fortinet.fortios.fortios_system_interface – Configure interfaces in Fortinet’s FortiOS and FortiGate.
fortinet.fortios.fortios_system_interface – Configure interfaces in Fortinet’s FortiOS and FortiGate.
Note
This plugin is part of the fortinet.fortios collection (version 1.1.8).
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_system_interface.
New in version 2.8: of fortinet.fortios
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
|
access_token string |
Token-based authentication. Generated from GUI of Fortigate. | |||||
|
state string added in 2.9 of fortinet.fortios |
|
Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||||
|
system_interface dictionary |
Configure interfaces. | |||||
|
ac_name string |
PPPoE server name. | |||||
|
aggregate string |
Aggregate interface. | |||||
|
algorithm string |
|
Frame distribution algorithm. | ||||
|
alias string |
Alias will be displayed with the interface name to make it easier to distinguish. | |||||
|
allowaccess list / elements=string |
|
Permitted types of management access to this interface. | ||||
|
ap_discover string |
|
Enable/disable automatic registration of unknown FortiAP devices. | ||||
|
arpforward string |
|
Enable/disable ARP forwarding. | ||||
|
auth_type string |
|
PPP authentication type to use. | ||||
|
auto_auth_extension_device string |
|
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. | ||||
|
bfd string |
|
Bidirectional Forwarding Detection (BFD) settings. | ||||
|
bfd_desired_min_tx integer |
BFD desired minimal transmit interval. | |||||
|
bfd_detect_mult integer |
BFD detection multiplier. | |||||
|
bfd_required_min_rx integer |
BFD required minimal receive interval. | |||||
|
broadcast_forticlient_discovery string |
|
Enable/disable broadcasting FortiClient discovery messages. | ||||
|
broadcast_forward string |
|
Enable/disable broadcast forwarding. | ||||
|
captive_portal integer |
Enable/disable captive portal. | |||||
|
cli_conn_status integer |
CLI connection status. | |||||
|
color integer |
Color of icon on the GUI. | |||||
|
dedicated_to string |
|
Configure interface for single purpose. | ||||
|
defaultgw string |
|
Enable to get the gateway IP from the DHCP or PPPoE server. | ||||
|
description string |
Description. | |||||
|
detected_peer_mtu integer |
MTU of detected peer (0 - 4294967295). | |||||
|
detectprotocol string |
|
Protocols used to detect the server. | ||||
|
detectserver string |
Gateway"s ping server for this IP. | |||||
|
device_access_list string |
Device access list. | |||||
|
device_identification string |
|
Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. | ||||
|
device_identification_active_scan string |
|
Enable/disable active gathering of device identity information about the devices on the network connected to this interface. | ||||
|
device_netscan string |
|
Enable/disable inclusion of devices detected on this interface in network vulnerability scans. | ||||
|
device_user_identification string |
|
Enable/disable passive gathering of user identity information about users on this interface. | ||||
|
devindex integer |
Device Index. | |||||
|
dhcp_client_identifier string |
DHCP client identifier. | |||||
|
dhcp_relay_agent_option string |
|
Enable/disable DHCP relay agent option. | ||||
|
dhcp_relay_ip string |
DHCP relay IP address. | |||||
|
dhcp_relay_service string |
|
Enable/disable allowing this interface to act as a DHCP relay. | ||||
|
dhcp_relay_type string |
|
DHCP relay type (regular or IPsec). | ||||
|
dhcp_renew_time integer |
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. | |||||
|
disc_retry_timeout integer |
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. | |||||
|
disconnect_threshold integer |
Time in milliseconds to wait before sending a notification that this interface is down or disconnected. | |||||
|
distance integer |
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. | |||||
|
dns_server_override string |
|
Enable/disable use DNS acquired by DHCP or PPPoE. | ||||
|
drop_fragment string |
|
Enable/disable drop fragment packets. | ||||
|
drop_overlapped_fragment string |
|
Enable/disable drop overlapped fragment packets. | ||||
|
egress_shaping_profile string |
Outgoing traffic shaping profile. | |||||
|
endpoint_compliance string |
|
Enable/disable endpoint compliance enforcement. | ||||
|
estimated_downstream_bandwidth integer |
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. | |||||
|
estimated_upstream_bandwidth integer |
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. | |||||
|
explicit_ftp_proxy string |
|
Enable/disable the explicit FTP proxy on this interface. | ||||
|
explicit_web_proxy string |
|
Enable/disable the explicit web proxy on this interface. | ||||
|
external string |
|
Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet). | ||||
|
fail_action_on_extender string |
|
Action on extender when interface fail . | ||||
|
fail_alert_interfaces list / elements=string |
Names of the FortiGate interfaces from which the link failure alert is sent for this interface. | |||||
|
name string / required |
Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name. | |||||
|
fail_alert_method string |
|
Select link-failed-signal or link-down method to alert about a failed link. | ||||
|
fail_detect string |
|
Enable/disable fail detection features for this interface. | ||||
|
fail_detect_option string |
|
Options for detecting that this interface has failed. | ||||
|
fortiheartbeat string |
|
Enable/disable FortiHeartBeat (FortiTelemetry on GUI). | ||||
|
fortilink string |
|
Enable FortiLink to dedicate this interface to manage other Fortinet devices. | ||||
|
fortilink_backup_link integer |
fortilink split interface backup link. | |||||
|
fortilink_split_interface string |
|
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members" command). | ||||
|
fortilink_stacking string |
|
Enable/disable FortiLink switch-stacking on this interface. | ||||
|
forward_domain integer |
Transparent mode forward domain. | |||||
|
gwdetect string |
|
Enable/disable detect gateway alive for first. | ||||
|
ha_priority integer |
HA election priority for the PING server. | |||||
|
icmp_redirect string |
|
Enable/disable ICMP redirect. | ||||
|
ident_accept string |
|
Enable/disable authentication for this interface. | ||||
|
idle_timeout integer |
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. | |||||
|
inbandwidth integer |
Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. | |||||
|
ingress_spillover_threshold integer |
Ingress Spillover threshold (0 - 16776000 kbps). | |||||
|
interface string |
Interface name. Source system.interface.name. | |||||
|
internal integer |
Implicitly created. | |||||
|
ip string |
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. | |||||
|
ipmac string |
|
Enable/disable IP/MAC binding. | ||||
|
ips_sniffer_mode string |
|
Enable/disable the use of this interface as a one-armed sniffer. | ||||
|
ipunnumbered string |
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. | |||||
|
ipv6 dictionary |
IPv6 of interface. | |||||
|
autoconf string |
|
Enable/disable address auto config. | ||||
|
dhcp6_client_options string |
|
DHCPv6 client options. | ||||
|
dhcp6_information_request string |
|
Enable/disable DHCPv6 information request. | ||||
|
dhcp6_prefix_delegation string |
|
Enable/disable DHCPv6 prefix delegation. | ||||
|
dhcp6_prefix_hint string |
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. | |||||
|
dhcp6_prefix_hint_plt integer |
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. | |||||
|
dhcp6_prefix_hint_vlt integer |
DHCPv6 prefix hint valid life time (sec). | |||||
|
dhcp6_relay_ip string |
DHCPv6 relay IP address. | |||||
|
dhcp6_relay_service string |
|
Enable/disable DHCPv6 relay. | ||||
|
dhcp6_relay_type string |
|
DHCPv6 relay type. | ||||
|
ip6_address string |
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx | |||||
|
ip6_allowaccess list / elements=string |
|
Allow management access to the interface. | ||||
|
ip6_default_life integer |
Default life (sec). | |||||
|
ip6_delegated_prefix_list list / elements=string |
Advertised IPv6 delegated prefix list. | |||||
|
autonomous_flag string |
|
Enable/disable the autonomous flag. | ||||
|
onlink_flag string |
|
Enable/disable the onlink flag. | ||||
|
prefix_id integer |
Prefix ID. | |||||
|
rdnss string |
Recursive DNS server option. | |||||
|
rdnss_service string |
|
Recursive DNS service option. | ||||
|
subnet string |
Add subnet ID to routing prefix. | |||||
|
upstream_interface string |
Name of the interface that provides delegated information. Source system.interface.name. | |||||
|
ip6_dns_server_override string |
|
Enable/disable using the DNS server acquired by DHCP. | ||||
|
ip6_extra_addr list / elements=string |
Extra IPv6 address prefixes of interface. | |||||
|
prefix string / required |
IPv6 address prefix. | |||||
|
ip6_hop_limit integer |
Hop limit (0 means unspecified). | |||||
|
ip6_link_mtu integer |
IPv6 link MTU. | |||||
|
ip6_manage_flag string |
|
Enable/disable the managed flag. | ||||
|
ip6_max_interval integer |
IPv6 maximum interval (4 to 1800 sec). | |||||
|
ip6_min_interval integer |
IPv6 minimum interval (3 to 1350 sec). | |||||
|
ip6_mode string |
|
Addressing mode (static, DHCP, delegated). | ||||
|
ip6_other_flag string |
|
Enable/disable the other IPv6 flag. | ||||
|
ip6_prefix_list list / elements=string |
Advertised prefix list. | |||||
|
autonomous_flag string |
|
Enable/disable the autonomous flag. | ||||
|
dnssl list / elements=string |
DNS search list option. | |||||
|
domain string / required |
Domain name. | |||||
|
onlink_flag string |
|
Enable/disable the onlink flag. | ||||
|
preferred_life_time integer |
Preferred life time (sec). | |||||
|
prefix string / required |
IPv6 prefix. | |||||
|
rdnss string |
Recursive DNS server option. | |||||
|
valid_life_time integer |
Valid life time (sec). | |||||
|
ip6_reachable_time integer |
IPv6 reachable time (milliseconds; 0 means unspecified). | |||||
|
ip6_retrans_time integer |
IPv6 retransmit time (milliseconds; 0 means unspecified). | |||||
|
ip6_send_adv string |
|
Enable/disable sending advertisements about the interface. | ||||
|
ip6_subnet string |
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx | |||||
|
ip6_upstream_interface string |
Interface name providing delegated information. Source system.interface.name. | |||||
|
nd_cert string |
Neighbor discovery certificate. Source certificate.local.name. | |||||
|
nd_cga_modifier string |
Neighbor discovery CGA modifier. | |||||
|
nd_mode string |
|
Neighbor discovery mode. | ||||
|
nd_security_level integer |
Neighbor discovery security level (0 - 7; 0 = least secure). | |||||
|
nd_timestamp_delta integer |
Neighbor discovery timestamp delta value (1 - 3600 sec; ). | |||||
|
nd_timestamp_fuzz integer |
Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). | |||||
|
vrip6_link_local string |
Link-local IPv6 address of virtual router. | |||||
|
vrrp6 list / elements=string |
IPv6 VRRP configuration. | |||||
|
accept_mode string |
|
Enable/disable accept mode. | ||||
|
adv_interval integer |
Advertisement interval (1 - 255 seconds). | |||||
|
preempt string |
|
Enable/disable preempt mode. | ||||
|
priority integer |
Priority of the virtual router (1 - 255). | |||||
|
start_time integer |
Startup time (1 - 255 seconds). | |||||
|
status string |
|
Enable/disable VRRP. | ||||
|
vrdst6 string |
Monitor the route to this destination. | |||||
|
vrgrp integer |
VRRP group ID (1 - 65535). | |||||
|
vrid integer / required |
Virtual router identifier (1 - 255). | |||||
|
vrip6 string |
IPv6 address of the virtual router. | |||||
|
vrrp_virtual_mac6 string |
|
Enable/disable virtual MAC for VRRP. | ||||
|
l2forward string |
|
Enable/disable l2 forwarding. | ||||
|
lacp_ha_slave string |
|
LACP HA slave. | ||||
|
lacp_mode string |
|
LACP mode. | ||||
|
lacp_speed string |
|
How often the interface sends LACP messages. | ||||
|
lcp_echo_interval integer |
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. | |||||
|
lcp_max_echo_fails integer |
Maximum missed LCP echo messages before disconnect. | |||||
|
link_up_delay integer |
Number of milliseconds to wait before considering a link is up. | |||||
|
lldp_transmission string |
|
Enable/disable Link Layer Discovery Protocol (LLDP) transmission. | ||||
|
macaddr string |
Change the interface"s MAC address. | |||||
|
managed_device list / elements=string |
Available when FortiLink is enabled, used for managed devices through FortiLink interface. | |||||
|
name string / required |
Managed dev identifier. | |||||
|
management_ip string |
High Availability in-band management IP address of this interface. | |||||
|
member list / elements=string |
Physical interfaces that belong to the aggregate or redundant interface. | |||||
|
interface_name string |
Physical interface name. Source system.interface.name. | |||||
|
min_links integer |
Minimum number of aggregated ports that must be up. | |||||
|
min_links_down string |
|
Action to take when less than the configured minimum number of links are active. | ||||
|
mode string |
|
Addressing mode (static, DHCP, PPPoE). | ||||
|
mtu integer |
MTU value for this interface. | |||||
|
mtu_override string |
|
Enable to set a custom MTU for this interface. | ||||
|
name string / required |
Name. | |||||
|
ndiscforward string |
|
Enable/disable NDISC forwarding. | ||||
|
netbios_forward string |
|
Enable/disable NETBIOS forwarding. | ||||
|
netflow_sampler string |
|
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). | ||||
|
outbandwidth integer |
Bandwidth limit for outgoing traffic (0 - 16776000 kbps). | |||||
|
padt_retry_timeout integer |
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. | |||||
|
password string |
PPPoE account"s password. | |||||
|
ping_serv_status integer |
PING server status. | |||||
|
polling_interval integer |
sFlow polling interval (1 - 255 sec). | |||||
|
pppoe_unnumbered_negotiate string |
|
Enable/disable PPPoE unnumbered negotiation. | ||||
|
pptp_auth_type string |
|
PPTP authentication type. | ||||
|
pptp_client string |
|
Enable/disable PPTP client. | ||||
|
pptp_password string |
PPTP password. | |||||
|
pptp_server_ip string |
PPTP server IP address. | |||||
|
pptp_timeout integer |
Idle timer in minutes (0 for disabled). | |||||
|
pptp_user string |
PPTP user name. | |||||
|
preserve_session_route string |
|
Enable/disable preservation of session route when dirty. | ||||
|
priority integer |
Priority of learned routes. | |||||
|
priority_override string |
|
Enable/disable fail back to higher priority port once recovered. | ||||
|
proxy_captive_portal string |
|
Enable/disable proxy captive portal on this interface. | ||||
|
redundant_interface string |
Redundant interface. | |||||
|
remote_ip string |
Remote IP address of tunnel. | |||||
|
replacemsg_override_group string |
Replacement message override group. | |||||
|
role string |
|
Interface role. | ||||
|
sample_direction string |
|
Data that NetFlow collects (rx, tx, or both). | ||||
|
sample_rate integer |
sFlow sample rate (10 - 99999). | |||||
|
scan_botnet_connections string |
|
Enable monitoring or blocking connections to Botnet servers through this interface. | ||||
|
secondary_IP string |
|
Enable/disable adding a secondary IP to this interface. | ||||
|
secondaryip list / elements=string |
Second IP address of interface. | |||||
|
allowaccess string |
|
Management access settings for the secondary IP address. | ||||
|
detectprotocol string |
|
Protocols used to detect the server. | ||||
|
detectserver string |
Gateway"s ping server for this IP. | |||||
|
gwdetect string |
|
Enable/disable detect gateway alive for first. | ||||
|
ha_priority integer |
HA election priority for the PING server. | |||||
|
id integer / required |
ID. | |||||
|
ip string |
Secondary IP address of the interface. | |||||
|
ping_serv_status integer |
PING server status. | |||||
|
security_exempt_list string |
Name of security-exempt-list. | |||||
|
security_external_logout string |
URL of external authentication logout server. | |||||
|
security_external_web string |
URL of external authentication web server. | |||||
|
security_groups list / elements=string |
User groups that can authenticate with the captive portal. | |||||
|
name string / required |
Names of user groups that can authenticate with the captive portal. | |||||
|
security_mac_auth_bypass string |
|
Enable/disable MAC authentication bypass. | ||||
|
security_mode string |
|
Turn on captive portal authentication for this interface. | ||||
|
security_redirect_url string |
URL redirection after disclaimer/authentication. | |||||
|
service_name string |
PPPoE service name. | |||||
|
sflow_sampler string |
|
Enable/disable sFlow on this interface. | ||||
|
snmp_index integer |
Permanent SNMP Index of the interface. | |||||
|
speed string |
|
Interface speed. The default setting and the options available depend on the interface hardware. | ||||
|
spillover_threshold integer |
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. | |||||
|
src_check string |
|
Enable/disable source IP check. | ||||
|
state string |
|
Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||||
|
status string |
|
Bring the interface up or shut the interface down. | ||||
|
stpforward string |
|
Enable/disable STP forwarding. | ||||
|
stpforward_mode string |
|
Configure STP forwarding mode. | ||||
|
subst string |
|
Enable to always send packets from this interface to a destination MAC address. | ||||
|
substitute_dst_mac string |
Destination MAC address that all packets are sent to from this interface. | |||||
|
switch string |
Contained in switch. | |||||
|
switch_controller_access_vlan string |
|
Block FortiSwitch port-to-port traffic. | ||||
|
switch_controller_arp_inspection string |
|
Enable/disable FortiSwitch ARP inspection. | ||||
|
switch_controller_dhcp_snooping string |
|
Switch controller DHCP snooping. | ||||
|
switch_controller_dhcp_snooping_option82 string |
|
Switch controller DHCP snooping option82. | ||||
|
switch_controller_dhcp_snooping_verify_mac string |
|
Switch controller DHCP snooping verify MAC. | ||||
|
switch_controller_igmp_snooping string |
|
Switch controller IGMP snooping. | ||||
|
switch_controller_learning_limit integer |
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). | |||||
|
tagging list / elements=string |
Config object tagging. | |||||
|
category string |
Tag category. Source system.object-tagging.category. | |||||
|
name string / required |
Tagging entry name. | |||||
|
tags list / elements=string |
Tags. | |||||
|
name string / required |
Tag name. Source system.object-tagging.tags.name. | |||||
|
tcp_mss integer |
TCP maximum segment size. 0 means do not change segment size. | |||||
|
trust_ip6_1 string |
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
|
trust_ip6_2 string |
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
|
trust_ip6_3 string |
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
|
trust_ip_1 string |
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
|
trust_ip_2 string |
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
|
trust_ip_3 string |
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
|
type string |
|
Interface type. | ||||
|
username string |
Username of the PPPoE account, provided by your ISP. | |||||
|
vdom string |
Interface is in this virtual domain (VDOM). Source system.vdom.name. | |||||
|
vindex integer |
Switch control interface VLAN ID. | |||||
|
vlanforward string |
|
Enable/disable traffic forwarding between VLANs on this interface. | ||||
|
vlanid integer |
VLAN ID (1 - 4094). | |||||
|
vrf integer |
Virtual Routing Forwarding ID. | |||||
|
vrrp list / elements=string |
VRRP configuration. | |||||
|
accept_mode string |
|
Enable/disable accept mode. | ||||
|
adv_interval integer |
Advertisement interval (1 - 255 seconds). | |||||
|
preempt string |
|
Enable/disable preempt mode. | ||||
|
priority integer |
Priority of the virtual router (1 - 255). | |||||
|
proxy_arp list / elements=string |
VRRP Proxy ARP configuration. | |||||
|
id integer / required |
ID. | |||||
|
ip string |
Set IP addresses of proxy ARP. | |||||
|
start_time integer |
Startup time (1 - 255 seconds). | |||||
|
status string |
|
Enable/disable this VRRP configuration. | ||||
|
version string |
|
VRRP version. | ||||
|
vrdst string |
Monitor the route to this destination. | |||||
|
vrdst_priority integer |
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). | |||||
|
vrgrp integer |
VRRP group ID (1 - 65535). | |||||
|
vrid integer / required |
Virtual router identifier (1 - 255). | |||||
|
vrip string |
IP address of the virtual router. | |||||
|
vrrp_virtual_mac string |
|
Enable/disable use of virtual MAC for VRRP. | ||||
|
wccp string |
|
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. | ||||
|
weight integer |
Default weight for static routes (if route has no weight configured). | |||||
|
wins_ip string |
WINS server IP. | |||||
|
vdom string |
Default: "root" |
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Notes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure interfaces.
fortios_system_interface:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_interface:
ac_name: "<your_own_value>"
aggregate: "<your_own_value>"
algorithm: "L2"
alias: "<your_own_value>"
allowaccess: "ping"
ap_discover: "enable"
arpforward: "enable"
auth_type: "auto"
auto_auth_extension_device: "enable"
bfd: "global"
bfd_desired_min_tx: "13"
bfd_detect_mult: "14"
bfd_required_min_rx: "15"
broadcast_forticlient_discovery: "enable"
broadcast_forward: "enable"
captive_portal: "18"
cli_conn_status: "19"
color: "20"
dedicated_to: "none"
defaultgw: "enable"
description: "<your_own_value>"
detected_peer_mtu: "24"
detectprotocol: "ping"
detectserver: "<your_own_value>"
device_access_list: "<your_own_value>"
device_identification: "enable"
device_identification_active_scan: "enable"
device_netscan: "disable"
device_user_identification: "enable"
devindex: "32"
dhcp_client_identifier: "myId_33"
dhcp_relay_agent_option: "enable"
dhcp_relay_ip: "<your_own_value>"
dhcp_relay_service: "disable"
dhcp_relay_type: "regular"
dhcp_renew_time: "38"
disc_retry_timeout: "39"
disconnect_threshold: "40"
distance: "41"
dns_server_override: "enable"
drop_fragment: "enable"
drop_overlapped_fragment: "enable"
egress_shaping_profile: "<your_own_value>"
endpoint_compliance: "enable"
estimated_downstream_bandwidth: "47"
estimated_upstream_bandwidth: "48"
explicit_ftp_proxy: "enable"
explicit_web_proxy: "enable"
external: "enable"
fail_action_on_extender: "soft-restart"
fail_alert_interfaces:
-
name: "default_name_54 (source system.interface.name)"
fail_alert_method: "link-failed-signal"
fail_detect: "enable"
fail_detect_option: "detectserver"
fortiheartbeat: "enable"
fortilink: "enable"
fortilink_backup_link: "60"
fortilink_split_interface: "enable"
fortilink_stacking: "enable"
forward_domain: "63"
gwdetect: "enable"
ha_priority: "65"
icmp_redirect: "enable"
ident_accept: "enable"
idle_timeout: "68"
inbandwidth: "69"
ingress_spillover_threshold: "70"
interface: "<your_own_value> (source system.interface.name)"
internal: "72"
ip: "<your_own_value>"
ipmac: "enable"
ips_sniffer_mode: "enable"
ipunnumbered: "<your_own_value>"
ipv6:
autoconf: "enable"
dhcp6_client_options: "rapid"
dhcp6_information_request: "enable"
dhcp6_prefix_delegation: "enable"
dhcp6_prefix_hint: "<your_own_value>"
dhcp6_prefix_hint_plt: "83"
dhcp6_prefix_hint_vlt: "84"
dhcp6_relay_ip: "<your_own_value>"
dhcp6_relay_service: "disable"
dhcp6_relay_type: "regular"
ip6_address: "<your_own_value>"
ip6_allowaccess: "ping"
ip6_default_life: "90"
ip6_delegated_prefix_list:
-
autonomous_flag: "enable"
onlink_flag: "enable"
prefix_id: "94"
rdnss: "<your_own_value>"
rdnss_service: "delegated"
subnet: "<your_own_value>"
upstream_interface: "<your_own_value> (source system.interface.name)"
ip6_dns_server_override: "enable"
ip6_extra_addr:
-
prefix: "<your_own_value>"
ip6_hop_limit: "102"
ip6_link_mtu: "103"
ip6_manage_flag: "enable"
ip6_max_interval: "105"
ip6_min_interval: "106"
ip6_mode: "static"
ip6_other_flag: "enable"
ip6_prefix_list:
-
autonomous_flag: "enable"
dnssl:
-
domain: "<your_own_value>"
onlink_flag: "enable"
preferred_life_time: "114"
prefix: "<your_own_value>"
rdnss: "<your_own_value>"
valid_life_time: "117"
ip6_reachable_time: "118"
ip6_retrans_time: "119"
ip6_send_adv: "enable"
ip6_subnet: "<your_own_value>"
ip6_upstream_interface: "<your_own_value> (source system.interface.name)"
nd_cert: "<your_own_value> (source certificate.local.name)"
nd_cga_modifier: "<your_own_value>"
nd_mode: "basic"
nd_security_level: "126"
nd_timestamp_delta: "127"
nd_timestamp_fuzz: "128"
vrip6_link_local: "<your_own_value>"
vrrp_virtual_mac6: "enable"
vrrp6:
-
accept_mode: "enable"
adv_interval: "133"
preempt: "enable"
priority: "135"
start_time: "136"
status: "enable"
vrdst6: "<your_own_value>"
vrgrp: "139"
vrid: "140"
vrip6: "<your_own_value>"
l2forward: "enable"
lacp_ha_slave: "enable"
lacp_mode: "static"
lacp_speed: "slow"
lcp_echo_interval: "146"
lcp_max_echo_fails: "147"
link_up_delay: "148"
lldp_transmission: "enable"
macaddr: "<your_own_value>"
managed_device:
-
name: "default_name_152"
management_ip: "<your_own_value>"
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
min_links: "156"
min_links_down: "operational"
mode: "static"
mtu: "159"
mtu_override: "enable"
name: "default_name_161"
ndiscforward: "enable"
netbios_forward: "disable"
netflow_sampler: "disable"
outbandwidth: "165"
padt_retry_timeout: "166"
password: "<your_own_value>"
ping_serv_status: "168"
polling_interval: "169"
pppoe_unnumbered_negotiate: "enable"
pptp_auth_type: "auto"
pptp_client: "enable"
pptp_password: "<your_own_value>"
pptp_server_ip: "<your_own_value>"
pptp_timeout: "175"
pptp_user: "<your_own_value>"
preserve_session_route: "enable"
priority: "178"
priority_override: "enable"
proxy_captive_portal: "enable"
redundant_interface: "<your_own_value>"
remote_ip: "<your_own_value>"
replacemsg_override_group: "<your_own_value>"
role: "lan"
sample_direction: "tx"
sample_rate: "186"
scan_botnet_connections: "disable"
secondary_IP: "enable"
secondaryip:
-
allowaccess: "ping"
detectprotocol: "ping"
detectserver: "<your_own_value>"
gwdetect: "enable"
ha_priority: "194"
id: "195"
ip: "<your_own_value>"
ping_serv_status: "197"
security_exempt_list: "<your_own_value>"
security_external_logout: "<your_own_value>"
security_external_web: "<your_own_value>"
security_groups:
-
name: "default_name_202"
security_mac_auth_bypass: "enable"
security_mode: "none"
security_redirect_url: "<your_own_value>"
service_name: "<your_own_value>"
sflow_sampler: "enable"
snmp_index: "208"
speed: "auto"
spillover_threshold: "210"
src_check: "enable"
status: "up"
stpforward: "enable"
stpforward_mode: "rpl-all-ext-id"
subst: "enable"
substitute_dst_mac: "<your_own_value>"
switch: "<your_own_value>"
switch_controller_access_vlan: "enable"
switch_controller_arp_inspection: "enable"
switch_controller_dhcp_snooping: "enable"
switch_controller_dhcp_snooping_option82: "enable"
switch_controller_dhcp_snooping_verify_mac: "enable"
switch_controller_igmp_snooping: "enable"
switch_controller_learning_limit: "224"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_227"
tags:
-
name: "default_name_229 (source system.object-tagging.tags.name)"
tcp_mss: "230"
trust_ip_1: "<your_own_value>"
trust_ip_2: "<your_own_value>"
trust_ip_3: "<your_own_value>"
trust_ip6_1: "<your_own_value>"
trust_ip6_2: "<your_own_value>"
trust_ip6_3: "<your_own_value>"
type: "physical"
username: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vindex: "240"
vlanforward: "enable"
vlanid: "242"
vrf: "243"
vrrp:
-
accept_mode: "enable"
adv_interval: "246"
preempt: "enable"
priority: "248"
proxy_arp:
-
id: "250"
ip: "<your_own_value>"
start_time: "252"
status: "enable"
version: "2"
vrdst: "<your_own_value>"
vrdst_priority: "256"
vrgrp: "257"
vrid: "258"
vrip: "<your_own_value>"
vrrp_virtual_mac: "enable"
wccp: "enable"
weight: "262"
wins_ip: "<your_own_value>"Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
build string |
always |
Build number of the fortigate image
Sample: 1547 |
|
http_method string |
always |
Last method used to provision the content into FortiGate
Sample: PUT |
|
http_status string |
always |
Last result given by FortiGate on last operation applied
Sample: 200 |
|
mkey string |
success |
Master key (id) used in the last call to FortiGate
Sample: id |
|
name string |
always |
Name of the table used to fulfill the request
Sample: urlfilter |
|
path string |
always |
Path of the table used to fulfill the request
Sample: webfilter |
|
revision string |
always |
Internal revision number
Sample: 17.0.2.10658 |
|
serial string |
always |
Serial number of the unit
Sample: FGVMEVYYQT3AB5352 |
|
status string |
always |
Indication of the operation's result
Sample: success |
|
vdom string |
always |
Virtual domain used
Sample: root |
|
version string |
always |
Version of the FortiGate
Sample: v5.6.3 |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortios/fortios_system_interface_module.html
