred_life_time integer | Preferred life time (sec). | |||||
| prefix string / required | IPv6 prefix. | |||||
| rdnss string | Recursive DNS server option. | |||||
| valid_life_time integer | Valid life time (sec). | |||||
| ip6_reachable_time integer | IPv6 reachable time (milliseconds; 0 means unspecified). | |||||
| ip6_retrans_time integer | IPv6 retransmit time (milliseconds; 0 means unspecified). | |||||
| ip6_send_adv string |
| Enable/disable sending advertisements about the interface. | ||||
| ip6_subnet string | Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx | |||||
| ip6_upstream_interface string | Interface name providing delegated information. Source system.interface.name. | |||||
| nd_cert string | Neighbor discovery certificate. Source certificate.local.name. | |||||
| nd_cga_modifier string | Neighbor discovery CGA modifier. | |||||
| nd_mode string |
| Neighbor discovery mode. | ||||
| nd_security_level integer | Neighbor discovery security level (0 - 7; 0 = least secure). | |||||
| nd_timestamp_delta integer | Neighbor discovery timestamp delta value (1 - 3600 sec; ). | |||||
| nd_timestamp_fuzz integer | Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). | |||||
| vrip6_link_local string | Link-local IPv6 address of virtual router. | |||||
| vrrp6 list | IPv6 VRRP configuration. | |||||
| accept_mode string |
| Enable/disable accept mode. | ||||
| adv_interval integer | Advertisement interval (1 - 255 seconds). | |||||
| preempt string |
| Enable/disable preempt mode. | ||||
| priority integer | Priority of the virtual router (1 - 255). | |||||
| start_time integer | Startup time (1 - 255 seconds). | |||||
| status string |
| Enable/disable VRRP. | ||||
| vrdst6 string | Monitor the route to this destination. | |||||
| vrgrp integer | VRRP group ID (1 - 65535). | |||||
| vrid integer / required | Virtual router identifier (1 - 255). | |||||
| vrip6 string | IPv6 address of the virtual router. | |||||
| vrrp_virtual_mac6 string |
| Enable/disable virtual MAC for VRRP. | ||||
| l2forward string |
| Enable/disable l2 forwarding. | ||||
| lacp_ha_slave string |
| LACP HA slave. | ||||
| lacp_mode string |
| LACP mode. | ||||
| lacp_speed string |
| How often the interface sends LACP messages. | ||||
| lcp_echo_interval integer | Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. | |||||
| lcp_max_echo_fails integer | Maximum missed LCP echo messages before disconnect. | |||||
| link_up_delay integer | Number of milliseconds to wait before considering a link is up. | |||||
| lldp_transmission string |
| Enable/disable Link Layer Discovery Protocol (LLDP) transmission. | ||||
| macaddr string | Change the interface's MAC address. | |||||
| managed_device list | Available when FortiLink is enabled, used for managed devices through FortiLink interface. | |||||
| name string / required | Managed dev identifier. | |||||
| management_ip string | High Availability in-band management IP address of this interface. | |||||
| member list | Physical interfaces that belong to the aggregate or redundant interface. | |||||
| interface_name string | Physical interface name. Source system.interface.name. | |||||
| min_links integer | Minimum number of aggregated ports that must be up. | |||||
| min_links_down string |
| Action to take when less than the configured minimum number of links are active. | ||||
| mode string |
| Addressing mode (static, DHCP, PPPoE). | ||||
| mtu integer | MTU value for this interface. | |||||
| mtu_override string |
| Enable to set a custom MTU for this interface. | ||||
| name string / required | Name. | |||||
| ndiscforward string |
| Enable/disable NDISC forwarding. | ||||
| netbios_forward string |
| Enable/disable NETBIOS forwarding. | ||||
| netflow_sampler string |
| Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). | ||||
| outbandwidth integer | Bandwidth limit for outgoing traffic (0 - 16776000 kbps). | |||||
| padt_retry_timeout integer | PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. | |||||
| password string | PPPoE account's password. | |||||
| ping_serv_status integer | PING server status. | |||||
| polling_interval integer | sFlow polling interval (1 - 255 sec). | |||||
| pppoe_unnumbered_negotiate string |
| Enable/disable PPPoE unnumbered negotiation. | ||||
| pptp_auth_type string |
| PPTP authentication type. | ||||
| pptp_client string |
| Enable/disable PPTP client. | ||||
| pptp_password string | PPTP password. | |||||
| pptp_server_ip string | PPTP server IP address. | |||||
| pptp_timeout integer | Idle timer in minutes (0 for disabled). | |||||
| pptp_user string | PPTP user name. | |||||
| preserve_session_route string |
| Enable/disable preservation of session route when dirty. | ||||
| priority integer | Priority of learned routes. | |||||
| priority_override string |
| Enable/disable fail back to higher priority port once recovered. | ||||
| proxy_captive_portal string |
| Enable/disable proxy captive portal on this interface. | ||||
| redundant_interface string | Redundant interface. | |||||
| remote_ip string | Remote IP address of tunnel. | |||||
| replacemsg_override_group string | Replacement message override group. | |||||
| role string |
| Interface role. | ||||
| sample_direction string |
| Data that NetFlow collects (rx, tx, or both). | ||||
| sample_rate integer | sFlow sample rate (10 - 99999). | |||||
| scan_botnet_connections string |
| Enable monitoring or blocking connections to Botnet servers through this interface. | ||||
| secondary_IP string |
| Enable/disable adding a secondary IP to this interface. | ||||
| secondaryip list | Second IP address of interface. | |||||
| allowaccess string |
| Management access settings for the secondary IP address. | ||||
| detectprotocol string |
| Protocols used to detect the server. | ||||
| detectserver string | Gateway's ping server for this IP. | |||||
| gwdetect string |
| Enable/disable detect gateway alive for first. | ||||
| ha_priority integer | HA election priority for the PING server. | |||||
| id integer / required | ID. | |||||
| ip string | Secondary IP address of the interface. | |||||
| ping_serv_status integer | PING server status. | |||||
| security_exempt_list string | Name of security-exempt-list. | |||||
| security_external_logout string | URL of external authentication logout server. | |||||
| security_external_web string | URL of external authentication web server. | |||||
| security_groups list | User groups that can authenticate with the captive portal. | |||||
| name string / required | Names of user groups that can authenticate with the captive portal. | |||||
| security_mac_auth_bypass string |
| Enable/disable MAC authentication bypass. | ||||
| security_mode string |
| Turn on captive portal authentication for this interface. | ||||
| security_redirect_url string | URL redirection after disclaimer/authentication. | |||||
| service_name string | PPPoE service name. | |||||
| sflow_sampler string |
| Enable/disable sFlow on this interface. | ||||
| snmp_index integer | Permanent SNMP Index of the interface. | |||||
| speed string |
| Interface speed. The default setting and the options available depend on the interface hardware. | ||||
| spillover_threshold integer | Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. | |||||
| src_check string |
| Enable/disable source IP check. | ||||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||||
| status string |
| Bring the interface up or shut the interface down. | ||||
| stpforward string |
| Enable/disable STP forwarding. | ||||
| stpforward_mode string |
| Configure STP forwarding mode. | ||||
| subst string |
| Enable to always send packets from this interface to a destination MAC address. | ||||
| substitute_dst_mac string | Destination MAC address that all packets are sent to from this interface. | |||||
| switch string | Contained in switch. | |||||
| switch_controller_access_vlan string |
| Block FortiSwitch port-to-port traffic. | ||||
| switch_controller_arp_inspection string |
| Enable/disable FortiSwitch ARP inspection. | ||||
| switch_controller_dhcp_snooping string |
| Switch controller DHCP snooping. | ||||
| switch_controller_dhcp_snooping_option82 string |
| Switch controller DHCP snooping option82. | ||||
| switch_controller_dhcp_snooping_verify_mac string |
| Switch controller DHCP snooping verify MAC. | ||||
| switch_controller_igmp_snooping string |
| Switch controller IGMP snooping. | ||||
| switch_controller_learning_limit integer | Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). | |||||
| tagging list | Config object tagging. | |||||
| category string | Tag category. Source system.object-tagging.category. | |||||
| name string / required | Tagging entry name. | |||||
| tags list | Tags. | |||||
| name string / required | Tag name. Source system.object-tagging.tags.name. | |||||
| tcp_mss integer | TCP maximum segment size. 0 means do not change segment size. | |||||
| trust_ip6_1 string | Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
| trust_ip6_2 string | Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
| trust_ip6_3 string | Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
| trust_ip_1 string | Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
| trust_ip_2 string | Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
| trust_ip_3 string | Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
| type string |
| Interface type. | ||||
| username string | Username of the PPPoE account, provided by your ISP. | |||||
| vdom string | Interface is in this virtual domain (VDOM). Source system.vdom.name. | |||||
| vindex integer | Switch control interface VLAN ID. | |||||
| vlanforward string |
| Enable/disable traffic forwarding between VLANs on this interface. | ||||
| vlanid integer | VLAN ID (1 - 4094). | |||||
| vrf integer | Virtual Routing Forwarding ID. | |||||
| vrrp list | VRRP configuration. | |||||
| accept_mode string |
| Enable/disable accept mode. | ||||
| adv_interval integer | Advertisement interval (1 - 255 seconds). | |||||
| ignore_default_route string |
| Enable/disable ignoring of default route when checking destination. | ||||
| preempt string |
| Enable/disable preempt mode. | ||||
| priority integer | Priority of the virtual router (1 - 255). | |||||
| proxy_arp list | VRRP Proxy ARP configuration. | |||||
| id integer / required | ID. | |||||
| ip string | Set IP addresses of proxy ARP. | |||||
| start_time integer | Startup time (1 - 255 seconds). | |||||
| status string |
| Enable/disable this VRRP configuration. | ||||
| version string |
| VRRP version. | ||||
| vrdst string | Monitor the route to this destination. | |||||
| vrdst_priority integer | Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). | |||||
| vrgrp integer | VRRP group ID (1 - 65535). | |||||
| vrid integer / required | Virtual router identifier (1 - 255). | |||||
| vrip string | IP address of the virtual router. | |||||
| vrrp_virtual_mac string |
| Enable/disable use of virtual MAC for VRRP. | ||||
| wccp string |
| Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. | ||||
| weight integer | Default weight for static routes (if route has no weight configured). | |||||
| wins_ip string | WINS server IP. | |||||
| username string | FortiOS or FortiGate username. | |||||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||||
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure interfaces.
fortios_system_interface:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
system_interface:
ac_name: "<your_own_value>"
aggregate: "<your_own_value>"
algorithm: "L2"
alias: "<your_own_value>"
allowaccess: "ping"
ap_discover: "enable"
arpforward: "enable"
auth_type: "auto"
auto_auth_extension_device: "enable"
bfd: "global"
bfd_desired_min_tx: "13"
bfd_detect_mult: "14"
bfd_required_min_rx: "15"
broadcast_forticlient_discovery: "enable"
broadcast_forward: "enable"
captive_portal: "18"
cli_conn_status: "19"
color: "20"
dedicated_to: "none"
defaultgw: "enable"
description: "<your_own_value>"
detected_peer_mtu: "24"
detectprotocol: "ping"
detectserver: "<your_own_value>"
device_access_list: "<your_own_value>"
device_identification: "enable"
device_identification_active_scan: "enable"
device_netscan: "disable"
device_user_identification: "enable"
devindex: "32"
dhcp_client_identifier: "myId_33"
dhcp_relay_agent_option: "enable"
dhcp_relay_ip: "<your_own_value>"
dhcp_relay_service: "disable"
dhcp_relay_type: "regular"
dhcp_renew_time: "38"
disc_retry_timeout: "39"
disconnect_threshold: "40"
distance: "41"
dns_server_override: "enable"
drop_fragment: "enable"
drop_overlapped_fragment: "enable"
egress_shaping_profile: "<your_own_value>"
endpoint_compliance: "enable"
estimated_downstream_bandwidth: "47"
estimated_upstream_bandwidth: "48"
explicit_ftp_proxy: "enable"
explicit_web_proxy: "enable"
external: "enable"
fail_action_on_extender: "soft-restart"
fail_alert_interfaces:
-
name: "default_name_54 (source system.interface.name)"
fail_alert_method: "link-failed-signal"
fail_detect: "enable"
fail_detect_option: "detectserver"
fortiheartbeat: "enable"
fortilink: "enable"
fortilink_backup_link: "60"
fortilink_split_interface: "enable"
fortilink_stacking: "enable"
forward_domain: "63"
gwdetect: "enable"
ha_priority: "65"
icmp_accept_redirect: "enable"
icmp_send_redirect: "enable"
ident_accept: "enable"
idle_timeout: "69"
inbandwidth: "70"
ingress_spillover_threshold: "71"
interface: "<your_own_value> (source system.interface.name)"
internal: "73"
ip: "<your_own_value>"
ipmac: "enable"
ips_sniffer_mode: "enable"
ipunnumbered: "<your_own_value>"
ipv6:
autoconf: "enable"
dhcp6_client_options: "rapid"
dhcp6_information_request: "enable"
dhcp6_prefix_delegation: "enable"
dhcp6_prefix_hint: "<your_own_value>"
dhcp6_prefix_hint_plt: "84"
dhcp6_prefix_hint_vlt: "85"
dhcp6_relay_ip: "<your_own_value>"
dhcp6_relay_service: "disable"
dhcp6_relay_type: "regular"
ip6_address: "<your_own_value>"
ip6_allowaccess: "ping"
ip6_default_life: "91"
ip6_delegated_prefix_list:
-
autonomous_flag: "enable"
onlink_flag: "enable"
prefix_id: "95"
rdnss: "<your_own_value>"
rdnss_service: "delegated"
subnet: "<your_own_value>"
upstream_interface: "<your_own_value> (source system.interface.name)"
ip6_dns_server_override: "enable"
ip6_extra_addr:
-
prefix: "<your_own_value>"
ip6_hop_limit: "103"
ip6_link_mtu: "104"
ip6_manage_flag: "enable"
ip6_max_interval: "106"
ip6_min_interval: "107"
ip6_mode: "static"
ip6_other_flag: "enable"
ip6_prefix_list:
-
autonomous_flag: "enable"
dnssl:
-
domain: "<your_own_value>"
onlink_flag: "enable"
preferred_life_time: "115"
prefix: "<your_own_value>"
rdnss: "<your_own_value>"
valid_life_time: "118"
ip6_reachable_time: "119"
ip6_retrans_time: "120"
ip6_send_adv: "enable"
ip6_subnet: "<your_own_value>"
ip6_upstream_interface: "<your_own_value> (source system.interface.name)"
nd_cert: "<your_own_value> (source certificate.local.name)"
nd_cga_modifier: "<your_own_value>"
nd_mode: "basic"
nd_security_level: "127"
nd_timestamp_delta: "128"
nd_timestamp_fuzz: "129"
vrip6_link_local: "<your_own_value>"
vrrp_virtual_mac6: "enable"
vrrp6:
-
accept_mode: "enable"
adv_interval: "134"
preempt: "enable"
priority: "136"
start_time: "137"
status: "enable"
vrdst6: "<your_own_value>"
vrgrp: "140"
vrid: "141"
vrip6: "<your_own_value>"
l2forward: "enable"
lacp_ha_slave: "enable"
lacp_mode: "static"
lacp_speed: "slow"
lcp_echo_interval: "147"
lcp_max_echo_fails: "148"
link_up_delay: "149"
lldp_transmission: "enable"
macaddr: "<your_own_value>"
managed_device:
-
name: "default_name_153"
management_ip: "<your_own_value>"
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
min_links: "157"
min_links_down: "operational"
mode: "static"
mtu: "160"
mtu_override: "enable"
name: "default_name_162"
ndiscforward: "enable"
netbios_forward: "disable"
netflow_sampler: "disable"
outbandwidth: "166"
padt_retry_timeout: "167"
password: "<your_own_value>"
ping_serv_status: "169"
polling_interval: "170"
pppoe_unnumbered_negotiate: "enable"
pptp_auth_type: "auto"
pptp_client: "enable"
pptp_password: "<your_own_value>"
pptp_server_ip: "<your_own_value>"
pptp_timeout: "176"
pptp_user: "<your_own_value>"
preserve_session_route: "enable"
priority: "179"
priority_override: "enable"
proxy_captive_portal: "enable"
redundant_interface: "<your_own_value>"
remote_ip: "<your_own_value>"
replacemsg_override_group: "<your_own_value>"
role: "lan"
sample_direction: "tx"
sample_rate: "187"
scan_botnet_connections: "disable"
secondary_IP: "enable"
secondaryip:
-
allowaccess: "ping"
detectprotocol: "ping"
detectserver: "<your_own_value>"
gwdetect: "enable"
ha_priority: "195"
id: "196"
ip: "<your_own_value>"
ping_serv_status: "198"
security_exempt_list: "<your_own_value>"
security_external_logout: "<your_own_value>"
security_external_web: "<your_own_value>"
security_groups:
-
name: "default_name_203"
security_mac_auth_bypass: "enable"
security_mode: "none"
security_redirect_url: "<your_own_value>"
service_name: "<your_own_value>"
sflow_sampler: "enable"
snmp_index: "209"
speed: "auto"
spillover_threshold: "211"
src_check: "enable"
status: "up"
stpforward: "enable"
stpforward_mode: "rpl-all-ext-id"
subst: "enable"
substitute_dst_mac: "<your_own_value>"
switch: "<your_own_value>"
switch_controller_access_vlan: "enable"
switch_controller_arp_inspection: "enable"
switch_controller_dhcp_snooping: "enable"
switch_controller_dhcp_snooping_option82: "enable"
switch_controller_dhcp_snooping_verify_mac: "enable"
switch_controller_igmp_snooping: "enable"
switch_controller_learning_limit: "225"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_228"
tags:
-
name: "default_name_230 (source system.object-tagging.tags.name)"
tcp_mss: "231"
trust_ip_1: "<your_own_value>"
trust_ip_2: "<your_own_value>"
trust_ip_3: "<your_own_value>"
trust_ip6_1: "<your_own_value>"
trust_ip6_2: "<your_own_value>"
trust_ip6_3: "<your_own_value>"
type: "physical"
username: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vindex: "241"
vlanforward: "enable"
vlanid: "243"
vrf: "244"
vrrp:
-
accept_mode: "enable"
adv_interval: "247"
ignore_default_route: "enable"
preempt: "enable"
priority: "250"
proxy_arp:
-
id: "252"
ip: "<your_own_value>"
start_time: "254"
status: "enable"
version: "2"
vrdst: "<your_own_value>"
vrdst_priority: "258"
vrgrp: "259"
vrid: "260"
vrip: "<your_own_value>"
vrrp_virtual_mac: "enable"
wccp: "enable"
weight: "264"
wins_ip: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_system_interface_module.html