1#!/usr/bin/python 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_system_interface 27short_description: Configure interfaces in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify system feature and interface category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.5 33version_added: "2.8" 34author: 35 - Miguel Angel Munoz (@mamunozgonzalez) 36 - Nicolas Thomas (@thomnico) 37notes: 38 - Requires fortiosapi library developed by Fortinet 39 - Run as a local_action in your playbook 40requirements: 41 - fortiosapi>=0.9.8 42options: 43 host: 44 description: 45 - FortiOS or FortiGate IP address. 46 type: str 47 required: false 48 username: 49 description: 50 - FortiOS or FortiGate username. 51 type: str 52 required: false 53 password: 54 description: 55 - FortiOS or FortiGate password. 56 type: str 57 default: "" 58 vdom: 59 description: 60 - Virtual domain, among those defined previously. A vdom is a 61 virtual instance of the FortiGate that can be configured and 62 used as a different unit. 63 type: str 64 default: root 65 https: 66 description: 67 - Indicates if the requests towards FortiGate must use HTTPS protocol. 68 type: bool 69 default: true 70 ssl_verify: 71 description: 72 - Ensures FortiGate certificate must be verified by a proper CA. 73 type: bool 74 default: true 75 version_added: 2.9 76 state: 77 description: 78 - Indicates whether to create or remove the object. 79 This attribute was present already in previous version in a deeper level. 80 It has been moved out to this outer level. 81 type: str 82 required: false 83 choices: 84 - present 85 - absent 86 version_added: 2.9 87 system_interface: 88 description: 89 - Configure interfaces. 90 default: null 91 type: dict 92 suboptions: 93 state: 94 description: 95 - B(Deprecated) 96 - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. 97 - HORIZONTALLINE 98 - Indicates whether to create or remove the object. 99 type: str 100 required: false 101 choices: 102 - present 103 - absent 104 ac_name: 105 description: 106 - PPPoE server name. 107 type: str 108 aggregate: 109 description: 110 - Aggregate interface. 111 type: str 112 algorithm: 113 description: 114 - Frame distribution algorithm. 115 type: str 116 choices: 117 - L2 118 - L3 119 - L4 120 alias: 121 description: 122 - Alias will be displayed with the interface name to make it easier to distinguish. 123 type: str 124 allowaccess: 125 description: 126 - Permitted types of management access to this interface. 127 type: list 128 choices: 129 - ping 130 - https 131 - ssh 132 - snmp 133 - http 134 - telnet 135 - fgfm 136 - radius-acct 137 - probe-response 138 - capwap 139 - ftm 140 ap_discover: 141 description: 142 - Enable/disable automatic registration of unknown FortiAP devices. 143 type: str 144 choices: 145 - enable 146 - disable 147 arpforward: 148 description: 149 - Enable/disable ARP forwarding. 150 type: str 151 choices: 152 - enable 153 - disable 154 auth_type: 155 description: 156 - PPP authentication type to use. 157 type: str 158 choices: 159 - auto 160 - pap 161 - chap 162 - mschapv1 163 - mschapv2 164 auto_auth_extension_device: 165 description: 166 - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. 167 type: str 168 choices: 169 - enable 170 - disable 171 bfd: 172 description: 173 - Bidirectional Forwarding Detection (BFD) settings. 174 type: str 175 choices: 176 - global 177 - enable 178 - disable 179 bfd_desired_min_tx: 180 description: 181 - BFD desired minimal transmit interval. 182 type: int 183 bfd_detect_mult: 184 description: 185 - BFD detection multiplier. 186 type: int 187 bfd_required_min_rx: 188 description: 189 - BFD required minimal receive interval. 190 type: int 191 broadcast_forticlient_discovery: 192 description: 193 - Enable/disable broadcasting FortiClient discovery messages. 194 type: str 195 choices: 196 - enable 197 - disable 198 broadcast_forward: 199 description: 200 - Enable/disable broadcast forwarding. 201 type: str 202 choices: 203 - enable 204 - disable 205 captive_portal: 206 description: 207 - Enable/disable captive portal. 208 type: int 209 cli_conn_status: 210 description: 211 - CLI connection status. 212 type: int 213 color: 214 description: 215 - Color of icon on the GUI. 216 type: int 217 dedicated_to: 218 description: 219 - Configure interface for single purpose. 220 type: str 221 choices: 222 - none 223 - management 224 defaultgw: 225 description: 226 - Enable to get the gateway IP from the DHCP or PPPoE server. 227 type: str 228 choices: 229 - enable 230 - disable 231 description: 232 description: 233 - Description. 234 type: str 235 detected_peer_mtu: 236 description: 237 - MTU of detected peer (0 - 4294967295). 238 type: int 239 detectprotocol: 240 description: 241 - Protocols used to detect the server. 242 type: str 243 choices: 244 - ping 245 - tcp-echo 246 - udp-echo 247 detectserver: 248 description: 249 - Gateway's ping server for this IP. 250 type: str 251 device_access_list: 252 description: 253 - Device access list. 254 type: str 255 device_identification: 256 description: 257 - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. 258 type: str 259 choices: 260 - enable 261 - disable 262 device_identification_active_scan: 263 description: 264 - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. 265 type: str 266 choices: 267 - enable 268 - disable 269 device_netscan: 270 description: 271 - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. 272 type: str 273 choices: 274 - disable 275 - enable 276 device_user_identification: 277 description: 278 - Enable/disable passive gathering of user identity information about users on this interface. 279 type: str 280 choices: 281 - enable 282 - disable 283 devindex: 284 description: 285 - Device Index. 286 type: int 287 dhcp_client_identifier: 288 description: 289 - DHCP client identifier. 290 type: str 291 dhcp_relay_agent_option: 292 description: 293 - Enable/disable DHCP relay agent option. 294 type: str 295 choices: 296 - enable 297 - disable 298 dhcp_relay_ip: 299 description: 300 - DHCP relay IP address. 301 type: str 302 dhcp_relay_service: 303 description: 304 - Enable/disable allowing this interface to act as a DHCP relay. 305 type: str 306 choices: 307 - disable 308 - enable 309 dhcp_relay_type: 310 description: 311 - DHCP relay type (regular or IPsec). 312 type: str 313 choices: 314 - regular 315 - ipsec 316 dhcp_renew_time: 317 description: 318 - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. 319 type: int 320 disc_retry_timeout: 321 description: 322 - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. 323 type: int 324 disconnect_threshold: 325 description: 326 - Time in milliseconds to wait before sending a notification that this interface is down or disconnected. 327 type: int 328 distance: 329 description: 330 - Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. 331 type: int 332 dns_server_override: 333 description: 334 - Enable/disable use DNS acquired by DHCP or PPPoE. 335 type: str 336 choices: 337 - enable 338 - disable 339 drop_fragment: 340 description: 341 - Enable/disable drop fragment packets. 342 type: str 343 choices: 344 - enable 345 - disable 346 drop_overlapped_fragment: 347 description: 348 - Enable/disable drop overlapped fragment packets. 349 type: str 350 choices: 351 - enable 352 - disable 353 egress_shaping_profile: 354 description: 355 - Outgoing traffic shaping profile. 356 type: str 357 endpoint_compliance: 358 description: 359 - Enable/disable endpoint compliance enforcement. 360 type: str 361 choices: 362 - enable 363 - disable 364 estimated_downstream_bandwidth: 365 description: 366 - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. 367 type: int 368 estimated_upstream_bandwidth: 369 description: 370 - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. 371 type: int 372 explicit_ftp_proxy: 373 description: 374 - Enable/disable the explicit FTP proxy on this interface. 375 type: str 376 choices: 377 - enable 378 - disable 379 explicit_web_proxy: 380 description: 381 - Enable/disable the explicit web proxy on this interface. 382 type: str 383 choices: 384 - enable 385 - disable 386 external: 387 description: 388 - Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). 389 type: str 390 choices: 391 - enable 392 - disable 393 fail_action_on_extender: 394 description: 395 - Action on extender when interface fail . 396 type: str 397 choices: 398 - soft-restart 399 - hard-restart 400 - reboot 401 fail_alert_interfaces: 402 description: 403 - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. 404 type: list 405 suboptions: 406 name: 407 description: 408 - Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name. 409 required: true 410 type: str 411 fail_alert_method: 412 description: 413 - Select link-failed-signal or link-down method to alert about a failed link. 414 type: str 415 choices: 416 - link-failed-signal 417 - link-down 418 fail_detect: 419 description: 420 - Enable/disable fail detection features for this interface. 421 type: str 422 choices: 423 - enable 424 - disable 425 fail_detect_option: 426 description: 427 - Options for detecting that this interface has failed. 428 type: str 429 choices: 430 - detectserver 431 - link-down 432 fortiheartbeat: 433 description: 434 - Enable/disable FortiHeartBeat (FortiTelemetry on GUI). 435 type: str 436 choices: 437 - enable 438 - disable 439 fortilink: 440 description: 441 - Enable FortiLink to dedicate this interface to manage other Fortinet devices. 442 type: str 443 choices: 444 - enable 445 - disable 446 fortilink_backup_link: 447 description: 448 - fortilink split interface backup link. 449 type: int 450 fortilink_split_interface: 451 description: 452 - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 453 interfaces in the "members" command). 454 type: str 455 choices: 456 - enable 457 - disable 458 fortilink_stacking: 459 description: 460 - Enable/disable FortiLink switch-stacking on this interface. 461 type: str 462 choices: 463 - enable 464 - disable 465 forward_domain: 466 description: 467 - Transparent mode forward domain. 468 type: int 469 gwdetect: 470 description: 471 - Enable/disable detect gateway alive for first. 472 type: str 473 choices: 474 - enable 475 - disable 476 ha_priority: 477 description: 478 - HA election priority for the PING server. 479 type: int 480 icmp_accept_redirect: 481 description: 482 - Enable/disable ICMP accept redirect. 483 type: str 484 choices: 485 - enable 486 - disable 487 icmp_send_redirect: 488 description: 489 - Enable/disable ICMP send redirect. 490 type: str 491 choices: 492 - enable 493 - disable 494 ident_accept: 495 description: 496 - Enable/disable authentication for this interface. 497 type: str 498 choices: 499 - enable 500 - disable 501 idle_timeout: 502 description: 503 - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. 504 type: int 505 inbandwidth: 506 description: 507 - Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. 508 type: int 509 ingress_spillover_threshold: 510 description: 511 - Ingress Spillover threshold (0 - 16776000 kbps). 512 type: int 513 interface: 514 description: 515 - Interface name. Source system.interface.name. 516 type: str 517 internal: 518 description: 519 - Implicitly created. 520 type: int 521 ip: 522 description: 523 - "Interface IPv4 address and subnet mask, syntax: X.X.X.X/24." 524 type: str 525 ipmac: 526 description: 527 - Enable/disable IP/MAC binding. 528 type: str 529 choices: 530 - enable 531 - disable 532 ips_sniffer_mode: 533 description: 534 - Enable/disable the use of this interface as a one-armed sniffer. 535 type: str 536 choices: 537 - enable 538 - disable 539 ipunnumbered: 540 description: 541 - Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. 542 type: str 543 ipv6: 544 description: 545 - IPv6 of interface. 546 type: dict 547 suboptions: 548 autoconf: 549 description: 550 - Enable/disable address auto config. 551 type: str 552 choices: 553 - enable 554 - disable 555 dhcp6_client_options: 556 description: 557 - DHCPv6 client options. 558 type: str 559 choices: 560 - rapid 561 - iapd 562 - iana 563 dhcp6_information_request: 564 description: 565 - Enable/disable DHCPv6 information request. 566 type: str 567 choices: 568 - enable 569 - disable 570 dhcp6_prefix_delegation: 571 description: 572 - Enable/disable DHCPv6 prefix delegation. 573 type: str 574 choices: 575 - enable 576 - disable 577 dhcp6_prefix_hint: 578 description: 579 - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. 580 type: str 581 dhcp6_prefix_hint_plt: 582 description: 583 - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. 584 type: int 585 dhcp6_prefix_hint_vlt: 586 description: 587 - DHCPv6 prefix hint valid life time (sec). 588 type: int 589 dhcp6_relay_ip: 590 description: 591 - DHCPv6 relay IP address. 592 type: str 593 dhcp6_relay_service: 594 description: 595 - Enable/disable DHCPv6 relay. 596 type: str 597 choices: 598 - disable 599 - enable 600 dhcp6_relay_type: 601 description: 602 - DHCPv6 relay type. 603 type: str 604 choices: 605 - regular 606 ip6_address: 607 description: 608 - "Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx" 609 type: str 610 ip6_allowaccess: 611 description: 612 - Allow management access to the interface. 613 type: list 614 choices: 615 - ping 616 - https 617 - ssh 618 - snmp 619 - http 620 - telnet 621 - fgfm 622 - capwap 623 ip6_default_life: 624 description: 625 - Default life (sec). 626 type: int 627 ip6_delegated_prefix_list: 628 description: 629 - Advertised IPv6 delegated prefix list. 630 type: list 631 suboptions: 632 autonomous_flag: 633 description: 634 - Enable/disable the autonomous flag. 635 type: str 636 choices: 637 - enable 638 - disable 639 onlink_flag: 640 description: 641 - Enable/disable the onlink flag. 642 type: str 643 choices: 644 - enable 645 - disable 646 prefix_id: 647 description: 648 - Prefix ID. 649 type: int 650 rdnss: 651 description: 652 - Recursive DNS server option. 653 type: str 654 rdnss_service: 655 description: 656 - Recursive DNS service option. 657 type: str 658 choices: 659 - delegated 660 - default 661 - specify 662 subnet: 663 description: 664 - Add subnet ID to routing prefix. 665 type: str 666 upstream_interface: 667 description: 668 - Name of the interface that provides delegated information. Source system.interface.name. 669 type: str 670 ip6_dns_server_override: 671 description: 672 - Enable/disable using the DNS server acquired by DHCP. 673 type: str 674 choices: 675 - enable 676 - disable 677 ip6_extra_addr: 678 description: 679 - Extra IPv6 address prefixes of interface. 680 type: list 681 suboptions: 682 prefix: 683 description: 684 - IPv6 address prefix. 685 required: true 686 type: str 687 ip6_hop_limit: 688 description: 689 - Hop limit (0 means unspecified). 690 type: int 691 ip6_link_mtu: 692 description: 693 - IPv6 link MTU. 694 type: int 695 ip6_manage_flag: 696 description: 697 - Enable/disable the managed flag. 698 type: str 699 choices: 700 - enable 701 - disable 702 ip6_max_interval: 703 description: 704 - IPv6 maximum interval (4 to 1800 sec). 705 type: int 706 ip6_min_interval: 707 description: 708 - IPv6 minimum interval (3 to 1350 sec). 709 type: int 710 ip6_mode: 711 description: 712 - Addressing mode (static, DHCP, delegated). 713 type: str 714 choices: 715 - static 716 - dhcp 717 - pppoe 718 - delegated 719 ip6_other_flag: 720 description: 721 - Enable/disable the other IPv6 flag. 722 type: str 723 choices: 724 - enable 725 - disable 726 ip6_prefix_list: 727 description: 728 - Advertised prefix list. 729 type: list 730 suboptions: 731 autonomous_flag: 732 description: 733 - Enable/disable the autonomous flag. 734 type: str 735 choices: 736 - enable 737 - disable 738 dnssl: 739 description: 740 - DNS search list option. 741 type: list 742 suboptions: 743 domain: 744 description: 745 - Domain name. 746 required: true 747 type: str 748 onlink_flag: 749 description: 750 - Enable/disable the onlink flag. 751 type: str 752 choices: 753 - enable 754 - disable 755 preferred_life_time: 756 description: 757 - Preferred life time (sec). 758 type: int 759 prefix: 760 description: 761 - IPv6 prefix. 762 required: true 763 type: str 764 rdnss: 765 description: 766 - Recursive DNS server option. 767 type: str 768 valid_life_time: 769 description: 770 - Valid life time (sec). 771 type: int 772 ip6_reachable_time: 773 description: 774 - IPv6 reachable time (milliseconds; 0 means unspecified). 775 type: int 776 ip6_retrans_time: 777 description: 778 - IPv6 retransmit time (milliseconds; 0 means unspecified). 779 type: int 780 ip6_send_adv: 781 description: 782 - Enable/disable sending advertisements about the interface. 783 type: str 784 choices: 785 - enable 786 - disable 787 ip6_subnet: 788 description: 789 - " Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx" 790 type: str 791 ip6_upstream_interface: 792 description: 793 - Interface name providing delegated information. Source system.interface.name. 794 type: str 795 nd_cert: 796 description: 797 - Neighbor discovery certificate. Source certificate.local.name. 798 type: str 799 nd_cga_modifier: 800 description: 801 - Neighbor discovery CGA modifier. 802 type: str 803 nd_mode: 804 description: 805 - Neighbor discovery mode. 806 type: str 807 choices: 808 - basic 809 - SEND-compatible 810 nd_security_level: 811 description: 812 - Neighbor discovery security level (0 - 7; 0 = least secure). 813 type: int 814 nd_timestamp_delta: 815 description: 816 - Neighbor discovery timestamp delta value (1 - 3600 sec; ). 817 type: int 818 nd_timestamp_fuzz: 819 description: 820 - Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). 821 type: int 822 vrip6_link_local: 823 description: 824 - Link-local IPv6 address of virtual router. 825 type: str 826 vrrp_virtual_mac6: 827 description: 828 - Enable/disable virtual MAC for VRRP. 829 type: str 830 choices: 831 - enable 832 - disable 833 vrrp6: 834 description: 835 - IPv6 VRRP configuration. 836 type: list 837 suboptions: 838 accept_mode: 839 description: 840 - Enable/disable accept mode. 841 type: str 842 choices: 843 - enable 844 - disable 845 adv_interval: 846 description: 847 - Advertisement interval (1 - 255 seconds). 848 type: int 849 preempt: 850 description: 851 - Enable/disable preempt mode. 852 type: str 853 choices: 854 - enable 855 - disable 856 priority: 857 description: 858 - Priority of the virtual router (1 - 255). 859 type: int 860 start_time: 861 description: 862 - Startup time (1 - 255 seconds). 863 type: int 864 status: 865 description: 866 - Enable/disable VRRP. 867 type: str 868 choices: 869 - enable 870 - disable 871 vrdst6: 872 description: 873 - Monitor the route to this destination. 874 type: str 875 vrgrp: 876 description: 877 - VRRP group ID (1 - 65535). 878 type: int 879 vrid: 880 description: 881 - Virtual router identifier (1 - 255). 882 required: true 883 type: int 884 vrip6: 885 description: 886 - IPv6 address of the virtual router. 887 type: str 888 l2forward: 889 description: 890 - Enable/disable l2 forwarding. 891 type: str 892 choices: 893 - enable 894 - disable 895 lacp_ha_slave: 896 description: 897 - LACP HA slave. 898 type: str 899 choices: 900 - enable 901 - disable 902 lacp_mode: 903 description: 904 - LACP mode. 905 type: str 906 choices: 907 - static 908 - passive 909 - active 910 lacp_speed: 911 description: 912 - How often the interface sends LACP messages. 913 type: str 914 choices: 915 - slow 916 - fast 917 lcp_echo_interval: 918 description: 919 - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. 920 type: int 921 lcp_max_echo_fails: 922 description: 923 - Maximum missed LCP echo messages before disconnect. 924 type: int 925 link_up_delay: 926 description: 927 - Number of milliseconds to wait before considering a link is up. 928 type: int 929 lldp_transmission: 930 description: 931 - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. 932 type: str 933 choices: 934 - enable 935 - disable 936 - vdom 937 macaddr: 938 description: 939 - Change the interface's MAC address. 940 type: str 941 managed_device: 942 description: 943 - Available when FortiLink is enabled, used for managed devices through FortiLink interface. 944 type: list 945 suboptions: 946 name: 947 description: 948 - Managed dev identifier. 949 required: true 950 type: str 951 management_ip: 952 description: 953 - High Availability in-band management IP address of this interface. 954 type: str 955 member: 956 description: 957 - Physical interfaces that belong to the aggregate or redundant interface. 958 type: list 959 suboptions: 960 interface_name: 961 description: 962 - Physical interface name. Source system.interface.name. 963 type: str 964 min_links: 965 description: 966 - Minimum number of aggregated ports that must be up. 967 type: int 968 min_links_down: 969 description: 970 - Action to take when less than the configured minimum number of links are active. 971 type: str 972 choices: 973 - operational 974 - administrative 975 mode: 976 description: 977 - Addressing mode (static, DHCP, PPPoE). 978 type: str 979 choices: 980 - static 981 - dhcp 982 - pppoe 983 mtu: 984 description: 985 - MTU value for this interface. 986 type: int 987 mtu_override: 988 description: 989 - Enable to set a custom MTU for this interface. 990 type: str 991 choices: 992 - enable 993 - disable 994 name: 995 description: 996 - Name. 997 required: true 998 type: str 999 ndiscforward: 1000 description: 1001 - Enable/disable NDISC forwarding. 1002 type: str 1003 choices: 1004 - enable 1005 - disable 1006 netbios_forward: 1007 description: 1008 - Enable/disable NETBIOS forwarding. 1009 type: str 1010 choices: 1011 - disable 1012 - enable 1013 netflow_sampler: 1014 description: 1015 - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). 1016 type: str 1017 choices: 1018 - disable 1019 - tx 1020 - rx 1021 - both 1022 outbandwidth: 1023 description: 1024 - Bandwidth limit for outgoing traffic (0 - 16776000 kbps). 1025 type: int 1026 padt_retry_timeout: 1027 description: 1028 - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. 1029 type: int 1030 password: 1031 description: 1032 - PPPoE account's password. 1033 type: str 1034 ping_serv_status: 1035 description: 1036 - PING server status. 1037 type: int 1038 polling_interval: 1039 description: 1040 - sFlow polling interval (1 - 255 sec). 1041 type: int 1042 pppoe_unnumbered_negotiate: 1043 description: 1044 - Enable/disable PPPoE unnumbered negotiation. 1045 type: str 1046 choices: 1047 - enable 1048 - disable 1049 pptp_auth_type: 1050 description: 1051 - PPTP authentication type. 1052 type: str 1053 choices: 1054 - auto 1055 - pap 1056 - chap 1057 - mschapv1 1058 - mschapv2 1059 pptp_client: 1060 description: 1061 - Enable/disable PPTP client. 1062 type: str 1063 choices: 1064 - enable 1065 - disable 1066 pptp_password: 1067 description: 1068 - PPTP password. 1069 type: str 1070 pptp_server_ip: 1071 description: 1072 - PPTP server IP address. 1073 type: str 1074 pptp_timeout: 1075 description: 1076 - Idle timer in minutes (0 for disabled). 1077 type: int 1078 pptp_user: 1079 description: 1080 - PPTP user name. 1081 type: str 1082 preserve_session_route: 1083 description: 1084 - Enable/disable preservation of session route when dirty. 1085 type: str 1086 choices: 1087 - enable 1088 - disable 1089 priority: 1090 description: 1091 - Priority of learned routes. 1092 type: int 1093 priority_override: 1094 description: 1095 - Enable/disable fail back to higher priority port once recovered. 1096 type: str 1097 choices: 1098 - enable 1099 - disable 1100 proxy_captive_portal: 1101 description: 1102 - Enable/disable proxy captive portal on this interface. 1103 type: str 1104 choices: 1105 - enable 1106 - disable 1107 redundant_interface: 1108 description: 1109 - Redundant interface. 1110 type: str 1111 remote_ip: 1112 description: 1113 - Remote IP address of tunnel. 1114 type: str 1115 replacemsg_override_group: 1116 description: 1117 - Replacement message override group. 1118 type: str 1119 role: 1120 description: 1121 - Interface role. 1122 type: str 1123 choices: 1124 - lan 1125 - wan 1126 - dmz 1127 - undefined 1128 sample_direction: 1129 description: 1130 - Data that NetFlow collects (rx, tx, or both). 1131 type: str 1132 choices: 1133 - tx 1134 - rx 1135 - both 1136 sample_rate: 1137 description: 1138 - sFlow sample rate (10 - 99999). 1139 type: int 1140 scan_botnet_connections: 1141 description: 1142 - Enable monitoring or blocking connections to Botnet servers through this interface. 1143 type: str 1144 choices: 1145 - disable 1146 - block 1147 - monitor 1148 secondary_IP: 1149 description: 1150 - Enable/disable adding a secondary IP to this interface. 1151 type: str 1152 choices: 1153 - enable 1154 - disable 1155 secondaryip: 1156 description: 1157 - Second IP address of interface. 1158 type: list 1159 suboptions: 1160 allowaccess: 1161 description: 1162 - Management access settings for the secondary IP address. 1163 type: str 1164 choices: 1165 - ping 1166 - https 1167 - ssh 1168 - snmp 1169 - http 1170 - telnet 1171 - fgfm 1172 - radius-acct 1173 - probe-response 1174 - capwap 1175 - ftm 1176 detectprotocol: 1177 description: 1178 - Protocols used to detect the server. 1179 type: str 1180 choices: 1181 - ping 1182 - tcp-echo 1183 - udp-echo 1184 detectserver: 1185 description: 1186 - Gateway's ping server for this IP. 1187 type: str 1188 gwdetect: 1189 description: 1190 - Enable/disable detect gateway alive for first. 1191 type: str 1192 choices: 1193 - enable 1194 - disable 1195 ha_priority: 1196 description: 1197 - HA election priority for the PING server. 1198 type: int 1199 id: 1200 description: 1201 - ID. 1202 required: true 1203 type: int 1204 ip: 1205 description: 1206 - Secondary IP address of the interface. 1207 type: str 1208 ping_serv_status: 1209 description: 1210 - PING server status. 1211 type: int 1212 security_exempt_list: 1213 description: 1214 - Name of security-exempt-list. 1215 type: str 1216 security_external_logout: 1217 description: 1218 - URL of external authentication logout server. 1219 type: str 1220 security_external_web: 1221 description: 1222 - URL of external authentication web server. 1223 type: str 1224 security_groups: 1225 description: 1226 - User groups that can authenticate with the captive portal. 1227 type: list 1228 suboptions: 1229 name: 1230 description: 1231 - Names of user groups that can authenticate with the captive portal. 1232 required: true 1233 type: str 1234 security_mac_auth_bypass: 1235 description: 1236 - Enable/disable MAC authentication bypass. 1237 type: str 1238 choices: 1239 - enable 1240 - disable 1241 security_mode: 1242 description: 1243 - Turn on captive portal authentication for this interface. 1244 type: str 1245 choices: 1246 - none 1247 - captive-portal 1248 - 802.1X 1249 security_redirect_url: 1250 description: 1251 - URL redirection after disclaimer/authentication. 1252 type: str 1253 service_name: 1254 description: 1255 - PPPoE service name. 1256 type: str 1257 sflow_sampler: 1258 description: 1259 - Enable/disable sFlow on this interface. 1260 type: str 1261 choices: 1262 - enable 1263 - disable 1264 snmp_index: 1265 description: 1266 - Permanent SNMP Index of the interface. 1267 type: int 1268 speed: 1269 description: 1270 - Interface speed. The default setting and the options available depend on the interface hardware. 1271 type: str 1272 choices: 1273 - auto 1274 - 10full 1275 - 10half 1276 - 100full 1277 - 100half 1278 - 1000full 1279 - 1000half 1280 - 1000auto 1281 spillover_threshold: 1282 description: 1283 - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. 1284 type: int 1285 src_check: 1286 description: 1287 - Enable/disable source IP check. 1288 type: str 1289 choices: 1290 - enable 1291 - disable 1292 status: 1293 description: 1294 - Bring the interface up or shut the interface down. 1295 type: str 1296 choices: 1297 - up 1298 - down 1299 stpforward: 1300 description: 1301 - Enable/disable STP forwarding. 1302 type: str 1303 choices: 1304 - enable 1305 - disable 1306 stpforward_mode: 1307 description: 1308 - Configure STP forwarding mode. 1309 type: str 1310 choices: 1311 - rpl-all-ext-id 1312 - rpl-bridge-ext-id 1313 - rpl-nothing 1314 subst: 1315 description: 1316 - Enable to always send packets from this interface to a destination MAC address. 1317 type: str 1318 choices: 1319 - enable 1320 - disable 1321 substitute_dst_mac: 1322 description: 1323 - Destination MAC address that all packets are sent to from this interface. 1324 type: str 1325 switch: 1326 description: 1327 - Contained in switch. 1328 type: str 1329 switch_controller_access_vlan: 1330 description: 1331 - Block FortiSwitch port-to-port traffic. 1332 type: str 1333 choices: 1334 - enable 1335 - disable 1336 switch_controller_arp_inspection: 1337 description: 1338 - Enable/disable FortiSwitch ARP inspection. 1339 type: str 1340 choices: 1341 - enable 1342 - disable 1343 switch_controller_dhcp_snooping: 1344 description: 1345 - Switch controller DHCP snooping. 1346 type: str 1347 choices: 1348 - enable 1349 - disable 1350 switch_controller_dhcp_snooping_option82: 1351 description: 1352 - Switch controller DHCP snooping option82. 1353 type: str 1354 choices: 1355 - enable 1356 - disable 1357 switch_controller_dhcp_snooping_verify_mac: 1358 description: 1359 - Switch controller DHCP snooping verify MAC. 1360 type: str 1361 choices: 1362 - enable 1363 - disable 1364 switch_controller_igmp_snooping: 1365 description: 1366 - Switch controller IGMP snooping. 1367 type: str 1368 choices: 1369 - enable 1370 - disable 1371 switch_controller_learning_limit: 1372 description: 1373 - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). 1374 type: int 1375 tagging: 1376 description: 1377 - Config object tagging. 1378 type: list 1379 suboptions: 1380 category: 1381 description: 1382 - Tag category. Source system.object-tagging.category. 1383 type: str 1384 name: 1385 description: 1386 - Tagging entry name. 1387 required: true 1388 type: str 1389 tags: 1390 description: 1391 - Tags. 1392 type: list 1393 suboptions: 1394 name: 1395 description: 1396 - Tag name. Source system.object-tagging.tags.name. 1397 required: true 1398 type: str 1399 tcp_mss: 1400 description: 1401 - TCP maximum segment size. 0 means do not change segment size. 1402 type: int 1403 trust_ip_1: 1404 description: 1405 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). 1406 type: str 1407 trust_ip_2: 1408 description: 1409 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). 1410 type: str 1411 trust_ip_3: 1412 description: 1413 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). 1414 type: str 1415 trust_ip6_1: 1416 description: 1417 - "Trusted IPv6 host for dedicated management traffic (::/0 for all hosts)." 1418 type: str 1419 trust_ip6_2: 1420 description: 1421 - "Trusted IPv6 host for dedicated management traffic (::/0 for all hosts)." 1422 type: str 1423 trust_ip6_3: 1424 description: 1425 - "Trusted IPv6 host for dedicated management traffic (::/0 for all hosts)." 1426 type: str 1427 type: 1428 description: 1429 - Interface type. 1430 type: str 1431 choices: 1432 - physical 1433 - vlan 1434 - aggregate 1435 - redundant 1436 - tunnel 1437 - vdom-link 1438 - loopback 1439 - switch 1440 - hard-switch 1441 - vap-switch 1442 - wl-mesh 1443 - fext-wan 1444 - vxlan 1445 - hdlc 1446 - switch-vlan 1447 username: 1448 description: 1449 - Username of the PPPoE account, provided by your ISP. 1450 type: str 1451 vdom: 1452 description: 1453 - Interface is in this virtual domain (VDOM). Source system.vdom.name. 1454 type: str 1455 vindex: 1456 description: 1457 - Switch control interface VLAN ID. 1458 type: int 1459 vlanforward: 1460 description: 1461 - Enable/disable traffic forwarding between VLANs on this interface. 1462 type: str 1463 choices: 1464 - enable 1465 - disable 1466 vlanid: 1467 description: 1468 - VLAN ID (1 - 4094). 1469 type: int 1470 vrf: 1471 description: 1472 - Virtual Routing Forwarding ID. 1473 type: int 1474 vrrp: 1475 description: 1476 - VRRP configuration. 1477 type: list 1478 suboptions: 1479 accept_mode: 1480 description: 1481 - Enable/disable accept mode. 1482 type: str 1483 choices: 1484 - enable 1485 - disable 1486 adv_interval: 1487 description: 1488 - Advertisement interval (1 - 255 seconds). 1489 type: int 1490 ignore_default_route: 1491 description: 1492 - Enable/disable ignoring of default route when checking destination. 1493 type: str 1494 choices: 1495 - enable 1496 - disable 1497 preempt: 1498 description: 1499 - Enable/disable preempt mode. 1500 type: str 1501 choices: 1502 - enable 1503 - disable 1504 priority: 1505 description: 1506 - Priority of the virtual router (1 - 255). 1507 type: int 1508 proxy_arp: 1509 description: 1510 - VRRP Proxy ARP configuration. 1511 type: list 1512 suboptions: 1513 id: 1514 description: 1515 - ID. 1516 required: true 1517 type: int 1518 ip: 1519 description: 1520 - Set IP addresses of proxy ARP. 1521 type: str 1522 start_time: 1523 description: 1524 - Startup time (1 - 255 seconds). 1525 type: int 1526 status: 1527 description: 1528 - Enable/disable this VRRP configuration. 1529 type: str 1530 choices: 1531 - enable 1532 - disable 1533 version: 1534 description: 1535 - VRRP version. 1536 type: str 1537 choices: 1538 - 2 1539 - 3 1540 vrdst: 1541 description: 1542 - Monitor the route to this destination. 1543 type: str 1544 vrdst_priority: 1545 description: 1546 - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). 1547 type: int 1548 vrgrp: 1549 description: 1550 - VRRP group ID (1 - 65535). 1551 type: int 1552 vrid: 1553 description: 1554 - Virtual router identifier (1 - 255). 1555 required: true 1556 type: int 1557 vrip: 1558 description: 1559 - IP address of the virtual router. 1560 type: str 1561 vrrp_virtual_mac: 1562 description: 1563 - Enable/disable use of virtual MAC for VRRP. 1564 type: str 1565 choices: 1566 - enable 1567 - disable 1568 wccp: 1569 description: 1570 - Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. 1571 type: str 1572 choices: 1573 - enable 1574 - disable 1575 weight: 1576 description: 1577 - Default weight for static routes (if route has no weight configured). 1578 type: int 1579 wins_ip: 1580 description: 1581 - WINS server IP. 1582 type: str 1583''' 1584 1585EXAMPLES = ''' 1586- hosts: localhost 1587 vars: 1588 host: "192.168.122.40" 1589 username: "admin" 1590 password: "" 1591 vdom: "root" 1592 ssl_verify: "False" 1593 tasks: 1594 - name: Configure interfaces. 1595 fortios_system_interface: 1596 host: "{{ host }}" 1597 username: "{{ username }}" 1598 password: "{{ password }}" 1599 vdom: "{{ vdom }}" 1600 https: "False" 1601 state: "present" 1602 system_interface: 1603 ac_name: "<your_own_value>" 1604 aggregate: "<your_own_value>" 1605 algorithm: "L2" 1606 alias: "<your_own_value>" 1607 allowaccess: "ping" 1608 ap_discover: "enable" 1609 arpforward: "enable" 1610 auth_type: "auto" 1611 auto_auth_extension_device: "enable" 1612 bfd: "global" 1613 bfd_desired_min_tx: "13" 1614 bfd_detect_mult: "14" 1615 bfd_required_min_rx: "15" 1616 broadcast_forticlient_discovery: "enable" 1617 broadcast_forward: "enable" 1618 captive_portal: "18" 1619 cli_conn_status: "19" 1620 color: "20" 1621 dedicated_to: "none" 1622 defaultgw: "enable" 1623 description: "<your_own_value>" 1624 detected_peer_mtu: "24" 1625 detectprotocol: "ping" 1626 detectserver: "<your_own_value>" 1627 device_access_list: "<your_own_value>" 1628 device_identification: "enable" 1629 device_identification_active_scan: "enable" 1630 device_netscan: "disable" 1631 device_user_identification: "enable" 1632 devindex: "32" 1633 dhcp_client_identifier: "myId_33" 1634 dhcp_relay_agent_option: "enable" 1635 dhcp_relay_ip: "<your_own_value>" 1636 dhcp_relay_service: "disable" 1637 dhcp_relay_type: "regular" 1638 dhcp_renew_time: "38" 1639 disc_retry_timeout: "39" 1640 disconnect_threshold: "40" 1641 distance: "41" 1642 dns_server_override: "enable" 1643 drop_fragment: "enable" 1644 drop_overlapped_fragment: "enable" 1645 egress_shaping_profile: "<your_own_value>" 1646 endpoint_compliance: "enable" 1647 estimated_downstream_bandwidth: "47" 1648 estimated_upstream_bandwidth: "48" 1649 explicit_ftp_proxy: "enable" 1650 explicit_web_proxy: "enable" 1651 external: "enable" 1652 fail_action_on_extender: "soft-restart" 1653 fail_alert_interfaces: 1654 - 1655 name: "default_name_54 (source system.interface.name)" 1656 fail_alert_method: "link-failed-signal" 1657 fail_detect: "enable" 1658 fail_detect_option: "detectserver" 1659 fortiheartbeat: "enable" 1660 fortilink: "enable" 1661 fortilink_backup_link: "60" 1662 fortilink_split_interface: "enable" 1663 fortilink_stacking: "enable" 1664 forward_domain: "63" 1665 gwdetect: "enable" 1666 ha_priority: "65" 1667 icmp_accept_redirect: "enable" 1668 icmp_send_redirect: "enable" 1669 ident_accept: "enable" 1670 idle_timeout: "69" 1671 inbandwidth: "70" 1672 ingress_spillover_threshold: "71" 1673 interface: "<your_own_value> (source system.interface.name)" 1674 internal: "73" 1675 ip: "<your_own_value>" 1676 ipmac: "enable" 1677 ips_sniffer_mode: "enable" 1678 ipunnumbered: "<your_own_value>" 1679 ipv6: 1680 autoconf: "enable" 1681 dhcp6_client_options: "rapid" 1682 dhcp6_information_request: "enable" 1683 dhcp6_prefix_delegation: "enable" 1684 dhcp6_prefix_hint: "<your_own_value>" 1685 dhcp6_prefix_hint_plt: "84" 1686 dhcp6_prefix_hint_vlt: "85" 1687 dhcp6_relay_ip: "<your_own_value>" 1688 dhcp6_relay_service: "disable" 1689 dhcp6_relay_type: "regular" 1690 ip6_address: "<your_own_value>" 1691 ip6_allowaccess: "ping" 1692 ip6_default_life: "91" 1693 ip6_delegated_prefix_list: 1694 - 1695 autonomous_flag: "enable" 1696 onlink_flag: "enable" 1697 prefix_id: "95" 1698 rdnss: "<your_own_value>" 1699 rdnss_service: "delegated" 1700 subnet: "<your_own_value>" 1701 upstream_interface: "<your_own_value> (source system.interface.name)" 1702 ip6_dns_server_override: "enable" 1703 ip6_extra_addr: 1704 - 1705 prefix: "<your_own_value>" 1706 ip6_hop_limit: "103" 1707 ip6_link_mtu: "104" 1708 ip6_manage_flag: "enable" 1709 ip6_max_interval: "106" 1710 ip6_min_interval: "107" 1711 ip6_mode: "static" 1712 ip6_other_flag: "enable" 1713 ip6_prefix_list: 1714 - 1715 autonomous_flag: "enable" 1716 dnssl: 1717 - 1718 domain: "<your_own_value>" 1719 onlink_flag: "enable" 1720 preferred_life_time: "115" 1721 prefix: "<your_own_value>" 1722 rdnss: "<your_own_value>" 1723 valid_life_time: "118" 1724 ip6_reachable_time: "119" 1725 ip6_retrans_time: "120" 1726 ip6_send_adv: "enable" 1727 ip6_subnet: "<your_own_value>" 1728 ip6_upstream_interface: "<your_own_value> (source system.interface.name)" 1729 nd_cert: "<your_own_value> (source certificate.local.name)" 1730 nd_cga_modifier: "<your_own_value>" 1731 nd_mode: "basic" 1732 nd_security_level: "127" 1733 nd_timestamp_delta: "128" 1734 nd_timestamp_fuzz: "129" 1735 vrip6_link_local: "<your_own_value>" 1736 vrrp_virtual_mac6: "enable" 1737 vrrp6: 1738 - 1739 accept_mode: "enable" 1740 adv_interval: "134" 1741 preempt: "enable" 1742 priority: "136" 1743 start_time: "137" 1744 status: "enable" 1745 vrdst6: "<your_own_value>" 1746 vrgrp: "140" 1747 vrid: "141" 1748 vrip6: "<your_own_value>" 1749 l2forward: "enable" 1750 lacp_ha_slave: "enable" 1751 lacp_mode: "static" 1752 lacp_speed: "slow" 1753 lcp_echo_interval: "147" 1754 lcp_max_echo_fails: "148" 1755 link_up_delay: "149" 1756 lldp_transmission: "enable" 1757 macaddr: "<your_own_value>" 1758 managed_device: 1759 - 1760 name: "default_name_153" 1761 management_ip: "<your_own_value>" 1762 member: 1763 - 1764 interface_name: "<your_own_value> (source system.interface.name)" 1765 min_links: "157" 1766 min_links_down: "operational" 1767 mode: "static" 1768 mtu: "160" 1769 mtu_override: "enable" 1770 name: "default_name_162" 1771 ndiscforward: "enable" 1772 netbios_forward: "disable" 1773 netflow_sampler: "disable" 1774 outbandwidth: "166" 1775 padt_retry_timeout: "167" 1776 password: "<your_own_value>" 1777 ping_serv_status: "169" 1778 polling_interval: "170" 1779 pppoe_unnumbered_negotiate: "enable" 1780 pptp_auth_type: "auto" 1781 pptp_client: "enable" 1782 pptp_password: "<your_own_value>" 1783 pptp_server_ip: "<your_own_value>" 1784 pptp_timeout: "176" 1785 pptp_user: "<your_own_value>" 1786 preserve_session_route: "enable" 1787 priority: "179" 1788 priority_override: "enable" 1789 proxy_captive_portal: "enable" 1790 redundant_interface: "<your_own_value>" 1791 remote_ip: "<your_own_value>" 1792 replacemsg_override_group: "<your_own_value>" 1793 role: "lan" 1794 sample_direction: "tx" 1795 sample_rate: "187" 1796 scan_botnet_connections: "disable" 1797 secondary_IP: "enable" 1798 secondaryip: 1799 - 1800 allowaccess: "ping" 1801 detectprotocol: "ping" 1802 detectserver: "<your_own_value>" 1803 gwdetect: "enable" 1804 ha_priority: "195" 1805 id: "196" 1806 ip: "<your_own_value>" 1807 ping_serv_status: "198" 1808 security_exempt_list: "<your_own_value>" 1809 security_external_logout: "<your_own_value>" 1810 security_external_web: "<your_own_value>" 1811 security_groups: 1812 - 1813 name: "default_name_203" 1814 security_mac_auth_bypass: "enable" 1815 security_mode: "none" 1816 security_redirect_url: "<your_own_value>" 1817 service_name: "<your_own_value>" 1818 sflow_sampler: "enable" 1819 snmp_index: "209" 1820 speed: "auto" 1821 spillover_threshold: "211" 1822 src_check: "enable" 1823 status: "up" 1824 stpforward: "enable" 1825 stpforward_mode: "rpl-all-ext-id" 1826 subst: "enable" 1827 substitute_dst_mac: "<your_own_value>" 1828 switch: "<your_own_value>" 1829 switch_controller_access_vlan: "enable" 1830 switch_controller_arp_inspection: "enable" 1831 switch_controller_dhcp_snooping: "enable" 1832 switch_controller_dhcp_snooping_option82: "enable" 1833 switch_controller_dhcp_snooping_verify_mac: "enable" 1834 switch_controller_igmp_snooping: "enable" 1835 switch_controller_learning_limit: "225" 1836 tagging: 1837 - 1838 category: "<your_own_value> (source system.object-tagging.category)" 1839 name: "default_name_228" 1840 tags: 1841 - 1842 name: "default_name_230 (source system.object-tagging.tags.name)" 1843 tcp_mss: "231" 1844 trust_ip_1: "<your_own_value>" 1845 trust_ip_2: "<your_own_value>" 1846 trust_ip_3: "<your_own_value>" 1847 trust_ip6_1: "<your_own_value>" 1848 trust_ip6_2: "<your_own_value>" 1849 trust_ip6_3: "<your_own_value>" 1850 type: "physical" 1851 username: "<your_own_value>" 1852 vdom: "<your_own_value> (source system.vdom.name)" 1853 vindex: "241" 1854 vlanforward: "enable" 1855 vlanid: "243" 1856 vrf: "244" 1857 vrrp: 1858 - 1859 accept_mode: "enable" 1860 adv_interval: "247" 1861 ignore_default_route: "enable" 1862 preempt: "enable" 1863 priority: "250" 1864 proxy_arp: 1865 - 1866 id: "252" 1867 ip: "<your_own_value>" 1868 start_time: "254" 1869 status: "enable" 1870 version: "2" 1871 vrdst: "<your_own_value>" 1872 vrdst_priority: "258" 1873 vrgrp: "259" 1874 vrid: "260" 1875 vrip: "<your_own_value>" 1876 vrrp_virtual_mac: "enable" 1877 wccp: "enable" 1878 weight: "264" 1879 wins_ip: "<your_own_value>" 1880''' 1881 1882RETURN = ''' 1883build: 1884 description: Build number of the fortigate image 1885 returned: always 1886 type: str 1887 sample: '1547' 1888http_method: 1889 description: Last method used to provision the content into FortiGate 1890 returned: always 1891 type: str 1892 sample: 'PUT' 1893http_status: 1894 description: Last result given by FortiGate on last operation applied 1895 returned: always 1896 type: str 1897 sample: "200" 1898mkey: 1899 description: Master key (id) used in the last call to FortiGate 1900 returned: success 1901 type: str 1902 sample: "id" 1903name: 1904 description: Name of the table used to fulfill the request 1905 returned: always 1906 type: str 1907 sample: "urlfilter" 1908path: 1909 description: Path of the table used to fulfill the request 1910 returned: always 1911 type: str 1912 sample: "webfilter" 1913revision: 1914 description: Internal revision number 1915 returned: always 1916 type: str 1917 sample: "17.0.2.10658" 1918serial: 1919 description: Serial number of the unit 1920 returned: always 1921 type: str 1922 sample: "FGVMEVYYQT3AB5352" 1923status: 1924 description: Indication of the operation's result 1925 returned: always 1926 type: str 1927 sample: "success" 1928vdom: 1929 description: Virtual domain used 1930 returned: always 1931 type: str 1932 sample: "root" 1933version: 1934 description: Version of the FortiGate 1935 returned: always 1936 type: str 1937 sample: "v5.6.3" 1938 1939''' 1940 1941from ansible.module_utils.basic import AnsibleModule 1942from ansible.module_utils.connection import Connection 1943from ansible.module_utils.network.fortios.fortios import FortiOSHandler 1944from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG 1945 1946 1947def login(data, fos): 1948 host = data['host'] 1949 username = data['username'] 1950 password = data['password'] 1951 ssl_verify = data['ssl_verify'] 1952 1953 fos.debug('on') 1954 if 'https' in data and not data['https']: 1955 fos.https('off') 1956 else: 1957 fos.https('on') 1958 1959 fos.login(host, username, password, verify=ssl_verify) 1960 1961 1962def filter_system_interface_data(json): 1963 option_list = ['ac_name', 'aggregate', 'algorithm', 1964 'alias', 'allowaccess', 'ap_discover', 1965 'arpforward', 'auth_type', 'auto_auth_extension_device', 1966 'bfd', 'bfd_desired_min_tx', 'bfd_detect_mult', 1967 'bfd_required_min_rx', 'broadcast_forticlient_discovery', 'broadcast_forward', 1968 'captive_portal', 'cli_conn_status', 'color', 1969 'dedicated_to', 'defaultgw', 'description', 1970 'detected_peer_mtu', 'detectprotocol', 'detectserver', 1971 'device_access_list', 'device_identification', 'device_identification_active_scan', 1972 'device_netscan', 'device_user_identification', 'devindex', 1973 'dhcp_client_identifier', 'dhcp_relay_agent_option', 'dhcp_relay_ip', 1974 'dhcp_relay_service', 'dhcp_relay_type', 'dhcp_renew_time', 1975 'disc_retry_timeout', 'disconnect_threshold', 'distance', 1976 'dns_server_override', 'drop_fragment', 'drop_overlapped_fragment', 1977 'egress_shaping_profile', 'endpoint_compliance', 'estimated_downstream_bandwidth', 1978 'estimated_upstream_bandwidth', 'explicit_ftp_proxy', 'explicit_web_proxy', 1979 'external', 'fail_action_on_extender', 'fail_alert_interfaces', 1980 'fail_alert_method', 'fail_detect', 'fail_detect_option', 1981 'fortiheartbeat', 'fortilink', 'fortilink_backup_link', 1982 'fortilink_split_interface', 'fortilink_stacking', 'forward_domain', 1983 'gwdetect', 'ha_priority', 'icmp_accept_redirect', 1984 'icmp_send_redirect', 'ident_accept', 'idle_timeout', 1985 'inbandwidth', 'ingress_spillover_threshold', 'interface', 1986 'internal', 'ip', 'ipmac', 1987 'ips_sniffer_mode', 'ipunnumbered', 'ipv6', 1988 'l2forward', 'lacp_ha_slave', 'lacp_mode', 1989 'lacp_speed', 'lcp_echo_interval', 'lcp_max_echo_fails', 1990 'link_up_delay', 'lldp_transmission', 'macaddr', 1991 'managed_device', 'management_ip', 'member', 1992 'min_links', 'min_links_down', 'mode', 1993 'mtu', 'mtu_override', 'name', 1994 'ndiscforward', 'netbios_forward', 'netflow_sampler', 1995 'outbandwidth', 'padt_retry_timeout', 'password', 1996 'ping_serv_status', 'polling_interval', 'pppoe_unnumbered_negotiate', 1997 'pptp_auth_type', 'pptp_client', 'pptp_password', 1998 'pptp_server_ip', 'pptp_timeout', 'pptp_user', 1999 'preserve_session_route', 'priority', 'priority_override', 2000 'proxy_captive_portal', 'redundant_interface', 'remote_ip', 2001 'replacemsg_override_group', 'role', 'sample_direction', 2002 'sample_rate', 'scan_botnet_connections', 'secondary_IP', 2003 'secondaryip', 'security_exempt_list', 'security_external_logout', 2004 'security_external_web', 'security_groups', 'security_mac_auth_bypass', 2005 'security_mode', 'security_redirect_url', 'service_name', 2006 'sflow_sampler', 'snmp_index', 'speed', 2007 'spillover_threshold', 'src_check', 'status', 2008 'stpforward', 'stpforward_mode', 'subst', 2009 'substitute_dst_mac', 'switch', 'switch_controller_access_vlan', 2010 'switch_controller_arp_inspection', 'switch_controller_dhcp_snooping', 'switch_controller_dhcp_snooping_option82', 2011 'switch_controller_dhcp_snooping_verify_mac', 'switch_controller_igmp_snooping', 'switch_controller_learning_limit', 2012 'tagging', 'tcp_mss', 'trust_ip_1', 2013 'trust_ip_2', 'trust_ip_3', 'trust_ip6_1', 2014 'trust_ip6_2', 'trust_ip6_3', 'type', 2015 'username', 'vdom', 'vindex', 2016 'vlanforward', 'vlanid', 'vrf', 2017 'vrrp', 'vrrp_virtual_mac', 'wccp', 2018 'weight', 'wins_ip'] 2019 dictionary = {} 2020 2021 for attribute in option_list: 2022 if attribute in json and json[attribute] is not None: 2023 dictionary[attribute] = json[attribute] 2024 2025 return dictionary 2026 2027 2028def flatten_multilists_attributes(data): 2029 multilist_attrs = [[u'allowaccess'], [u'ipv6', u'ip6_allowaccess']] 2030 2031 for attr in multilist_attrs: 2032 try: 2033 path = "data['" + "']['".join(elem for elem in attr) + "']" 2034 current_val = eval(path) 2035 flattened_val = ' '.join(elem for elem in current_val) 2036 exec(path + '= flattened_val') 2037 except BaseException: 2038 pass 2039 2040 return data 2041 2042 2043def underscore_to_hyphen(data): 2044 if isinstance(data, list): 2045 for elem in data: 2046 elem = underscore_to_hyphen(elem) 2047 elif isinstance(data, dict): 2048 new_data = {} 2049 for k, v in data.items(): 2050 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 2051 data = new_data 2052 2053 return data 2054 2055 2056def system_interface(data, fos): 2057 vdom = data['vdom'] 2058 if 'state' in data and data['state']: 2059 state = data['state'] 2060 elif 'state' in data['system_interface'] and data['system_interface']: 2061 state = data['system_interface']['state'] 2062 else: 2063 state = True 2064 system_interface_data = data['system_interface'] 2065 system_interface_data = flatten_multilists_attributes(system_interface_data) 2066 filtered_data = underscore_to_hyphen(filter_system_interface_data(system_interface_data)) 2067 2068 if state == "present": 2069 return fos.set('system', 2070 'interface', 2071 data=filtered_data, 2072 vdom=vdom) 2073 2074 elif state == "absent": 2075 return fos.delete('system', 2076 'interface', 2077 mkey=filtered_data['name'], 2078 vdom=vdom) 2079 2080 2081def is_successful_status(status): 2082 return status['status'] == "success" or \ 2083 status['http_method'] == "DELETE" and status['http_status'] == 404 2084 2085 2086def fortios_system(data, fos): 2087 2088 if data['system_interface']: 2089 resp = system_interface(data, fos) 2090 2091 return not is_successful_status(resp), \ 2092 resp['status'] == "success", \ 2093 resp 2094 2095 2096def main(): 2097 fields = { 2098 "host": {"required": False, "type": "str"}, 2099 "username": {"required": False, "type": "str"}, 2100 "password": {"required": False, "type": "str", "default": "", "no_log": True}, 2101 "vdom": {"required": False, "type": "str", "default": "root"}, 2102 "https": {"required": False, "type": "bool", "default": True}, 2103 "ssl_verify": {"required": False, "type": "bool", "default": True}, 2104 "state": {"required": False, "type": "str", 2105 "choices": ["present", "absent"]}, 2106 "system_interface": { 2107 "required": False, "type": "dict", "default": None, 2108 "options": { 2109 "state": {"required": False, "type": "str", 2110 "choices": ["present", "absent"]}, 2111 "ac_name": {"required": False, "type": "str"}, 2112 "aggregate": {"required": False, "type": "str"}, 2113 "algorithm": {"required": False, "type": "str", 2114 "choices": ["L2", "L3", "L4"]}, 2115 "alias": {"required": False, "type": "str"}, 2116 "allowaccess": {"required": False, "type": "list", 2117 "choices": ["ping", "https", "ssh", 2118 "snmp", "http", "telnet", 2119 "fgfm", "radius-acct", "probe-response", 2120 "capwap", "ftm"]}, 2121 "ap_discover": {"required": False, "type": "str", 2122 "choices": ["enable", "disable"]}, 2123 "arpforward": {"required": False, "type": "str", 2124 "choices": ["enable", "disable"]}, 2125 "auth_type": {"required": False, "type": "str", 2126 "choices": ["auto", "pap", "chap", 2127 "mschapv1", "mschapv2"]}, 2128 "auto_auth_extension_device": {"required": False, "type": "str", 2129 "choices": ["enable", "disable"]}, 2130 "bfd": {"required": False, "type": "str", 2131 "choices": ["global", "enable", "disable"]}, 2132 "bfd_desired_min_tx": {"required": False, "type": "int"}, 2133 "bfd_detect_mult": {"required": False, "type": "int"}, 2134 "bfd_required_min_rx": {"required": False, "type": "int"}, 2135 "broadcast_forticlient_discovery": {"required": False, "type": "str", 2136 "choices": ["enable", "disable"]}, 2137 "broadcast_forward": {"required": False, "type": "str", 2138 "choices": ["enable", "disable"]}, 2139 "captive_portal": {"required": False, "type": "int"}, 2140 "cli_conn_status": {"required": False, "type": "int"}, 2141 "color": {"required": False, "type": "int"}, 2142 "dedicated_to": {"required": False, "type": "str", 2143 "choices": ["none", "management"]}, 2144 "defaultgw": {"required": False, "type": "str", 2145 "choices": ["enable", "disable"]}, 2146 "description": {"required": False, "type": "str"}, 2147 "detected_peer_mtu": {"required": False, "type": "int"}, 2148 "detectprotocol": {"required": False, "type": "str", 2149 "choices": ["ping", "tcp-echo", "udp-echo"]}, 2150 "detectserver": {"required": False, "type": "str"}, 2151 "device_access_list": {"required": False, "type": "str"}, 2152 "device_identification": {"required": False, "type": "str", 2153 "choices": ["enable", "disable"]}, 2154 "device_identification_active_scan": {"required": False, "type": "str", 2155 "choices": ["enable", "disable"]}, 2156 "device_netscan": {"required": False, "type": "str", 2157 "choices": ["disable", "enable"]}, 2158 "device_user_identification": {"required": False, "type": "str", 2159 "choices": ["enable", "disable"]}, 2160 "devindex": {"required": False, "type": "int"}, 2161 "dhcp_client_identifier": {"required": False, "type": "str"}, 2162 "dhcp_relay_agent_option": {"required": False, "type": "str", 2163 "choices": ["enable", "disable"]}, 2164 "dhcp_relay_ip": {"required": False, "type": "str"}, 2165 "dhcp_relay_service": {"required": False, "type": "str", 2166 "choices": ["disable", "enable"]}, 2167 "dhcp_relay_type": {"required": False, "type": "str", 2168 "choices": ["regular", "ipsec"]}, 2169 "dhcp_renew_time": {"required": False, "type": "int"}, 2170 "disc_retry_timeout": {"required": False, "type": "int"}, 2171 "disconnect_threshold": {"required": False, "type": "int"}, 2172 "distance": {"required": False, "type": "int"}, 2173 "dns_server_override": {"required": False, "type": "str", 2174 "choices": ["enable", "disable"]}, 2175 "drop_fragment": {"required": False, "type": "str", 2176 "choices": ["enable", "disable"]}, 2177 "drop_overlapped_fragment": {"required": False, "type": "str", 2178 "choices": ["enable", "disable"]}, 2179 "egress_shaping_profile": {"required": False, "type": "str"}, 2180 "endpoint_compliance": {"required": False, "type": "str", 2181 "choices": ["enable", "disable"]}, 2182 "estimated_downstream_bandwidth": {"required": False, "type": "int"}, 2183 "estimated_upstream_bandwidth": {"required": False, "type": "int"}, 2184 "explicit_ftp_proxy": {"required": False, "type": "str", 2185 "choices": ["enable", "disable"]}, 2186 "explicit_web_proxy": {"required": False, "type": "str", 2187 "choices": ["enable", "disable"]}, 2188 "external": {"required": False, "type": "str", 2189 "choices": ["enable", "disable"]}, 2190 "fail_action_on_extender": {"required": False, "type": "str", 2191 "choices": ["soft-restart", "hard-restart", "reboot"]}, 2192 "fail_alert_interfaces": {"required": False, "type": "list", 2193 "options": { 2194 "name": {"required": True, "type": "str"} 2195 }}, 2196 "fail_alert_method": {"required": False, "type": "str", 2197 "choices": ["link-failed-signal", "link-down"]}, 2198 "fail_detect": {"required": False, "type": "str", 2199 "choices": ["enable", "disable"]}, 2200 "fail_detect_option": {"required": False, "type": "str", 2201 "choices": ["detectserver", "link-down"]}, 2202 "fortiheartbeat": {"required": False, "type": "str", 2203 "choices": ["enable", "disable"]}, 2204 "fortilink": {"required": False, "type": "str", 2205 "choices": ["enable", "disable"]}, 2206 "fortilink_backup_link": {"required": False, "type": "int"}, 2207 "fortilink_split_interface": {"required": False, "type": "str", 2208 "choices": ["enable", "disable"]}, 2209 "fortilink_stacking": {"required": False, "type": "str", 2210 "choices": ["enable", "disable"]}, 2211 "forward_domain": {"required": False, "type": "int"}, 2212 "gwdetect": {"required": False, "type": "str", 2213 "choices": ["enable", "disable"]}, 2214 "ha_priority": {"required": False, "type": "int"}, 2215 "icmp_accept_redirect": {"required": False, "type": "str", 2216 "choices": ["enable", "disable"]}, 2217 "icmp_send_redirect": {"required": False, "type": "str", 2218 "choices": ["enable", "disable"]}, 2219 "ident_accept": {"required": False, "type": "str", 2220 "choices": ["enable", "disable"]}, 2221 "idle_timeout": {"required": False, "type": "int"}, 2222 "inbandwidth": {"required": False, "type": "int"}, 2223 "ingress_spillover_threshold": {"required": False, "type": "int"}, 2224 "interface": {"required": False, "type": "str"}, 2225 "internal": {"required": False, "type": "int"}, 2226 "ip": {"required": False, "type": "str"}, 2227 "ipmac": {"required": False, "type": "str", 2228 "choices": ["enable", "disable"]}, 2229 "ips_sniffer_mode": {"required": False, "type": "str", 2230 "choices": ["enable", "disable"]}, 2231 "ipunnumbered": {"required": False, "type": "str"}, 2232 "ipv6": {"required": False, "type": "dict", 2233 "options": { 2234 "autoconf": {"required": False, "type": "str", 2235 "choices": ["enable", "disable"]}, 2236 "dhcp6_client_options": {"required": False, "type": "str", 2237 "choices": ["rapid", "iapd", "iana"]}, 2238 "dhcp6_information_request": {"required": False, "type": "str", 2239 "choices": ["enable", "disable"]}, 2240 "dhcp6_prefix_delegation": {"required": False, "type": "str", 2241 "choices": ["enable", "disable"]}, 2242 "dhcp6_prefix_hint": {"required": False, "type": "str"}, 2243 "dhcp6_prefix_hint_plt": {"required": False, "type": "int"}, 2244 "dhcp6_prefix_hint_vlt": {"required": False, "type": "int"}, 2245 "dhcp6_relay_ip": {"required": False, "type": "str"}, 2246 "dhcp6_relay_service": {"required": False, "type": "str", 2247 "choices": ["disable", "enable"]}, 2248 "dhcp6_relay_type": {"required": False, "type": "str", 2249 "choices": ["regular"]}, 2250 "ip6_address": {"required": False, "type": "str"}, 2251 "ip6_allowaccess": {"required": False, "type": "list", 2252 "choices": ["ping", "https", "ssh", 2253 "snmp", "http", "telnet", 2254 "fgfm", "capwap"]}, 2255 "ip6_default_life": {"required": False, "type": "int"}, 2256 "ip6_delegated_prefix_list": {"required": False, "type": "list", 2257 "options": { 2258 "autonomous_flag": {"required": False, "type": "str", 2259 "choices": ["enable", "disable"]}, 2260 "onlink_flag": {"required": False, "type": "str", 2261 "choices": ["enable", "disable"]}, 2262 "prefix_id": {"required": False, "type": "int"}, 2263 "rdnss": {"required": False, "type": "str"}, 2264 "rdnss_service": {"required": False, "type": "str", 2265 "choices": ["delegated", "default", "specify"]}, 2266 "subnet": {"required": False, "type": "str"}, 2267 "upstream_interface": {"required": False, "type": "str"} 2268 }}, 2269 "ip6_dns_server_override": {"required": False, "type": "str", 2270 "choices": ["enable", "disable"]}, 2271 "ip6_extra_addr": {"required": False, "type": "list", 2272 "options": { 2273 "prefix": {"required": True, "type": "str"} 2274 }}, 2275 "ip6_hop_limit": {"required": False, "type": "int"}, 2276 "ip6_link_mtu": {"required": False, "type": "int"}, 2277 "ip6_manage_flag": {"required": False, "type": "str", 2278 "choices": ["enable", "disable"]}, 2279 "ip6_max_interval": {"required": False, "type": "int"}, 2280 "ip6_min_interval": {"required": False, "type": "int"}, 2281 "ip6_mode": {"required": False, "type": "str", 2282 "choices": ["static", "dhcp", "pppoe", 2283 "delegated"]}, 2284 "ip6_other_flag": {"required": False, "type": "str", 2285 "choices": ["enable", "disable"]}, 2286 "ip6_prefix_list": {"required": False, "type": "list", 2287 "options": { 2288 "autonomous_flag": {"required": False, "type": "str", 2289 "choices": ["enable", "disable"]}, 2290 "dnssl": {"required": False, "type": "list", 2291 "options": { 2292 "domain": {"required": True, "type": "str"} 2293 }}, 2294 "onlink_flag": {"required": False, "type": "str", 2295 "choices": ["enable", "disable"]}, 2296 "preferred_life_time": {"required": False, "type": "int"}, 2297 "prefix": {"required": True, "type": "str"}, 2298 "rdnss": {"required": False, "type": "str"}, 2299 "valid_life_time": {"required": False, "type": "int"} 2300 }}, 2301 "ip6_reachable_time": {"required": False, "type": "int"}, 2302 "ip6_retrans_time": {"required": False, "type": "int"}, 2303 "ip6_send_adv": {"required": False, "type": "str", 2304 "choices": ["enable", "disable"]}, 2305 "ip6_subnet": {"required": False, "type": "str"}, 2306 "ip6_upstream_interface": {"required": False, "type": "str"}, 2307 "nd_cert": {"required": False, "type": "str"}, 2308 "nd_cga_modifier": {"required": False, "type": "str"}, 2309 "nd_mode": {"required": False, "type": "str", 2310 "choices": ["basic", "SEND-compatible"]}, 2311 "nd_security_level": {"required": False, "type": "int"}, 2312 "nd_timestamp_delta": {"required": False, "type": "int"}, 2313 "nd_timestamp_fuzz": {"required": False, "type": "int"}, 2314 "vrip6_link_local": {"required": False, "type": "str"}, 2315 "vrrp_virtual_mac6": {"required": False, "type": "str", 2316 "choices": ["enable", "disable"]}, 2317 "vrrp6": {"required": False, "type": "list", 2318 "options": { 2319 "accept_mode": {"required": False, "type": "str", 2320 "choices": ["enable", "disable"]}, 2321 "adv_interval": {"required": False, "type": "int"}, 2322 "preempt": {"required": False, "type": "str", 2323 "choices": ["enable", "disable"]}, 2324 "priority": {"required": False, "type": "int"}, 2325 "start_time": {"required": False, "type": "int"}, 2326 "status": {"required": False, "type": "str", 2327 "choices": ["enable", "disable"]}, 2328 "vrdst6": {"required": False, "type": "str"}, 2329 "vrgrp": {"required": False, "type": "int"}, 2330 "vrid": {"required": True, "type": "int"}, 2331 "vrip6": {"required": False, "type": "str"} 2332 }} 2333 }}, 2334 "l2forward": {"required": False, "type": "str", 2335 "choices": ["enable", "disable"]}, 2336 "lacp_ha_slave": {"required": False, "type": "str", 2337 "choices": ["enable", "disable"]}, 2338 "lacp_mode": {"required": False, "type": "str", 2339 "choices": ["static", "passive", "active"]}, 2340 "lacp_speed": {"required": False, "type": "str", 2341 "choices": ["slow", "fast"]}, 2342 "lcp_echo_interval": {"required": False, "type": "int"}, 2343 "lcp_max_echo_fails": {"required": False, "type": "int"}, 2344 "link_up_delay": {"required": False, "type": "int"}, 2345 "lldp_transmission": {"required": False, "type": "str", 2346 "choices": ["enable", "disable", "vdom"]}, 2347 "macaddr": {"required": False, "type": "str"}, 2348 "managed_device": {"required": False, "type": "list", 2349 "options": { 2350 "name": {"required": True, "type": "str"} 2351 }}, 2352 "management_ip": {"required": False, "type": "str"}, 2353 "member": {"required": False, "type": "list", 2354 "options": { 2355 "interface_name": {"required": False, "type": "str"} 2356 }}, 2357 "min_links": {"required": False, "type": "int"}, 2358 "min_links_down": {"required": False, "type": "str", 2359 "choices": ["operational", "administrative"]}, 2360 "mode": {"required": False, "type": "str", 2361 "choices": ["static", "dhcp", "pppoe"]}, 2362 "mtu": {"required": False, "type": "int"}, 2363 "mtu_override": {"required": False, "type": "str", 2364 "choices": ["enable", "disable"]}, 2365 "name": {"required": True, "type": "str"}, 2366 "ndiscforward": {"required": False, "type": "str", 2367 "choices": ["enable", "disable"]}, 2368 "netbios_forward": {"required": False, "type": "str", 2369 "choices": ["disable", "enable"]}, 2370 "netflow_sampler": {"required": False, "type": "str", 2371 "choices": ["disable", "tx", "rx", 2372 "both"]}, 2373 "outbandwidth": {"required": False, "type": "int"}, 2374 "padt_retry_timeout": {"required": False, "type": "int"}, 2375 "password": {"required": False, "type": "str", "no_log": True}, 2376 "ping_serv_status": {"required": False, "type": "int"}, 2377 "polling_interval": {"required": False, "type": "int"}, 2378 "pppoe_unnumbered_negotiate": {"required": False, "type": "str", 2379 "choices": ["enable", "disable"]}, 2380 "pptp_auth_type": {"required": False, "type": "str", 2381 "choices": ["auto", "pap", "chap", 2382 "mschapv1", "mschapv2"]}, 2383 "pptp_client": {"required": False, "type": "str", 2384 "choices": ["enable", "disable"]}, 2385 "pptp_password": {"required": False, "type": "str", "no_log": True}, 2386 "pptp_server_ip": {"required": False, "type": "str"}, 2387 "pptp_timeout": {"required": False, "type": "int"}, 2388 "pptp_user": {"required": False, "type": "str"}, 2389 "preserve_session_route": {"required": False, "type": "str", 2390 "choices": ["enable", "disable"]}, 2391 "priority": {"required": False, "type": "int"}, 2392 "priority_override": {"required": False, "type": "str", 2393 "choices": ["enable", "disable"]}, 2394 "proxy_captive_portal": {"required": False, "type": "str", 2395 "choices": ["enable", "disable"]}, 2396 "redundant_interface": {"required": False, "type": "str"}, 2397 "remote_ip": {"required": False, "type": "str"}, 2398 "replacemsg_override_group": {"required": False, "type": "str"}, 2399 "role": {"required": False, "type": "str", 2400 "choices": ["lan", "wan", "dmz", 2401 "undefined"]}, 2402 "sample_direction": {"required": False, "type": "str", 2403 "choices": ["tx", "rx", "both"]}, 2404 "sample_rate": {"required": False, "type": "int"}, 2405 "scan_botnet_connections": {"required": False, "type": "str", 2406 "choices": ["disable", "block", "monitor"]}, 2407 "secondary_IP": {"required": False, "type": "str", 2408 "choices": ["enable", "disable"]}, 2409 "secondaryip": {"required": False, "type": "list", 2410 "options": { 2411 "allowaccess": {"required": False, "type": "str", 2412 "choices": ["ping", "https", "ssh", 2413 "snmp", "http", "telnet", 2414 "fgfm", "radius-acct", "probe-response", 2415 "capwap", "ftm"]}, 2416 "detectprotocol": {"required": False, "type": "str", 2417 "choices": ["ping", "tcp-echo", "udp-echo"]}, 2418 "detectserver": {"required": False, "type": "str"}, 2419 "gwdetect": {"required": False, "type": "str", 2420 "choices": ["enable", "disable"]}, 2421 "ha_priority": {"required": False, "type": "int"}, 2422 "id": {"required": True, "type": "int"}, 2423 "ip": {"required": False, "type": "str"}, 2424 "ping_serv_status": {"required": False, "type": "int"} 2425 }}, 2426 "security_exempt_list": {"required": False, "type": "str"}, 2427 "security_external_logout": {"required": False, "type": "str"}, 2428 "security_external_web": {"required": False, "type": "str"}, 2429 "security_groups": {"required": False, "type": "list", 2430 "options": { 2431 "name": {"required": True, "type": "str"} 2432 }}, 2433 "security_mac_auth_bypass": {"required": False, "type": "str", 2434 "choices": ["enable", "disable"]}, 2435 "security_mode": {"required": False, "type": "str", 2436 "choices": ["none", "captive-portal", "802.1X"]}, 2437 "security_redirect_url": {"required": False, "type": "str"}, 2438 "service_name": {"required": False, "type": "str"}, 2439 "sflow_sampler": {"required": False, "type": "str", 2440 "choices": ["enable", "disable"]}, 2441 "snmp_index": {"required": False, "type": "int"}, 2442 "speed": {"required": False, "type": "str", 2443 "choices": ["auto", "10full", "10half", 2444 "100full", "100half", "1000full", 2445 "1000half", "1000auto"]}, 2446 "spillover_threshold": {"required": False, "type": "int"}, 2447 "src_check": {"required": False, "type": "str", 2448 "choices": ["enable", "disable"]}, 2449 "status": {"required": False, "type": "str", 2450 "choices": ["up", "down"]}, 2451 "stpforward": {"required": False, "type": "str", 2452 "choices": ["enable", "disable"]}, 2453 "stpforward_mode": {"required": False, "type": "str", 2454 "choices": ["rpl-all-ext-id", "rpl-bridge-ext-id", "rpl-nothing"]}, 2455 "subst": {"required": False, "type": "str", 2456 "choices": ["enable", "disable"]}, 2457 "substitute_dst_mac": {"required": False, "type": "str"}, 2458 "switch": {"required": False, "type": "str"}, 2459 "switch_controller_access_vlan": {"required": False, "type": "str", 2460 "choices": ["enable", "disable"]}, 2461 "switch_controller_arp_inspection": {"required": False, "type": "str", 2462 "choices": ["enable", "disable"]}, 2463 "switch_controller_dhcp_snooping": {"required": False, "type": "str", 2464 "choices": ["enable", "disable"]}, 2465 "switch_controller_dhcp_snooping_option82": {"required": False, "type": "str", 2466 "choices": ["enable", "disable"]}, 2467 "switch_controller_dhcp_snooping_verify_mac": {"required": False, "type": "str", 2468 "choices": ["enable", "disable"]}, 2469 "switch_controller_igmp_snooping": {"required": False, "type": "str", 2470 "choices": ["enable", "disable"]}, 2471 "switch_controller_learning_limit": {"required": False, "type": "int"}, 2472 "tagging": {"required": False, "type": "list", 2473 "options": { 2474 "category": {"required": False, "type": "str"}, 2475 "name": {"required": True, "type": "str"}, 2476 "tags": {"required": False, "type": "list", 2477 "options": { 2478 "name": {"required": True, "type": "str"} 2479 }} 2480 }}, 2481 "tcp_mss": {"required": False, "type": "int"}, 2482 "trust_ip_1": {"required": False, "type": "str"}, 2483 "trust_ip_2": {"required": False, "type": "str"}, 2484 "trust_ip_3": {"required": False, "type": "str"}, 2485 "trust_ip6_1": {"required": False, "type": "str"}, 2486 "trust_ip6_2": {"required": False, "type": "str"}, 2487 "trust_ip6_3": {"required": False, "type": "str"}, 2488 "type": {"required": False, "type": "str", 2489 "choices": ["physical", "vlan", "aggregate", 2490 "redundant", "tunnel", "vdom-link", 2491 "loopback", "switch", "hard-switch", 2492 "vap-switch", "wl-mesh", "fext-wan", 2493 "vxlan", "hdlc", "switch-vlan"]}, 2494 "username": {"required": False, "type": "str"}, 2495 "vdom": {"required": False, "type": "str"}, 2496 "vindex": {"required": False, "type": "int"}, 2497 "vlanforward": {"required": False, "type": "str", 2498 "choices": ["enable", "disable"]}, 2499 "vlanid": {"required": False, "type": "int"}, 2500 "vrf": {"required": False, "type": "int"}, 2501 "vrrp": {"required": False, "type": "list", 2502 "options": { 2503 "accept_mode": {"required": False, "type": "str", 2504 "choices": ["enable", "disable"]}, 2505 "adv_interval": {"required": False, "type": "int"}, 2506 "ignore_default_route": {"required": False, "type": "str", 2507 "choices": ["enable", "disable"]}, 2508 "preempt": {"required": False, "type": "str", 2509 "choices": ["enable", "disable"]}, 2510 "priority": {"required": False, "type": "int"}, 2511 "proxy_arp": {"required": False, "type": "list", 2512 "options": { 2513 "id": {"required": True, "type": "int"}, 2514 "ip": {"required": False, "type": "str"} 2515 }}, 2516 "start_time": {"required": False, "type": "int"}, 2517 "status": {"required": False, "type": "str", 2518 "choices": ["enable", "disable"]}, 2519 "version": {"required": False, "type": "str", 2520 "choices": ["2", "3"]}, 2521 "vrdst": {"required": False, "type": "str"}, 2522 "vrdst_priority": {"required": False, "type": "int"}, 2523 "vrgrp": {"required": False, "type": "int"}, 2524 "vrid": {"required": True, "type": "int"}, 2525 "vrip": {"required": False, "type": "str"} 2526 }}, 2527 "vrrp_virtual_mac": {"required": False, "type": "str", 2528 "choices": ["enable", "disable"]}, 2529 "wccp": {"required": False, "type": "str", 2530 "choices": ["enable", "disable"]}, 2531 "weight": {"required": False, "type": "int"}, 2532 "wins_ip": {"required": False, "type": "str"} 2533 2534 } 2535 } 2536 } 2537 2538 module = AnsibleModule(argument_spec=fields, 2539 supports_check_mode=False) 2540 2541 # legacy_mode refers to using fortiosapi instead of HTTPAPI 2542 legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 2543 'username' in module.params and module.params['username'] is not None and \ 2544 'password' in module.params and module.params['password'] is not None 2545 2546 if not legacy_mode: 2547 if module._socket_path: 2548 connection = Connection(module._socket_path) 2549 fos = FortiOSHandler(connection) 2550 2551 is_error, has_changed, result = fortios_system(module.params, fos) 2552 else: 2553 module.fail_json(**FAIL_SOCKET_MSG) 2554 else: 2555 try: 2556 from fortiosapi import FortiOSAPI 2557 except ImportError: 2558 module.fail_json(msg="fortiosapi module is required") 2559 2560 fos = FortiOSAPI() 2561 2562 login(module.params, fos) 2563 is_error, has_changed, result = fortios_system(module.params, fos) 2564 fos.logout() 2565 2566 if not is_error: 2567 module.exit_json(changed=has_changed, meta=result) 2568 else: 2569 module.fail_json(msg="Error in repo", meta=result) 2570 2571 2572if __name__ == '__main__': 2573 main() 2574