fortinet.fortimanager.fmgr_system_global – Global range attributes.

From Get docs
Ansible/docs/2.11/collections/fortinet/fortimanager/fmgr system global module


fortinet.fortimanager.fmgr_system_global – Global range attributes.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.0.1).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global.


New in version 2.10: of fortinet.fortimanager


Synopsis

  • This module is able to configure a FortiManager device.
  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments

bypass_validation

boolean

  • no

  • yes

only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters

rc_failed

list / elements=string

the rc codes list with which the conditions to fail will be overriden

rc_succeeded

list / elements=string

the rc codes list with which the conditions to succeed will be overriden

state

string / required

  • present
  • absent

the directive to create, update or delete an object

system_global

dictionary

the top level parameters set

admin-lockout-duration

integer

Default:

60

Lockout duration(sec) for administration.

admin-lockout-threshold

integer

Default:

3

Lockout threshold for administration.

adom-mode

string

  • normal

  • advanced

ADOM mode.

normal - Normal ADOM mode.

advanced - Advanced ADOM mode.

adom-rev-auto-delete

string

  • disable
  • by-revisions

  • by-days

Auto delete features for old ADOM revisions.

disable - Disable auto delete function for ADOM revision.

by-revisions - Auto delete ADOM revisions by maximum number of revisions.

by-days - Auto delete ADOM revisions by maximum days.

adom-rev-max-backup-revisions

integer

Default:

5

Maximum number of ADOM revisions to backup.

adom-rev-max-days

integer

Default:

30

Number of days to keep old ADOM revisions.

adom-rev-max-revisions

integer

Default:

120

Maximum number of ADOM revisions to keep.

adom-select

string

  • disable
  • enable

Enable/disable select ADOM after login.

disable - Disable select ADOM after login.

enable - Enable select ADOM after login.

adom-status

string

  • disable

  • enable

ADOM status.

disable - Disable ADOM mode.

enable - Enable ADOM mode.

clt-cert-req

string

  • disable

  • enable
  • optional

Require client certificate for GUI login.

disable - Disable setting.

enable - Require client certificate for GUI login.

optional - Optional client certificate for GUI login.

console-output

string

  • standard

  • more

Console output mode.

standard - Standard output.

more - More page output.

country-flag

string

  • disable
  • enable

Country flag Status.

disable - Disable country flag icon beside ip address.

enable - Enable country flag icon beside ip address.

create-revision

string

  • disable

  • enable

Enable/disable create revision by default.

disable - Disable create revision by default.

enable - Enable create revision by default.

daylightsavetime

string

  • disable
  • enable

Enable/disable daylight saving time.

disable - Disable setting.

enable - Enable setting.

default-disk-quota

integer

Default:

1000

Default disk quota for registered device (MB).

detect-unregistered-log-device

string

  • disable
  • enable

Detect unregistered logging device from log message.

disable - Disable attribute function.

enable - Enable attribute function.

device-view-mode

string

  • regular

  • tree

Set devices/groups view mode.

regular - Regular view mode.

tree - Tree view mode.

dh-params

string

  • 1024
  • 1536
  • 2048

  • 3072
  • 4096
  • 6144
  • 8192

Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits).

1024 - 1024 bits.

1536 - 1536 bits.

2048 - 2048 bits.

3072 - 3072 bits.

4096 - 4096 bits.

6144 - 6144 bits.

8192 - 8192 bits.

disable-module

list / elements=string

  • fortiview-noc

no description

enc-algorithm

string

  • low
  • medium
  • high

SSL communication encryption algorithms.

low - SSL communication using all available encryption algorithms.

medium - SSL communication using high and medium encryption algorithms.

high - SSL communication using high encryption algorithms.

faz-status

string

  • disable

  • enable

FAZ status.

disable - Disable FAZ feature.

enable - Enable FAZ feature.

fgfm-local-cert

string

set the fgfm local certificate.

fgfm-ssl-protocol

string

  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2

set the lowest SSL protocols for fgfmsd.

sslv3 - set SSLv3 as the lowest version.

tlsv1.0 - set TLSv1.0 as the lowest version.

tlsv1.1 - set TLSv1.1 as the lowest version.

tlsv1.2 - set TLSv1.2 as the lowest version (default).

ha-member-auto-grouping

string

  • disable
  • enable

Enable/disable automatically group HA members feature

disable - Disable automatically grouping HA members feature.

enable - Enable automatically grouping HA members only when group name is unique in your network.

hitcount_concurrent

integer

Default:

100

The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100).

hitcount_interval

integer

Default:

300

The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300).

hostname

string

Default:

"FMG-VM64"

System hostname.

import-ignore-addr-cmt

string

  • disable

  • enable

Enable/Disable import ignore of address comments.

disable - Disable import ignore of address comments.

enable - Enable import ignore of address comments.

language

string

  • english

  • simch
  • japanese
  • korean
  • spanish
  • trach

System global language.

english - English

simch - Simplified Chinese

japanese - Japanese

korean - Korean

spanish - Spanish

trach - Traditional Chinese

latitude

string

fmg location latitude

ldap-cache-timeout

integer

Default:

86400

LDAP browser cache timeout (seconds).

ldapconntimeout

integer

Default:

60000

LDAP connection timeout (msec).

lock-preempt

string

  • disable

  • enable

Enable/disable ADOM lock override.

disable - Disable lock preempt.

enable - Enable lock preempt.

log-checksum

string

  • none

  • md5
  • md5-auth

Record log file hash value, timestamp, and authentication code at transmission or rolling.

none - No record log file checksum.

md5 - Record log files MD5 hash value only.

md5-auth - Record log files MD5 hash value and authentication code.

log-forward-cache-size

integer

Default:

0

Log forwarding disk cache size (GB).

longitude

string

fmg location longitude

max-log-forward

integer

Default:

5

Maximum number of log-forward and aggregation settings.

max-running-reports

integer

Default:

1

Maximum number of reports generating at one time.

oftp-ssl-protocol

string

  • sslv3
  • tlsv1.0
  • tlsv1.1
  • tlsv1.2

set the lowest SSL protocols for oftpd.

sslv3 - set SSLv3 as the lowest version.

tlsv1.0 - set TLSv1.0 as the lowest version.

tlsv1.1 - set TLSv1.1 as the lowest version.

tlsv1.2 - set TLSv1.2 as the lowest version (default).

partial-install

string

  • disable

  • enable

Enable/Disable partial install (install some objects).

disable - Disable partial install function.

enable - Enable partial install function.

partial-install-force

string

  • disable

  • enable

Enable/Disable partial install when devdb is modified.

disable - Disable partial install when devdb is modified.

enable - Enable partial install when devdb is modified.

partial-install-rev

string

  • disable

  • enable

Enable/Disable auto creating adom revision for partial install.

disable - Disable partial install revision.

enable - Enable partial install revision.

perform-improve-by-ha

string

  • disable

  • enable

Enable/Disable performance improvement by distributing tasks to HA slaves.

disable - Disable performance improvement by HA.

enable - Enable performance improvement by HA.

policy-hit-count

string

  • disable

  • enable

show policy hit count.

disable - Disable policy hit count.

enable - Enable policy hit count.

policy-object-in-dual-pane

string

  • disable

  • enable

show policies and objects in dual pane.

disable - Disable polices and objects in dual pane.

enable - Enable polices and objects in dual pane.

pre-login-banner

string

  • disable

  • enable

Enable/disable pre-login banner.

disable - Disable pre-login banner.

enable - Enable pre-login banner.

pre-login-banner-message

string

Pre-login banner message.

remoteauthtimeout

integer

Default:

10

Remote authentication (RADIUS/LDAP) timeout (sec).

search-all-adoms

string

  • disable

  • enable

Enable/Disable Search all ADOMs for where-used query.

disable - Disable search all ADOMs for where-used queries.

enable - Enable search all ADOMs for where-used queries.

ssl-low-encryption

string

  • disable

  • enable

SSL low-grade encryption.

disable - Disable SSL low-grade encryption.

enable - Enable SSL low-grade encryption.

ssl-protocol

list / elements=string

  • tlsv1.2
  • tlsv1.1
  • tlsv1.0
  • sslv3

no description

ssl-static-key-ciphers

string

  • disable
  • enable

Enable/disable SSL static key ciphers.

disable - Disable setting.

enable - Enable setting.

task-list-size

integer

Default:

2000

Maximum number of completed tasks to keep.

tftp

string

  • disable

  • enable

Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode)

disable - Disable TFTP

enable - Enable TFTP

timezone

string

  • 00
  • 01
  • 02
  • 03
  • 04

  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89

Time zone.

00 - (GMT-12:00) Eniwetak, Kwajalein.

01 - (GMT-11:00) Midway Island, Samoa.

02 - (GMT-10:00) Hawaii.

03 - (GMT-9:00) Alaska.

04 - (GMT-8:00) Pacific Time (US & Canada).

05 - (GMT-7:00) Arizona.

06 - (GMT-7:00) Mountain Time (US & Canada).

07 - (GMT-6:00) Central America.

08 - (GMT-6:00) Central Time (US & Canada).

09 - (GMT-6:00) Mexico City.

10 - (GMT-6:00) Saskatchewan.

11 - (GMT-5:00) Bogota, Lima, Quito.

12 - (GMT-5:00) Eastern Time (US & Canada).

13 - (GMT-5:00) Indiana (East).

14 - (GMT-4:00) Atlantic Time (Canada).

15 - (GMT-4:00) La Paz.

16 - (GMT-4:00) Santiago.

17 - (GMT-3:30) Newfoundland.

18 - (GMT-3:00) Brasilia.

19 - (GMT-3:00) Buenos Aires, Georgetown.

20 - (GMT-3:00) Nuuk (Greenland).

21 - (GMT-2:00) Mid-Atlantic.

22 - (GMT-1:00) Azores.

23 - (GMT-1:00) Cape Verde Is.

24 - (GMT) Monrovia.

25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London.

26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague.

28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris.

29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb.

30 - (GMT+1:00) West Central Africa.

31 - (GMT+2:00) Athens, Sofia, Vilnius.

32 - (GMT+2:00) Bucharest.

33 - (GMT+2:00) Cairo.

34 - (GMT+2:00) Harare, Pretoria.

35 - (GMT+2:00) Helsinki, Riga,Tallinn.

36 - (GMT+2:00) Jerusalem.

37 - (GMT+3:00) Baghdad.

38 - (GMT+3:00) Kuwait, Riyadh.

39 - (GMT+3:00) St.Petersburg, Volgograd.

40 - (GMT+3:00) Nairobi.

41 - (GMT+3:30) Tehran.

42 - (GMT+4:00) Abu Dhabi, Muscat.

43 - (GMT+4:00) Baku.

44 - (GMT+4:30) Kabul.

45 - (GMT+5:00) Ekaterinburg.

46 - (GMT+5:00) Islamabad, Karachi,Tashkent.

47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi.

48 - (GMT+5:45) Kathmandu.

49 - (GMT+6:00) Almaty, Novosibirsk.

50 - (GMT+6:00) Astana, Dhaka.

51 - (GMT+6:00) Sri Jayawardenapura.

52 - (GMT+6:30) Rangoon.

53 - (GMT+7:00) Bangkok, Hanoi, Jakarta.

54 - (GMT+7:00) Krasnoyarsk.

55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi.

56 - (GMT+8:00) Irkutsk, Ulaanbaatar.

57 - (GMT+8:00) Kuala Lumpur, Singapore.

58 - (GMT+8:00) Perth.

59 - (GMT+8:00) Taipei.

60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul.

61 - (GMT+9:00) Yakutsk.

62 - (GMT+9:30) Adelaide.

63 - (GMT+9:30) Darwin.

64 - (GMT+10:00) Brisbane.

65 - (GMT+10:00) Canberra, Melbourne, Sydney.

66 - (GMT+10:00) Guam, Port Moresby.

67 - (GMT+10:00) Hobart.

68 - (GMT+10:00) Vladivostok.

69 - (GMT+11:00) Magadan.

70 - (GMT+11:00) Solomon Is., New Caledonia.

71 - (GMT+12:00) Auckland, Wellington.

72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is.

73 - (GMT+13:00) Nukualofa.

74 - (GMT-4:30) Caracas.

75 - (GMT+1:00) Namibia.

76 - (GMT-5:00) Brazil-Acre.

77 - (GMT-4:00) Brazil-West.

78 - (GMT-3:00) Brazil-East.

79 - (GMT-2:00) Brazil-DeNoronha.

80 - (GMT+14:00) Kiritimati.

81 - (GMT-7:00) Baja California Sur, Chihuahua.

82 - (GMT+12:45) Chatham Islands.

83 - (GMT+3:00) Minsk.

84 - (GMT+13:00) Samoa.

85 - (GMT+3:00) Istanbul.

86 - (GMT-4:00) Paraguay.

87 - (GMT) Casablanca.

88 - (GMT+3:00) Moscow.

89 - (GMT) Greenwich Mean Time.

tunnel-mtu

integer

Default:

1500

Maximum transportation unit(68 - 9000).

usg

string

  • disable

  • enable

Enable/disable Fortiguard server restriction.

disable - Contact any Fortiguard server

enable - Contact Fortiguard server in USA only

vdom-mirror

string

  • disable

  • enable

VDOM mirror.

disable - Disable VDOM mirror function.

enable - Enable VDOM mirror function.

webservice-proto

list / elements=string

  • tlsv1.2
  • tlsv1.1
  • tlsv1.0
  • sslv3
  • sslv2

no description

workflow-max-sessions

integer

Default:

500

Maximum number of workflow sessions per ADOM (minimum 100).

workspace-mode

string

  • disabled

  • normal
  • workflow

Set workspace mode (ADOM Locking).

disabled - Workspace disabled.

normal - Workspace lock mode.

workflow - Workspace workflow mode.

workspace_locking_adom

string

the adom to lock for FortiManager running in workspace mode, the value can be global and others including root

workspace_locking_timeout

integer

Default:

300

the maximum time in seconds to wait for other user to release the workspace lock



Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
  • To create or update an object, use state present directive.
  • To delete an object, use state absent directive.
  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded


Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Global range attributes.
     fmgr_system_global:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        system_global:
           admin-lockout-duration: <value of integer>
           admin-lockout-threshold: <value of integer>
           adom-mode: <value in [normal, advanced]>
           adom-rev-auto-delete: <value in [disable, by-revisions, by-days]>
           adom-rev-max-backup-revisions: <value of integer>
           adom-rev-max-days: <value of integer>
           adom-rev-max-revisions: <value of integer>
           adom-select: <value in [disable, enable]>
           adom-status: <value in [disable, enable]>
           clt-cert-req: <value in [disable, enable, optional]>
           console-output: <value in [standard, more]>
           country-flag: <value in [disable, enable]>
           create-revision: <value in [disable, enable]>
           daylightsavetime: <value in [disable, enable]>
           default-disk-quota: <value of integer>
           detect-unregistered-log-device: <value in [disable, enable]>
           device-view-mode: <value in [regular, tree]>
           dh-params: <value in [1024, 1536, 2048, ...]>
           disable-module:
             - fortiview-noc
           enc-algorithm: <value in [low, medium, high]>
           faz-status: <value in [disable, enable]>
           fgfm-local-cert: <value of string>
           fgfm-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           ha-member-auto-grouping: <value in [disable, enable]>
           hitcount_concurrent: <value of integer>
           hitcount_interval: <value of integer>
           hostname: <value of string>
           import-ignore-addr-cmt: <value in [disable, enable]>
           language: <value in [english, simch, japanese, ...]>
           latitude: <value of string>
           ldap-cache-timeout: <value of integer>
           ldapconntimeout: <value of integer>
           lock-preempt: <value in [disable, enable]>
           log-checksum: <value in [none, md5, md5-auth]>
           log-forward-cache-size: <value of integer>
           longitude: <value of string>
           max-log-forward: <value of integer>
           max-running-reports: <value of integer>
           oftp-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
           partial-install: <value in [disable, enable]>
           partial-install-force: <value in [disable, enable]>
           partial-install-rev: <value in [disable, enable]>
           perform-improve-by-ha: <value in [disable, enable]>
           policy-hit-count: <value in [disable, enable]>
           policy-object-in-dual-pane: <value in [disable, enable]>
           pre-login-banner: <value in [disable, enable]>
           pre-login-banner-message: <value of string>
           remoteauthtimeout: <value of integer>
           search-all-adoms: <value in [disable, enable]>
           ssl-low-encryption: <value in [disable, enable]>
           ssl-protocol:
             - tlsv1.2
             - tlsv1.1
             - tlsv1.0
             - sslv3
           ssl-static-key-ciphers: <value in [disable, enable]>
           task-list-size: <value of integer>
           tftp: <value in [disable, enable]>
           timezone: <value in [00, 01, 02, ...]>
           tunnel-mtu: <value of integer>
           usg: <value in [disable, enable]>
           vdom-mirror: <value in [disable, enable]>
           webservice-proto:
             - tlsv1.2
             - tlsv1.1
             - tlsv1.0
             - sslv3
             - sslv2
           workflow-max-sessions: <value of integer>
           workspace-mode: <value in [disabled, normal, workflow]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

request_url

string

always

The full url requested


Sample:

/sys/login/user

response_code

integer

always

The status of api request


response_message

string

always

The descriptive message of the api response


Sample:

OK.




Authors

  • Link Zheng (@chillancezen)
  • Jie Xue (@JieX19)
  • Frank Shen (@fshen01)
  • Hongbin Lu (@fgtdev-hblu)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_system_global_module.html