fortios_system_fabric_vpn – Setup for self orchestrated fabric auto discovery VPN in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fabric_vpn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- system_fabric_vpn - Setup for self orchestrated fabric auto discovery VPN. type: dict more...
- advertised_subnets - Local advertised subnets. type: list member_path: advertised_subnets:id more...
- access - Access policy direction. type: str choices: inbound, bidirectional more...
- bgp_network - Underlying BGP network. Source router.bgp.network.id. type: int more...
- firewall_address - Underlying firewall address. Source firewall.address.name. type: str more...
- id - ID. type: int required: true more...
- policies - Underlying policies. Source firewall.policy.policyid. type: list
- prefix - Network prefix. type: str more...
- bgp_as - BGP Router AS number, valid from 1 to 4294967295. type: int more...
- branch_name - Branch name. type: str more...
- health_checks - Underlying health checks. Source system.sdwan.health-check.name. type: list
- loopback_address_block - IPv4 address and subnet mask for hub"s loopback address, syntax: X.X.X.X/24. type: str more...
- loopback_advertised_subnet - Loopback advertised subnet reference. Source system.fabric-vpn.advertised-subnets.id. type: int more...
- loopback_interface - Loopback interface. Source system.interface.name. type: str more...
- overlays - Local overlay interfaces table. type: list member_path: overlays:name more...
- bgp_neighbor - Underlying BGP neighbor entry. Source router.bgp.neighbor.ip. type: str more...
- bgp_neighbor_group - Underlying BGP neighbor group entry. Source router.bgp.neighbor-group.name. type: str more...
- bgp_neighbor_range - Underlying BGP neighbor range entry. Source router.bgp.neighbor-range.id. type: int more...
- bgp_network - Underlying BGP network. Source router.bgp.network.id. type: int more...
- interface - Underlying interface name. Source system.interface.name. type: str more...
- ipsec_phase1 - IPsec interface. Source vpn.ipsec.phase1-interface.name. type: str more...
- name - Overlay name. type: str required: true more...
- overlay_policy - The overlay policy to allow ADVPN thru traffic. Source firewall.policy.policyid. type: int more...
- overlay_tunnel_block - IPv4 address and subnet mask for the overlay tunnel , syntax: X.X.X.X/24. type: str more...
- remote_gw - IP address of the hub gateway (Set by hub). type: str more...
- route_policy - Underlying router policy. Source router.policy.seq-num. type: int more...
- sdwan_member - Reference to SD-WAN member entry. Source system.sdwan.members.seq-num. type: int more...
- policy_rule - Policy creation rule. type: str choices: health-check, manual, auto more...
- psksecret - Pre-shared secret for ADVPN. type: str more...
- sdwan_zone - Reference to created SD-WAN zone. Source system.sdwan.zone.name. type: str more...
- status - Enable/disable Fabric VPN. type: str choices: enable, disable more...
- sync_mode - Setting synchronised by fabric or manual. type: str choices: enable, disable more...
- vpn_role - Fabric VPN role. type: str choices: hub, spoke more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Setup for self orchestrated fabric auto discovery VPN.
fortios_system_fabric_vpn:
vdom: "{{ vdom }}"
system_fabric_vpn:
advertised_subnets:
-
access: "inbound"
bgp_network: "0"
firewall_address: "<your_own_value> (source firewall.address.name)"
id: "7"
policies: "<your_own_value> (source firewall.policy.policyid)"
prefix: "<your_own_value>"
bgp_as: "0"
branch_name: "<your_own_value>"
health_checks: "<your_own_value> (source system.sdwan.health-check.name)"
loopback_address_block: "<your_own_value>"
loopback_advertised_subnet: "0"
loopback_interface: "<your_own_value> (source system.interface.name)"
overlays:
-
bgp_neighbor: "<your_own_value> (source router.bgp.neighbor.ip)"
bgp_neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
bgp_neighbor_range: "0"
bgp_network: "0"
interface: "<your_own_value> (source system.interface.name)"
ipsec_phase1: "<your_own_value> (source vpn.ipsec.phase1-interface.name)"
name: "default_name_23"
overlay_policy: "0"
overlay_tunnel_block: "<your_own_value>"
remote_gw: "<your_own_value>"
route_policy: "0"
sdwan_member: "0"
policy_rule: "health-check"
psksecret: "<your_own_value>"
sdwan_zone: "<your_own_value> (source system.sdwan.zone.name)"
status: "enable"
sync_mode: "enable"
vpn_role: "hub"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3