fortinet.fortimanager.fmgr_devprof_system_global module – Configure global attributes.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_devprof_system_global.

New in fortinet.fortimanager 1.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

devprof

string / required

The parameter (devprof) in requested url.

devprof_system_global

dictionary

The top level parameters set.

admin_ble_button

string

Press the BLE button can enable BLE function

Choices:

  • "disable"

  • "enable"

admin_concurrent

string

Enable/disable concurrent administrator logins.

Choices:

  • "disable"

  • "enable"

admin_console_timeout

integer

Console login timeout that overrides the admin timeout value

admin_forticloud_sso_default_profile

any

(list) Override access profile.

admin_forticloud_sso_login

string

Enable/disable FortiCloud admin login via SSO.

Choices:

  • "disable"

  • "enable"

admin_host

string

Administrative host for HTTP and HTTPS.

admin_hsts_max_age

integer

HTTPS Strict-Transport-Security header max-age in seconds.

admin_https_pki_required

string

Enable/disable admin login method.

Choices:

  • "disable"

  • "enable"

admin_https_redirect

string

Enable/disable redirection of HTTP administration access to HTTPS.

Choices:

  • "disable"

  • "enable"

admin_https_ssl_banned_ciphers

list / elements=string

Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations.

Choices:

  • "RSA"

  • "DHE"

  • "ECDHE"

  • "DSS"

  • "ECDSA"

  • "AES"

  • "AESGCM"

  • "CAMELLIA"

  • "3DES"

  • "SHA1"

  • "SHA256"

  • "SHA384"

  • "STATIC"

  • "CHACHA20"

  • "ARIA"

  • "AESCCM"

admin_https_ssl_ciphersuites

list / elements=string

Select one or more TLS 1.

Choices:

  • "TLS-AES-128-GCM-SHA256"

  • "TLS-AES-256-GCM-SHA384"

  • "TLS-CHACHA20-POLY1305-SHA256"

  • "TLS-AES-128-CCM-SHA256"

  • "TLS-AES-128-CCM-8-SHA256"

admin_https_ssl_versions

list / elements=string

Allowed TLS versions for web administration.

Choices:

  • "tlsv1-0"

  • "tlsv1-1"

  • "tlsv1-2"

  • "sslv3"

  • "tlsv1-3"

admin_lockout_duration

integer

Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repea…

admin_lockout_threshold

integer

Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.

admin_login_max

integer

Maximum number of administrators who can be logged in at the same time

admin_maintainer

string

Enable/disable maintainer administrator login.

Choices:

  • "disable"

  • "enable"

admin_port

integer

Administrative access port for HTTP.

admin_reset_button

string

Press the reset button can reset to factory default.

Choices:

  • "disable"

  • "enable"

admin_restrict_local

string

Enable/disable local admin authentication restriction when remote authenticator is up and running

Choices:

  • "disable"

  • "enable"

  • "all"

  • "non-console-only"

admin_scp

string

Enable/disable using SCP to download the system configuration.

Choices:

  • "disable"

  • "enable"

admin_server_cert

any

(list) Server certificate that the FortiGate uses for HTTPS administrative connections.

admin_sport

integer

Administrative access port for HTTPS.

admin_ssh_grace_time

integer

Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating

admin_ssh_password

string

Enable/disable password authentication for SSH admin access.

Choices:

  • "disable"

  • "enable"

admin_ssh_port

integer

Administrative access port for SSH.

admin_ssh_v1

string

Enable/disable SSH v1 compatibility.

Choices:

  • "disable"

  • "enable"

admin_telnet

string

Enable/disable TELNET service.

Choices:

  • "disable"

  • "enable"

admin_telnet_port

integer

Administrative access port for TELNET.

admintimeout

integer

Number of minutes before an idle administrator session times out

airplane_mode

string

Enable/disable airplane mode.

Choices:

  • "disable"

  • "enable"

alias

string

Alias for your FortiGate unit.

allow_traffic_redirect

string

Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check.

Choices:

  • "disable"

  • "enable"

anti_replay

string

Level of checking for packet replay and TCP sequence checking.

Choices:

  • "disable"

  • "loose"

  • "strict"

arp_max_entry

integer

Maximum number of dynamically learned MAC addresses that can be added to the ARP table

auth_cert

any

(list) Server certificate that the FortiGate uses for HTTPS firewall authentication connections.

auth_http_port

integer

User authentication HTTP port.

auth_https_port

integer

User authentication HTTPS port.

auth_ike_saml_port

integer

User IKE SAML authentication port

auth_keepalive

string

Enable to prevent user authentication sessions from timing out when idle.

Choices:

  • "disable"

  • "enable"

auth_session_auto_backup

string

Enable/disable automatic and periodic backup of authentication sessions

Choices:

  • "disable"

  • "enable"

auth_session_auto_backup_interval

string

Configure automatic authentication session backup interval in minutes

Choices:

  • "1min"

  • "5min"

  • "15min"

  • "30min"

  • "1hr"

auth_session_limit

string

Action to take when the number of allowed user authenticated sessions is reached.

Choices:

  • "block-new"

  • "logout-inactive"

auto_auth_extension_device

string

Enable/disable automatic authorization of dedicated Fortinet extension devices.

Choices:

  • "disable"

  • "enable"

autorun_log_fsck

string

Enable/disable automatic log partition check after ungraceful shutdown.

Choices:

  • "disable"

  • "enable"

av_affinity

string

Affinity setting for AV scanning

av_failopen

string

Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.

Choices:

  • "off"

  • "pass"

  • "one-shot"

  • "idledrop"

av_failopen_session

string

When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and e…

Choices:

  • "disable"

  • "enable"

batch_cmdb

string

Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.

Choices:

  • "disable"

  • "enable"

bfd_affinity

string

Affinity setting for BFD daemon

block_session_timer

integer

Duration in seconds for blocked sessions

br_fdb_max_entry

integer

Maximum number of bridge forwarding database

cert_chain_max

integer

Maximum number of certificates that can be traversed in a certificate chain.

cfg_revert_timeout

integer

Time-out for reverting to the last saved configuration.

cfg_save

string

Configuration file save mode for CLI changes.

Choices:

  • "automatic"

  • "manual"

  • "revert"

check_protocol_header

string

Level of checking performed on protocol headers.

Choices:

  • "loose"

  • "strict"

check_reset_range

string

Configure ICMP error message verification.

Choices:

  • "disable"

  • "strict"

cli_audit_log

string

Enable/disable CLI audit log.

Choices:

  • "disable"

  • "enable"

cloud_communication

string

Enable/disable all cloud communication.

Choices:

  • "disable"

  • "enable"

clt_cert_req

string

Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.

Choices:

  • "disable"

  • "enable"

cmdbsvr_affinity

string

Affinity setting for cmdbsvr

cpu_use_threshold

integer

Threshold at which CPU usage is reported

csr_ca_attribute

string

Enable/disable the CA attribute in certificates.

Choices:

  • "disable"

  • "enable"

daily_restart

string

Enable/disable daily restart of FortiGate unit.

Choices:

  • "disable"

  • "enable"

default_service_source_port

string

Default service source port range

delay_tcp_npu_session

string

Enable TCP NPU session delay to guarantee packet order of 3-way handshake.

Choices:

  • "disable"

  • "enable"

device_idle_timeout

integer

Time in seconds that a device must be idle to automatically log the device user out.

dh_params

string

Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.

Choices:

  • "1024"

  • "1536"

  • "2048"

  • "3072"

  • "4096"

  • "6144"

  • "8192"

dhcp_lease_backup_interval

integer

DHCP leases backup interval in seconds

dnsproxy_worker_count

integer

DNS proxy worker count.

dp_fragment_timer

integer

DP fragment session timeout

dp_pinhole_timer

integer

DP pinhole session timeout

dp_rsync_timer

integer

DP rsync session timeout

dp_tcp_normal_timer

integer

DP tcp normal timeout

dp_udp_idle_timer

integer

DP udp idle timer

dst

string

Enable/disable daylight saving time.

Choices:

  • "disable"

  • "enable"

early_tcp_npu_session

string

Enable/disable early TCP NPU session.

Choices:

  • "disable"

  • "enable"

edit_vdom_prompt

string

Enable/disable edit new VDOM prompt.

Choices:

  • "disable"

  • "enable"

endpoint_control_fds_access

string

Endpoint control fds access.

Choices:

  • "disable"

  • "enable"

extender_controller_reserved_network

any

(list) Configure reserved network subnet for managed LAN extension FortiExtender units.

faz_disk_buffer_size

integer

Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer.

fds_statistics

string

Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard.

Choices:

  • "disable"

  • "enable"

fds_statistics_period

integer

FortiGuard statistics collection period in minutes.

fec_port

integer

Local UDP port for Forward Error Correction

fgd_alert_subscription

list / elements=string

Type of alert to retrieve from FortiGuard.

Choices:

  • "advisory"

  • "latest-threat"

  • "latest-virus"

  • "latest-attack"

  • "new-antivirus-db"

  • "new-attack-db"

forticarrier_bypass

string

Forticarrier bypass.

Choices:

  • "disable"

  • "enable"

forticontroller_proxy

string

Enable/disable FortiController proxy.

Choices:

  • "disable"

  • "enable"

forticontroller_proxy_port

integer

FortiController proxy port

forticonverter_config_upload

string

Enable/disable config upload to FortiConverter.

Choices:

  • "disable"

  • "once"

forticonverter_integration

string

Enable/disable FortiConverter integration service.

Choices:

  • "disable"

  • "enable"

fortiextender

string

Enable/disable FortiExtender.

Choices:

  • "disable"

  • "enable"

fortiextender_data_port

integer

FortiExtender data port

fortiextender_discovery_lockdown

string

Enable/disable FortiExtender CAPWAP lockdown.

Choices:

  • "disable"

  • "enable"

fortiextender_provision_on_authorization

string

Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.

Choices:

  • "disable"

  • "enable"

fortiextender_vlan_mode

string

Enable/disable FortiExtender VLAN mode.

Choices:

  • "disable"

  • "enable"

fortigslb_integration

string

Enable/disable integration with the FortiGSLB cloud service.

Choices:

  • "disable"

  • "enable"

fortiipam_integration

string

Enable/disable integration with the FortiIPAM cloud service.

Choices:

  • "disable"

  • "enable"

fortiservice_port

integer

FortiService port

fortitoken_cloud

string

Enable/disable FortiToken Cloud service.

Choices:

  • "disable"

  • "enable"

fortitoken_cloud_push_status

string

Enable/disable FTM push service of FortiToken Cloud.

Choices:

  • "disable"

  • "enable"

fortitoken_cloud_service

string

Fortitoken cloud service.

Choices:

  • "disable"

  • "enable"

fortitoken_cloud_sync_interval

integer

Interval in which to clean up remote users in FortiToken Cloud

gtpu_dynamic_source_port

string

Enable/disable GTP-U dynamic source port support.

Choices:

  • "disable"

  • "enable"

gui_allow_default_hostname

string

Enable/disable the factory default hostname warning on the GUI setup wizard.

Choices:

  • "disable"

  • "enable"

gui_allow_incompatible_fabric_fgt

string

Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI.

Choices:

  • "disable"

  • "enable"

gui_app_detection_sdwan

string

Enable/disable Allow app-detection based SD-WAN.

Choices:

  • "disable"

  • "enable"

gui_auto_upgrade_setup_warning

string

Enable/disable the automatic patch upgrade setup prompt on the GUI.

Choices:

  • "disable"

  • "enable"

gui_cdn_domain_override

string

Domain of CDN server.

gui_cdn_usage

string

Enable/disable Load GUI static files from a CDN.

Choices:

  • "disable"

  • "enable"

gui_certificates

string

Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.

Choices:

  • "disable"

  • "enable"

gui_custom_language

string

Enable/disable custom languages in GUI.

Choices:

  • "disable"

  • "enable"

gui_date_format

string

Default date format used throughout GUI.

Choices:

  • "yyyy/MM/dd"

  • "dd/MM/yyyy"

  • "MM/dd/yyyy"

  • "yyyy-MM-dd"

  • "dd-MM-yyyy"

  • "MM-dd-yyyy"

gui_date_time_source

string

Source from which the FortiGate GUI uses to display date and time entries.

Choices:

  • "system"

  • "browser"

gui_device_latitude

string

Support meta variable

Add the latitude of the location of this FortiGate to position it on the Threat Map.

gui_device_longitude

string

Support meta variable

Add the longitude of the location of this FortiGate to position it on the Threat Map.

gui_display_hostname

string

Enable/disable displaying the FortiGates hostname on the GUI login page.

Choices:

  • "disable"

  • "enable"

gui_firmware_upgrade_setup_warning

string

Gui firmware upgrade setup warning.

Choices:

  • "disable"

  • "enable"

gui_firmware_upgrade_warning

string

Enable/disable the firmware upgrade warning on the GUI.

Choices:

  • "disable"

  • "enable"

gui_forticare_registration_setup_warning

string

Enable/disable the FortiCare registration setup warning on the GUI.

Choices:

  • "disable"

  • "enable"

gui_fortigate_cloud_sandbox

string

Enable/disable displaying FortiGate Cloud Sandbox on the GUI.

Choices:

  • "disable"

  • "enable"

gui_fortiguard_resource_fetch

string

Enable/disable retrieving static GUI resources from FortiGuard.

Choices:

  • "disable"

  • "enable"

gui_fortisandbox_cloud

string

Enable/disable displaying FortiSandbox Cloud on the GUI.

Choices:

  • "disable"

  • "enable"

gui_ipv6

string

Enable/disable IPv6 settings on the GUI.

Choices:

  • "disable"

  • "enable"

gui_lines_per_page

integer

Number of lines to display per page for web administration.

gui_local_out

string

Enable/disable Local-out traffic on the GUI.

Choices:

  • "disable"

  • "enable"

gui_replacement_message_groups

string

Enable/disable replacement message groups on the GUI.

Choices:

  • "disable"

  • "enable"

gui_rest_api_cache

string

Enable/disable REST API result caching on FortiGate.

Choices:

  • "disable"

  • "enable"

gui_theme

string

Color scheme for the administration GUI.

Choices:

  • "blue"

  • "green"

  • "melongene"

  • "red"

  • "mariner"

  • "neutrino"

  • "jade"

  • "graphite"

  • "dark-matter"

  • "onyx"

  • "eclipse"

  • "retro"

  • "fpx"

  • "jet-stream"

  • "security-fabric"

gui_wireless_opensecurity

string

Enable/disable wireless open security option on the GUI.

Choices:

  • "disable"

  • "enable"

gui_workflow_management

string

Enable/disable Workflow management features on the GUI.

Choices:

  • "disable"

  • "enable"

ha_affinity

string

Affinity setting for HA daemons

honor_df

string

Enable/disable honoring of Dont-Fragment

Choices:

  • "disable"

  • "enable"

hostname

string

Support meta variable

FortiGate units hostname.

http_request_limit

integer

HTTP request body size limit.

http_unauthenticated_request_limit

integer

HTTP request body size limit before authentication.

httpd_max_worker_count

integer

Maximum number of simultaneous HTTP requests that will be served.

hw_switch_ether_filter

string

Enable/disable hardware filter for certain Ethernet packet types.

Choices:

  • "disable"

  • "enable"

hyper_scale_vdom_num

integer

Number of VDOMs for hyper scale license.

igmp_state_limit

integer

Maximum number of IGMP memberships

interface_subnet_usage

string

Enable/disable allowing use of interface-subnet setting in firewall addresses

Choices:

  • "disable"

  • "enable"

internal_switch_mode

string

Internal switch mode.

Choices:

  • "switch"

  • "interface"

  • "hub"

internal_switch_speed

list / elements=string

Internal port speed.

Choices:

  • "auto"

  • "10full"

  • "10half"

  • "100full"

  • "100half"

  • "1000full"

  • "1000auto"

internet_service_database

string

Configure which Internet Service database size to download from FortiGuard and use.

Choices:

  • "mini"

  • "standard"

  • "full"

  • "on-demand"

internet_service_download_list

any

(list) Configure which on-demand Internet Service IDs are to be downloaded.

ip_conflict_detection

string

Enable/disable logging of IPv4 address conflict detection.

Choices:

  • "disable"

  • "enable"

ip_fragment_mem_thresholds

integer

Maximum memory

ip_fragment_timeout

integer

Timeout value in seconds for any fragment not being reassembled

ip_src_port_range

any

(list) IP source port range used for traffic originating from the FortiGate unit.

ips_affinity

string

Affinity setting for IPS

ipsec_asic_offload

string

Enable/disable ASIC offloading

Choices:

  • "disable"

  • "enable"

ipsec_ha_seqjump_rate

integer

ESP jump ahead rate

ipsec_hmac_offload

string

Enable/disable offloading

Choices:

  • "disable"

  • "enable"

ipsec_qat_offload

string

Enable/disable QAT offloading

Choices:

  • "disable"

  • "enable"

ipsec_round_robin

string

Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic.

Choices:

  • "disable"

  • "enable"

ipsec_soft_dec_async

string

Enable/disable software decryption asynchronization

Choices:

  • "disable"

  • "enable"

ipv6_accept_dad

integer

Enable/disable acceptance of IPv6 Duplicate Address Detection

ipv6_allow_anycast_probe

string

Enable/disable IPv6 address probe through Anycast.

Choices:

  • "disable"

  • "enable"

ipv6_allow_local_in_silent_drop

string

Enable/disable silent drop of IPv6 local-in traffic.

Choices:

  • "disable"

  • "enable"

ipv6_allow_local_in_slient_drop

string

Enable/disable silent drop of IPv6 local-in traffic.

Choices:

  • "disable"

  • "enable"

ipv6_allow_multicast_probe

string

Enable/disable IPv6 address probe through Multicast.

Choices:

  • "disable"

  • "enable"

ipv6_allow_traffic_redirect

string

Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.

Choices:

  • "disable"

  • "enable"

ipv6_fragment_timeout

integer

Timeout value in seconds for any IPv6 fragment not being reassembled

irq_time_accounting

string

Configure CPU IRQ time accounting mode.

Choices:

  • "auto"

  • "force"

language

string

GUI display language.

Choices:

  • "english"

  • "simch"

  • "japanese"

  • "korean"

  • "spanish"

  • "trach"

  • "french"

  • "portuguese"

ldapconntimeout

integer

Global timeout for connections with remote LDAP servers in milliseconds

legacy_poe_device_support

string

Enable/disable legacy POE device support.

Choices:

  • "disable"

  • "enable"

lldp_reception

string

Enable/disable Link Layer Discovery Protocol

Choices:

  • "disable"

  • "enable"

lldp_transmission

string

Enable/disable Link Layer Discovery Protocol

Choices:

  • "disable"

  • "enable"

log_single_cpu_high

string

Enable/disable logging the event of a single CPU core reaching CPU usage threshold.

Choices:

  • "disable"

  • "enable"

log_ssl_connection

string

Enable/disable logging of SSL connection events.

Choices:

  • "disable"

  • "enable"

log_uuid_address

string

Enable/disable insertion of address UUIDs to traffic logs.

Choices:

  • "disable"

  • "enable"

log_uuid_policy

string

Enable/disable insertion of policy UUIDs to traffic logs.

Choices:

  • "disable"

  • "enable"

login_timestamp

string

Enable/disable login time recording.

Choices:

  • "disable"

  • "enable"

long_vdom_name

string

Enable/disable long VDOM name support.

Choices:

  • "disable"

  • "enable"

management_ip

string

Management IP address of this FortiGate.

management_port

integer

Overriding port for management connection

management_port_use_admin_sport

string

Enable/disable use of the admin-sport setting for the management port.

Choices:

  • "disable"

  • "enable"

management_vdom

any

(list) Management virtual domain name.

max_route_cache_size

integer

Maximum number of IP route cache entries

memory_use_threshold_extreme

integer

Threshold at which memory usage is considered extreme

memory_use_threshold_green

integer

Threshold at which memory usage forces the FortiGate to exit conserve mode

memory_use_threshold_red

integer

Threshold at which memory usage forces the FortiGate to enter conserve mode

miglog_affinity

string

Affinity setting for logging

miglogd_children

integer

Number of logging

multi_factor_authentication

string

Enforce all login methods to require an additional authentication factor

Choices:

  • "optional"

  • "mandatory"

ndp_max_entry

integer

Maximum number of NDP table entries

npu_neighbor_update

string

Enable/disable sending of ARP/ICMP6 probing packets to update neighbors for offloaded sessions.

Choices:

  • "disable"

  • "enable"

optimize_flow_mode

string

Flow mode optimization option.

Choices:

  • "disable"

  • "enable"

per_user_bal

string

Enable/disable per-user block/allow list filter.

Choices:

  • "disable"

  • "enable"

per_user_bwl

string

Enable/disable per-user black/white list filter.

Choices:

  • "disable"

  • "enable"

pmtu_discovery

string

Enable/disable path MTU discovery.

Choices:

  • "disable"

  • "enable"

policy_auth_concurrent

integer

Number of concurrent firewall use logins from the same user

post_login_banner

string

Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.

Choices:

  • "disable"

  • "enable"

pre_login_banner

string

Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.

Choices:

  • "disable"

  • "enable"

private_data_encryption

string

Enable/disable private data encryption using an AES 128-bit key or passpharse.

Choices:

  • "disable"

  • "enable"

proxy_and_explicit_proxy

string

Proxy and explicit proxy.

Choices:

  • "disable"

  • "enable"

proxy_auth_lifetime

string

Enable/disable authenticated users lifetime control.

Choices:

  • "disable"

  • "enable"

proxy_auth_lifetime_timeout

integer

Lifetime timeout in minutes for authenticated users

proxy_auth_timeout

integer

Authentication timeout in minutes for authenticated users

proxy_cert_use_mgmt_vdom

string

Enable/disable using management VDOM to send requests.

Choices:

  • "disable"

  • "enable"

proxy_cipher_hardware_acceleration

string

Enable/disable using content processor

Choices:

  • "disable"

  • "enable"

proxy_hardware_acceleration

string

Enable/disable email proxy hardware acceleration.

Choices:

  • "disable"

  • "enable"

proxy_keep_alive_mode

string

Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the use…

Choices:

  • "session"

  • "traffic"

  • "re-authentication"

proxy_kxp_hardware_acceleration

string

Enable/disable using the content processor to accelerate KXP traffic.

Choices:

  • "disable"

  • "enable"

proxy_re_authentication_mode

string

Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the use…

Choices:

  • "session"

  • "traffic"

  • "absolute"

proxy_re_authentication_time

integer

The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate

proxy_resource_mode

string

Enable/disable use of the maximum memory usage on the FortiGate units proxy processing of resources, such as block lists, …

Choices:

  • "disable"

  • "enable"

proxy_worker_count

integer

Proxy worker count.

purdue_level

string

Purdue Level of this FortiGate.

Choices:

  • "1"

  • "2"

  • "3"

  • "4"

  • "5"

  • "1.5"

  • "2.5"

  • "3.5"

  • "5.5"

qsfp28_40g_port

any

(list) Set port

qsfpdd_100g_port

any

(list) Split qsfpddd port

qsfpdd_split8_port

any

(list) Split qsfpddd port

quic_ack_thresold

integer

Maximum number of unacknowledged packets before sending ACK

quic_congestion_control_algo

string

QUIC congestion control algorithm

Choices:

  • "cubic"

  • "bbr"

  • "bbr2"

  • "reno"

quic_max_datagram_size

integer

Maximum transmit datagram size

quic_pmtud

string

Enable/disable path MTU discovery

Choices:

  • "disable"

  • "enable"

quic_tls_handshake_timeout

integer

Time-to-live

quic_udp_payload_size_shaping_per_cid

string

Enable/disable UDP payload size shaping per connection ID

Choices:

  • "disable"

  • "enable"

radius_port

integer

RADIUS service port number.

reboot_upon_config_restore

string

Enable/disable reboot of system upon restoring configuration.

Choices:

  • "disable"

  • "enable"

refresh

integer

Statistics refresh interval second

remoteauthtimeout

integer

Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers.

reset_sessionless_tcp

string

Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table.

Choices:

  • "disable"

  • "enable"

rest_api_key_url_query

string

Enable/disable support for passing REST API keys through URL query parameters.

Choices:

  • "disable"

  • "enable"

restart_time

string

Daily restart time

revision_backup_on_logout

string

Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.

Choices:

  • "disable"

  • "enable"

revision_image_auto_backup

string

Enable/disable back-up of the latest image revision after the firmware is upgraded.

Choices:

  • "disable"

  • "enable"

scanunit_count

integer

Number of scanunits.

scim_http_port

integer

SCIM http port

scim_https_port

integer

SCIM port

scim_server_cert

any

(list) Server certificate that the FortiGate uses for SCIM connections.

security_rating_result_submission

string

Enable/disable the submission of Security Rating results to FortiGuard.

Choices:

  • "disable"

  • "enable"

security_rating_run_on_schedule

string

Enable/disable scheduled runs of Security Rating.

Choices:

  • "disable"

  • "enable"

send_pmtu_icmp

string

Enable/disable sending of path maximum transmission unit

Choices:

  • "disable"

  • "enable"

sflowd_max_children_num

integer

Maximum number of sflowd child processes allowed to run.

show_backplane_intf

string

Show/hide backplane interfaces

Choices:

  • "disable"

  • "enable"

snat_route_change

string

Enable/disable the ability to change the source NAT route.

Choices:

  • "disable"

  • "enable"

special_file_23_support

string

Enable/disable detection of those special format files when using Data Loss Prevention.

Choices:

  • "disable"

  • "enable"

speedtest_server

string

Enable/disable speed test server.

Choices:

  • "disable"

  • "enable"

speedtestd_ctrl_port

integer

Speedtest server controller port number.

speedtestd_server_port

integer

Speedtest server port number.

split_port

any

(list) Split port

split_port_mode

list / elements=dictionary

Split port mode.

interface

string

Split port interface.

split_mode

string

The configuration mode for the split port interface.

Choices:

  • "disable"

  • "4x10G"

  • "4x25G"

  • "4x50G"

  • "8x50G"

  • "4x100G"

  • "2x200G"

  • "8x25G"

ssd_trim_date

integer

Date within a month to run ssd trim.

ssd_trim_freq

string

How often to run SSD Trim

Choices:

  • "daily"

  • "weekly"

  • "monthly"

  • "hourly"

  • "never"

ssd_trim_hour

integer

Hour of the day on which to run SSD Trim

ssd_trim_min

integer

Minute of the hour on which to run SSD Trim

ssd_trim_weekday

string

Day of week to run SSD Trim.

Choices:

  • "sunday"

  • "monday"

  • "tuesday"

  • "wednesday"

  • "thursday"

  • "friday"

  • "saturday"

ssh_cbc_cipher

string

Enable/disable CBC cipher for SSH access.

Choices:

  • "disable"

  • "enable"

ssh_enc_algo

list / elements=string

Select one or more SSH ciphers.

Choices:

  • "chacha20-poly1305@openssh.com"

  • "aes128-ctr"

  • "aes192-ctr"

  • "aes256-ctr"

  • "arcfour256"

  • "arcfour128"

  • "aes128-cbc"

  • "3des-cbc"

  • "blowfish-cbc"

  • "cast128-cbc"

  • "aes192-cbc"

  • "aes256-cbc"

  • "arcfour"

  • "rijndael-cbc@lysator.liu.se"

  • "aes128-gcm@openssh.com"

  • "aes256-gcm@openssh.com"

ssh_hmac_md5

string

Enable/disable HMAC-MD5 for SSH access.

Choices:

  • "disable"

  • "enable"

ssh_hostkey

string

Config SSH host key.

ssh_hostkey_algo

list / elements=string

Select one or more SSH hostkey algorithms.

Choices:

  • "ssh-rsa"

  • "ecdsa-sha2-nistp521"

  • "rsa-sha2-256"

  • "rsa-sha2-512"

  • "ssh-ed25519"

  • "ecdsa-sha2-nistp384"

  • "ecdsa-sha2-nistp256"

ssh_hostkey_override

string

Enable/disable SSH host key override in SSH daemon.

Choices:

  • "disable"

  • "enable"

ssh_hostkey_password

any

(list) Password for ssh-hostkey.

ssh_kex_algo

list / elements=string

Select one or more SSH kex algorithms.

Choices:

  • "diffie-hellman-group1-sha1"

  • "diffie-hellman-group14-sha1"

  • "diffie-hellman-group-exchange-sha1"

  • "diffie-hellman-group-exchange-sha256"

  • "curve25519-sha256@libssh.org"

  • "ecdh-sha2-nistp256"

  • "ecdh-sha2-nistp384"

  • "ecdh-sha2-nistp521"

  • "diffie-hellman-group14-sha256"

  • "diffie-hellman-group16-sha512"

  • "diffie-hellman-group18-sha512"

ssh_kex_sha1

string

Enable/disable SHA1 key exchange for SSH access.

Choices:

  • "disable"

  • "enable"

ssh_mac_algo

list / elements=string

Select one or more SSH MAC algorithms.

Choices:

  • "hmac-md5"

  • "hmac-md5-etm@openssh.com"

  • "hmac-md5-96"

  • "hmac-md5-96-etm@openssh.com"

  • "hmac-sha1"

  • "hmac-sha1-etm@openssh.com"

  • "hmac-sha2-256"

  • "hmac-sha2-256-etm@openssh.com"

  • "hmac-sha2-512"

  • "hmac-sha2-512-etm@openssh.com"

  • "hmac-ripemd160"

  • "hmac-ripemd160@openssh.com"

  • "hmac-ripemd160-etm@openssh.com"

  • "umac-64@openssh.com"

  • "umac-128@openssh.com"

  • "umac-64-etm@openssh.com"

  • "umac-128-etm@openssh.com"

ssh_mac_weak

string

Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.

Choices:

  • "disable"

  • "enable"

ssl_min_proto_version

string

Minimum supported protocol version for SSL/TLS connections

Choices:

  • "TLSv1"

  • "TLSv1-1"

  • "TLSv1-2"

  • "SSLv3"

  • "TLSv1-3"

ssl_static_key_ciphers

string

Enable/disable static key ciphers in SSL/TLS connections

Choices:

  • "disable"

  • "enable"

sslvpn_cipher_hardware_acceleration

string

Enable/disable SSL-VPN hardware acceleration.

Choices:

  • "disable"

  • "enable"

sslvpn_ems_sn_check

string

Enable/disable verification of EMS serial number in SSL-VPN connection.

Choices:

  • "disable"

  • "enable"

sslvpn_kxp_hardware_acceleration

string

Enable/disable SSL-VPN KXP hardware acceleration.

Choices:

  • "disable"

  • "enable"

sslvpn_max_worker_count

integer

Maximum number of SSL-VPN processes.

sslvpn_plugin_version_check

string

Enable/disable checking browsers plugin version by SSL-VPN.

Choices:

  • "disable"

  • "enable"

sslvpn_web_mode

string

Enable/disable SSL-VPN web mode.

Choices:

  • "disable"

  • "enable"

strict_dirty_session_check

string

Enable to check the session against the original policy when revalidating.

Choices:

  • "disable"

  • "enable"

strong_crypto

string

Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions.

Choices:

  • "disable"

  • "enable"

switch_controller

string

Enable/disable switch controller feature.

Choices:

  • "disable"

  • "enable"

switch_controller_reserved_network

any

(list) Configure reserved network subnet for managed switches.

sys_file_check_interval

integer

Set scheduled system file checking interval in minutes

sys_perf_log_interval

integer

Time in minutes between updates of performance statistics logging.

syslog_affinity

string

Affinity setting for syslog

tcp_halfclose_timer

integer

Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has…

tcp_halfopen_timer

integer

Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the…

tcp_option

string

Enable SACK, timestamp and MSS TCP options.

Choices:

  • "disable"

  • "enable"

tcp_rst_timer

integer

Length of the TCP CLOSE state in seconds

tcp_timewait_timer

integer

Length of the TCP TIME-WAIT state in seconds

tftp

string

Enable/disable TFTP.

Choices:

  • "disable"

  • "enable"

timezone

list / elements=string

Support meta variable

Timezone database name.

Choices:

  • "00"

  • "01"

  • "02"

  • "03"

  • "04"

  • "05"

  • "06"

  • "07"

  • "08"

  • "09"

  • "10"

  • "11"

  • "12"

  • "13"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "22"

  • "23"

  • "24"

  • "25"

  • "26"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

  • "32"

  • "33"

  • "34"

  • "35"

  • "36"

  • "37"

  • "38"

  • "39"

  • "40"

  • "41"

  • "42"

  • "43"

  • "44"

  • "45"

  • "46"

  • "47"

  • "48"

  • "49"

  • "50"

  • "51"

  • "52"

  • "53"

  • "54"

  • "55"

  • "56"

  • "57"

  • "58"

  • "59"

  • "60"

  • "61"

  • "62"

  • "63"

  • "64"

  • "65"

  • "66"

  • "67"

  • "68"

  • "69"

  • "70"

  • "71"

  • "72"

  • "73"

  • "74"

  • "75"

  • "76"

  • "77"

  • "78"

  • "79"

  • "80"

  • "81"

  • "82"

  • "83"

  • "84"

  • "85"

  • "86"

  • "87"

traffic_priority

string

Choose Type of Service

Choices:

  • "tos"

  • "dscp"

traffic_priority_level

string

Default system-wide level of priority for traffic prioritization.

Choices:

  • "high"

  • "medium"

  • "low"

two_factor_email_expiry

integer

Email-based two-factor authentication session timeout

two_factor_fac_expiry

integer

FortiAuthenticator token authentication session timeout

two_factor_ftk_expiry

integer

FortiToken authentication session timeout

two_factor_ftm_expiry

integer

FortiToken Mobile session timeout

two_factor_sms_expiry

integer

SMS-based two-factor authentication session timeout

udp_idle_timer

integer

UDP connection session timeout.

url_filter_affinity

string

URL filter CPU affinity.

url_filter_count

integer

URL filter daemon count.

user_device_store_max_devices

integer

Maximum number of devices allowed in user device store.

user_device_store_max_unified_mem

integer

Maximum unified memory allowed in user device store.

user_device_store_max_users

integer

Maximum number of users allowed in user device store.

user_history_password_threshold

integer

Maximum number of previous passwords saved per admin/user

user_server_cert

any

(list) Certificate to use for https user authentication.

vdom_mode

string

Enable/disable support for multiple virtual domains

Choices:

  • "no-vdom"

  • "multi-vdom"

  • "split-vdom"

vip_arp_range

string

Controls the number of ARPs that the FortiGate sends for a Virtual IP

Choices:

  • "restricted"

  • "unlimited"

virtual_server_count

integer

Maximum number of virtual server processes to create.

virtual_server_hardware_acceleration

string

Enable/disable virtual server hardware acceleration.

Choices:

  • "disable"

  • "enable"

virtual_switch_vlan

string

Enable/disable virtual switch VLAN.

Choices:

  • "disable"

  • "enable"

vpn_ems_sn_check

string

Enable/disable verification of EMS serial number in SSL-VPN connection.

Choices:

  • "disable"

  • "enable"

wad_affinity

string

Affinity setting for wad

wad_csvc_cs_count

integer

Number of concurrent WAD-cache-service object-cache processes.

wad_csvc_db_count

integer

Number of concurrent WAD-cache-service byte-cache processes.

wad_memory_change_granularity

integer

Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any act…

wad_restart_end_time

string

WAD workers daily restart end time

wad_restart_mode

string

WAD worker restart mode

Choices:

  • "none"

  • "time"

  • "memory"

wad_restart_start_time

string

WAD workers daily restart time

wad_source_affinity

string

Enable/disable dispatching traffic to WAD workers based on source affinity.

Choices:

  • "disable"

  • "enable"

wad_worker_count

integer

Number of explicit proxy WAN optimization daemon

wifi_ca_certificate

any

(list) CA certificate that verifies the WiFi certificate.

wifi_certificate

any

(list) Certificate to use for WiFi authentication.

wimax_4g_usb

string

Enable/disable comparability with WiMAX 4G USB devices.

Choices:

  • "disable"

  • "enable"

wireless_controller

string

Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.

Choices:

  • "disable"

  • "enable"

wireless_controller_port

integer

Port used for the control channel in wireless controller mode

wireless_mode

string

Wireless mode setting.

Choices:

  • "ac"

  • "client"

  • "wtp"

  • "fwfap"

xstools_update_frequency

integer

Xenserver tools daemon update frequency

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure global attributes.
      fortinet.fortimanager.fmgr_devprof_system_global:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        devprof: <your own value>
        devprof_system_global:
          admin_https_redirect: <value in [disable, enable]>
          admin_port: <integer>
          admin_scp: <value in [disable, enable]>
          admin_sport: <integer>
          admin_ssh_port: <integer>
          admin_ssh_v1: <value in [disable, enable]>
          admin_telnet_port: <integer>
          admintimeout: <integer>
          gui_ipv6: <value in [disable, enable]>
          gui_lines_per_page: <integer>
          gui_theme: <value in [blue, green, melongene, ...]>
          language: <value in [english, simch, japanese, ...]>
          switch_controller: <value in [disable, enable]>
          gui_device_latitude: <string>
          gui_device_longitude: <string>
          hostname: <string>
          timezone:
            - "00"
            - "01"
            - "02"
            - "03"
            - "04"
            - "05"
            - "06"
            - "07"
            - "08"
            - "09"
            - "10"
            - "11"
            - "12"
            - "13"
            - "14"
            - "15"
            - "16"
            - "17"
            - "18"
            - "19"
            - "20"
            - "21"
            - "22"
            - "23"
            - "24"
            - "25"
            - "26"
            - "27"
            - "28"
            - "29"
            - "30"
            - "31"
            - "32"
            - "33"
            - "34"
            - "35"
            - "36"
            - "37"
            - "38"
            - "39"
            - "40"
            - "41"
            - "42"
            - "43"
            - "44"
            - "45"
            - "46"
            - "47"
            - "48"
            - "49"
            - "50"
            - "51"
            - "52"
            - "53"
            - "54"
            - "55"
            - "56"
            - "57"
            - "58"
            - "59"
            - "60"
            - "61"
            - "62"
            - "63"
            - "64"
            - "65"
            - "66"
            - "67"
            - "68"
            - "69"
            - "70"
            - "71"
            - "72"
            - "73"
            - "74"
            - "75"
            - "76"
            - "77"
            - "78"
            - "79"
            - "80"
            - "81"
            - "82"
            - "83"
            - "84"
            - "85"
            - "86"
            - "87"
          check_reset_range: <value in [disable, strict]>
          pmtu_discovery: <value in [disable, enable]>
          gui_allow_incompatible_fabric_fgt: <value in [disable, enable]>
          admin_restrict_local: <value in [disable, enable, all, ...]>
          gui_workflow_management: <value in [disable, enable]>
          send_pmtu_icmp: <value in [disable, enable]>
          tcp_halfclose_timer: <integer>
          admin_server_cert: <list or string>
          dnsproxy_worker_count: <integer>
          show_backplane_intf: <value in [disable, enable]>
          gui_custom_language: <value in [disable, enable]>
          ldapconntimeout: <integer>
          auth_https_port: <integer>
          revision_backup_on_logout: <value in [disable, enable]>
          arp_max_entry: <integer>
          long_vdom_name: <value in [disable, enable]>
          pre_login_banner: <value in [disable, enable]>
          qsfpdd_split8_port: <list or string>
          max_route_cache_size: <integer>
          fortitoken_cloud_push_status: <value in [disable, enable]>
          ssh_hostkey_override: <value in [disable, enable]>
          proxy_hardware_acceleration: <value in [disable, enable]>
          switch_controller_reserved_network: <list or string>
          ssd_trim_date: <integer>
          wad_worker_count: <integer>
          ssh_hostkey: <string>
          wireless_controller_port: <integer>
          fgd_alert_subscription:
            - "advisory"
            - "latest-threat"
            - "latest-virus"
            - "latest-attack"
            - "new-antivirus-db"
            - "new-attack-db"
          forticontroller_proxy_port: <integer>
          dh_params: <value in [1024, 1536, 2048, ...]>
          memory_use_threshold_green: <integer>
          proxy_cert_use_mgmt_vdom: <value in [disable, enable]>
          proxy_auth_lifetime_timeout: <integer>
          gui_auto_upgrade_setup_warning: <value in [disable, enable]>
          gui_cdn_usage: <value in [disable, enable]>
          two_factor_email_expiry: <integer>
          udp_idle_timer: <integer>
          interface_subnet_usage: <value in [disable, enable]>
          forticontroller_proxy: <value in [disable, enable]>
          ssh_enc_algo:
            - "chacha20-poly1305@openssh.com"
            - "aes128-ctr"
            - "aes192-ctr"
            - "aes256-ctr"
            - "arcfour256"
            - "arcfour128"
            - "aes128-cbc"
            - "3des-cbc"
            - "blowfish-cbc"
            - "cast128-cbc"
            - "aes192-cbc"
            - "aes256-cbc"
            - "arcfour"
            - "rijndael-cbc@lysator.liu.se"
            - "aes128-gcm@openssh.com"
            - "aes256-gcm@openssh.com"
          block_session_timer: <integer>
          quic_pmtud: <value in [disable, enable]>
          admin_https_ssl_ciphersuites:
            - "TLS-AES-128-GCM-SHA256"
            - "TLS-AES-256-GCM-SHA384"
            - "TLS-CHACHA20-POLY1305-SHA256"
            - "TLS-AES-128-CCM-SHA256"
            - "TLS-AES-128-CCM-8-SHA256"
          security_rating_result_submission: <value in [disable, enable]>
          user_device_store_max_unified_mem: <integer>
          management_port: <integer>
          fortigslb_integration: <value in [disable, enable]>
          admin_https_ssl_versions:
            - "tlsv1-0"
            - "tlsv1-1"
            - "tlsv1-2"
            - "sslv3"
            - "tlsv1-3"
          cert_chain_max: <integer>
          qsfp28_40g_port: <list or string>
          strong_crypto: <value in [disable, enable]>
          multi_factor_authentication: <value in [optional, mandatory]>
          fds_statistics: <value in [disable, enable]>
          gui_display_hostname: <value in [disable, enable]>
          two_factor_ftk_expiry: <integer>
          wad_source_affinity: <value in [disable, enable]>
          ssl_static_key_ciphers: <value in [disable, enable]>
          daily_restart: <value in [disable, enable]>
          snat_route_change: <value in [disable, enable]>
          tcp_rst_timer: <integer>
          anti_replay: <value in [disable, loose, strict]>
          ssl_min_proto_version: <value in [TLSv1, TLSv1-1, TLSv1-2, ...]>
          speedtestd_server_port: <integer>
          cpu_use_threshold: <integer>
          admin_host: <string>
          csr_ca_attribute: <value in [disable, enable]>
          fortiservice_port: <integer>
          ssd_trim_hour: <integer>
          purdue_level: <value in [1, 2, 3, ...]>
          management_vdom: <list or string>
          quic_ack_thresold: <integer>
          qsfpdd_100g_port: <list or string>
          ips_affinity: <string>
          vip_arp_range: <value in [restricted, unlimited]>
          internet_service_database: <value in [mini, standard, full, ...]>
          revision_image_auto_backup: <value in [disable, enable]>
          sflowd_max_children_num: <integer>
          admin_https_pki_required: <value in [disable, enable]>
          special_file_23_support: <value in [disable, enable]>
          npu_neighbor_update: <value in [disable, enable]>
          log_single_cpu_high: <value in [disable, enable]>
          management_ip: <string>
          proxy_resource_mode: <value in [disable, enable]>
          admin_ble_button: <value in [disable, enable]>
          gui_firmware_upgrade_warning: <value in [disable, enable]>
          dp_tcp_normal_timer: <integer>
          ipv6_allow_traffic_redirect: <value in [disable, enable]>
          cli_audit_log: <value in [disable, enable]>
          memory_use_threshold_extreme: <integer>
          ha_affinity: <string>
          restart_time: <string>
          speedtestd_ctrl_port: <integer>
          gui_wireless_opensecurity: <value in [disable, enable]>
          memory_use_threshold_red: <integer>
          dp_fragment_timer: <integer>
          wad_restart_start_time: <string>
          proxy_re_authentication_time: <integer>
          gui_app_detection_sdwan: <value in [disable, enable]>
          scanunit_count: <integer>
          tftp: <value in [disable, enable]>
          xstools_update_frequency: <integer>
          clt_cert_req: <value in [disable, enable]>
          fortiextender_vlan_mode: <value in [disable, enable]>
          auth_http_port: <integer>
          per_user_bal: <value in [disable, enable]>
          gui_date_format: <value in [yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, ...]>
          log_uuid_address: <value in [disable, enable]>
          cloud_communication: <value in [disable, enable]>
          lldp_reception: <value in [disable, enable]>
          two_factor_ftm_expiry: <integer>
          quic_udp_payload_size_shaping_per_cid: <value in [disable, enable]>
          autorun_log_fsck: <value in [disable, enable]>
          vpn_ems_sn_check: <value in [disable, enable]>
          admin_ssh_password: <value in [disable, enable]>
          airplane_mode: <value in [disable, enable]>
          batch_cmdb: <value in [disable, enable]>
          ip_src_port_range: <list or string>
          strict_dirty_session_check: <value in [disable, enable]>
          user_device_store_max_devices: <integer>
          dp_udp_idle_timer: <integer>
          internal_switch_speed:
            - "auto"
            - "10full"
            - "10half"
            - "100full"
            - "100half"
            - "1000full"
            - "1000auto"
          forticonverter_config_upload: <value in [disable, once]>
          ipsec_round_robin: <value in [disable, enable]>
          wad_affinity: <string>
          wifi_ca_certificate: <list or string>
          wimax_4g_usb: <value in [disable, enable]>
          miglog_affinity: <string>
          faz_disk_buffer_size: <integer>
          ssh_kex_algo:
            - "diffie-hellman-group1-sha1"
            - "diffie-hellman-group14-sha1"
            - "diffie-hellman-group-exchange-sha1"
            - "diffie-hellman-group-exchange-sha256"
            - "curve25519-sha256@libssh.org"
            - "ecdh-sha2-nistp256"
            - "ecdh-sha2-nistp384"
            - "ecdh-sha2-nistp521"
            - "diffie-hellman-group14-sha256"
            - "diffie-hellman-group16-sha512"
            - "diffie-hellman-group18-sha512"
          auto_auth_extension_device: <value in [disable, enable]>
          forticarrier_bypass: <value in [disable, enable]>
          reset_sessionless_tcp: <value in [disable, enable]>
          early_tcp_npu_session: <value in [disable, enable]>
          http_unauthenticated_request_limit: <integer>
          gui_local_out: <value in [disable, enable]>
          tcp_option: <value in [disable, enable]>
          proxy_auth_timeout: <integer>
          fortiextender_discovery_lockdown: <value in [disable, enable]>
          lldp_transmission: <value in [disable, enable]>
          split_port: <list or string>
          gui_certificates: <value in [disable, enable]>
          cfg_save: <value in [automatic, manual, revert]>
          auth_keepalive: <value in [disable, enable]>
          split_port_mode:
            -
              interface: <string>
              split_mode: <value in [disable, 4x10G, 4x25G, ...]>
          admin_forticloud_sso_login: <value in [disable, enable]>
          post_login_banner: <value in [disable, enable]>
          br_fdb_max_entry: <integer>
          ip_fragment_mem_thresholds: <integer>
          fortiextender_provision_on_authorization: <value in [disable, enable]>
          reboot_upon_config_restore: <value in [disable, enable]>
          syslog_affinity: <string>
          fortiextender_data_port: <integer>
          quic_tls_handshake_timeout: <integer>
          forticonverter_integration: <value in [disable, enable]>
          proxy_keep_alive_mode: <value in [session, traffic, re-authentication]>
          cmdbsvr_affinity: <string>
          wad_memory_change_granularity: <integer>
          dhcp_lease_backup_interval: <integer>
          check_protocol_header: <value in [loose, strict]>
          av_failopen_session: <value in [disable, enable]>
          ipsec_ha_seqjump_rate: <integer>
          admin_hsts_max_age: <integer>
          igmp_state_limit: <integer>
          admin_login_max: <integer>
          ipv6_allow_multicast_probe: <value in [disable, enable]>
          virtual_switch_vlan: <value in [disable, enable]>
          admin_lockout_threshold: <integer>
          dp_pinhole_timer: <integer>
          wireless_controller: <value in [disable, enable]>
          bfd_affinity: <string>
          ssd_trim_freq: <value in [daily, weekly, monthly, ...]>
          two_factor_sms_expiry: <integer>
          traffic_priority: <value in [tos, dscp]>
          proxy_and_explicit_proxy: <value in [disable, enable]>
          sslvpn_web_mode: <value in [disable, enable]>
          ssh_hostkey_password: <list or string>
          wad_csvc_db_count: <integer>
          ipv6_allow_anycast_probe: <value in [disable, enable]>
          honor_df: <value in [disable, enable]>
          hyper_scale_vdom_num: <integer>
          wad_csvc_cs_count: <integer>
          internal_switch_mode: <value in [switch, interface, hub]>
          cfg_revert_timeout: <integer>
          admin_concurrent: <value in [disable, enable]>
          ipv6_allow_local_in_silent_drop: <value in [disable, enable]>
          tcp_halfopen_timer: <integer>
          dp_rsync_timer: <integer>
          management_port_use_admin_sport: <value in [disable, enable]>
          gui_forticare_registration_setup_warning: <value in [disable, enable]>
          gui_replacement_message_groups: <value in [disable, enable]>
          security_rating_run_on_schedule: <value in [disable, enable]>
          admin_lockout_duration: <integer>
          optimize_flow_mode: <value in [disable, enable]>
          private_data_encryption: <value in [disable, enable]>
          wireless_mode: <value in [ac, client, wtp, ...]>
          alias: <string>
          ssh_hostkey_algo:
            - "ssh-rsa"
            - "ecdsa-sha2-nistp521"
            - "rsa-sha2-256"
            - "rsa-sha2-512"
            - "ssh-ed25519"
            - "ecdsa-sha2-nistp384"
            - "ecdsa-sha2-nistp256"
          fortitoken_cloud: <value in [disable, enable]>
          av_affinity: <string>
          proxy_worker_count: <integer>
          ipsec_asic_offload: <value in [disable, enable]>
          miglogd_children: <integer>
          sslvpn_max_worker_count: <integer>
          ssh_mac_algo:
            - "hmac-md5"
            - "hmac-md5-etm@openssh.com"
            - "hmac-md5-96"
            - "hmac-md5-96-etm@openssh.com"
            - "hmac-sha1"
            - "hmac-sha1-etm@openssh.com"
            - "hmac-sha2-256"
            - "hmac-sha2-256-etm@openssh.com"
            - "hmac-sha2-512"
            - "hmac-sha2-512-etm@openssh.com"
            - "hmac-ripemd160"
            - "hmac-ripemd160@openssh.com"
            - "hmac-ripemd160-etm@openssh.com"
            - "umac-64@openssh.com"
            - "umac-128@openssh.com"
            - "umac-64-etm@openssh.com"
            - "umac-128-etm@openssh.com"
          url_filter_count: <integer>
          wifi_certificate: <list or string>
          radius_port: <integer>
          sys_perf_log_interval: <integer>
          gui_fortigate_cloud_sandbox: <value in [disable, enable]>
          auth_cert: <list or string>
          fortiextender: <value in [disable, enable]>
          admin_reset_button: <value in [disable, enable]>
          av_failopen: <value in [off, pass, one-shot, ...]>
          user_device_store_max_users: <integer>
          auth_session_limit: <value in [block-new, logout-inactive]>
          ipv6_allow_local_in_slient_drop: <value in [disable, enable]>
          quic_congestion_control_algo: <value in [cubic, bbr, bbr2, ...]>
          auth_ike_saml_port: <integer>
          wad_restart_end_time: <string>
          http_request_limit: <integer>
          irq_time_accounting: <value in [auto, force]>
          remoteauthtimeout: <integer>
          admin_https_ssl_banned_ciphers:
            - "RSA"
            - "DHE"
            - "ECDHE"
            - "DSS"
            - "ECDSA"
            - "AES"
            - "AESGCM"
            - "CAMELLIA"
            - "3DES"
            - "SHA1"
            - "SHA256"
            - "SHA384"
            - "STATIC"
            - "CHACHA20"
            - "ARIA"
            - "AESCCM"
          allow_traffic_redirect: <value in [disable, enable]>
          legacy_poe_device_support: <value in [disable, enable]>
          wad_restart_mode: <value in [none, time, memory]>
          fds_statistics_period: <integer>
          admin_telnet: <value in [disable, enable]>
          ipv6_accept_dad: <integer>
          tcp_timewait_timer: <integer>
          admin_console_timeout: <integer>
          default_service_source_port: <string>
          quic_max_datagram_size: <integer>
          refresh: <integer>
          extender_controller_reserved_network: <list or string>
          url_filter_affinity: <string>
          policy_auth_concurrent: <integer>
          ipsec_hmac_offload: <value in [disable, enable]>
          traffic_priority_level: <value in [high, medium, low]>
          ipsec_qat_offload: <value in [disable, enable]>
          ssd_trim_min: <integer>
          gui_date_time_source: <value in [system, browser]>
          log_ssl_connection: <value in [disable, enable]>
          ndp_max_entry: <integer>
          vdom_mode: <value in [no-vdom, multi-vdom, split-vdom]>
          internet_service_download_list: <list or string>
          fortitoken_cloud_sync_interval: <integer>
          ssd_trim_weekday: <value in [sunday, monday, tuesday, ...]>
          two_factor_fac_expiry: <integer>
          gui_rest_api_cache: <value in [disable, enable]>
          admin_forticloud_sso_default_profile: <list or string>
          proxy_auth_lifetime: <value in [disable, enable]>
          device_idle_timeout: <integer>
          login_timestamp: <value in [disable, enable]>
          speedtest_server: <value in [disable, enable]>
          edit_vdom_prompt: <value in [disable, enable]>
          gui_cdn_domain_override: <string>
          admin_ssh_grace_time: <integer>
          sslvpn_ems_sn_check: <value in [disable, enable]>
          user_server_cert: <list or string>
          gui_allow_default_hostname: <value in [disable, enable]>
          proxy_re_authentication_mode: <value in [session, traffic, absolute]>
          ipsec_soft_dec_async: <value in [disable, enable]>
          admin_maintainer: <value in [disable, enable]>
          dst: <value in [disable, enable]>
          fec_port: <integer>
          ssh_kex_sha1: <value in [disable, enable]>
          ssh_mac_weak: <value in [disable, enable]>
          sslvpn_cipher_hardware_acceleration: <value in [disable, enable]>
          sys_file_check_interval: <integer>
          ssh_hmac_md5: <value in [disable, enable]>
          ssh_cbc_cipher: <value in [disable, enable]>
          gui_fortiguard_resource_fetch: <value in [disable, enable]>
          sslvpn_kxp_hardware_acceleration: <value in [disable, enable]>
          sslvpn_plugin_version_check: <value in [disable, enable]>
          fortiipam_integration: <value in [disable, enable]>
          gui_firmware_upgrade_setup_warning: <value in [disable, enable]>
          log_uuid_policy: <value in [disable, enable]>
          per_user_bwl: <value in [disable, enable]>
          gui_fortisandbox_cloud: <value in [disable, enable]>
          fortitoken_cloud_service: <value in [disable, enable]>
          hw_switch_ether_filter: <value in [disable, enable]>
          virtual_server_count: <integer>
          endpoint_control_fds_access: <value in [disable, enable]>
          proxy_cipher_hardware_acceleration: <value in [disable, enable]>
          proxy_kxp_hardware_acceleration: <value in [disable, enable]>
          virtual_server_hardware_acceleration: <value in [disable, enable]>
          user_history_password_threshold: <integer>
          delay_tcp_npu_session: <value in [disable, enable]>
          auth_session_auto_backup_interval: <value in [1min, 5min, 15min, ...]>
          ip_conflict_detection: <value in [disable, enable]>
          gtpu_dynamic_source_port: <value in [disable, enable]>
          ip_fragment_timeout: <integer>
          ipv6_fragment_timeout: <integer>
          scim_server_cert: <list or string>
          scim_http_port: <integer>
          auth_session_auto_backup: <value in [disable, enable]>
          scim_https_port: <integer>
          httpd_max_worker_count: <integer>
          rest_api_key_url_query: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)