fortios_vpn_ipsec_phase1 – Configure VPN remote gateway in Fortinet’s FortiOS and FortiGate.

New in version 2.10.

Synopsis

• This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.9.0

FortiOS Version Compatibility

	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
fortios_vpn_ipsec_phase1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Parameters

• access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
• enable_log - Enable/Disable logging for task. type: bool required: False default: False
• vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
• state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
• vpn_ipsec_phase1 - Configure VPN remote gateway. type: dict more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  vpn_ipsec_phase1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• acct_verify - Enable/disable verification of RADIUS accounting record. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  acct_verify	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• add_gw_route - Enable/disable automatically add a route to the remote gateway. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  add_gw_route	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• add_route - Enable/disable control addition of a route to peer destination selector. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  add_route	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• assign_ip - Enable/disable assignment of IP to IPsec interface via configuration method. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  assign_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• assign_ip_from - Method by which the IP address will be assigned. type: str choices: range, usrgrp, dhcp, name more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  assign_ip_from	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [range]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [usrgrp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dhcp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [name]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• authmethod - Authentication method. type: str choices: psk, signature more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  authmethod	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [psk]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [signature]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• authmethod_remote - Authentication method (remote side). type: str choices: psk, signature more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  authmethod_remote	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [psk]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [signature]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• authpasswd - XAuth password (max 35 characters). type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  authpasswd	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• authusr - XAuth user name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  authusr	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• authusrgrp - Authentication user group. Source user.group.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  authusrgrp	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• auto_negotiate - Enable/disable automatic initiation of IKE SA negotiation. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  auto_negotiate	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• backup_gateway - Instruct unity clients about the backup gateway address(es). type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  backup_gateway	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• address - Address of backup gateway. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  address	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• banner - Message that unity client should display after connecting. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  banner	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• cert_id_validation - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  cert_id_validation	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• certificate - Names of up to 4 signed personal certificates. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  certificate	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - Certificate name. Source vpn.certificate.local.name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• childless_ike - Enable/disable childless IKEv2 initiation (RFC 6023). type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  childless_ike	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• client_auto_negotiate - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  client_auto_negotiate	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• client_keep_alive - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  client_keep_alive	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• comments - Comment. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  comments	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dhcp_ra_giaddr - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dhcp_ra_giaddr	yes	no	yes	yes	yes	yes	yes	yes

• dhcp6_ra_linkaddr - Relay agent IPv6 link address to use in DHCP6 requests. type: str more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dhcp6_ra_linkaddr	yes	no	yes	yes	yes	yes	yes	yes

• dhgrp - DH group. type: list choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32 more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dhgrp	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [2]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [14]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [15]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [16]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [17]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [18]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [19]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [20]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [21]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [27]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [28]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [29]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [30]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [31]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [32]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes

• digital_signature_auth - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  digital_signature_auth	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• distance - Distance for routes added by IKE (1 - 255). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  distance	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dns_mode - DNS server mode. type: str choices: manual, auto more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dns_mode	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [manual]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [auto]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• domain - Instruct unity clients about the default DNS domain. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  domain	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dpd - Dead Peer Detection mode. type: str choices: disable, on-idle, on-demand more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dpd	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [on-idle]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [on-demand]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dpd_retrycount - Number of DPD retry attempts. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dpd_retrycount	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• dpd_retryinterval - DPD retry interval. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  dpd_retryinterval	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• eap - Enable/disable IKEv2 EAP authentication. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  eap	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• eap_exclude_peergrp - Peer group excluded from EAP authentication. Source user.peergrp.name. type: str more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  eap_exclude_peergrp	yes	yes	yes	yes	yes	yes	yes	yes

• eap_identity - IKEv2 EAP peer identity type. type: str choices: use-id-payload, send-request more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  eap_identity	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [use-id-payload]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [send-request]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• enforce_unique_id - Enable/disable peer ID uniqueness check. type: str choices: disable, keep-new, keep-old more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  enforce_unique_id	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [keep-new]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [keep-old]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• esn - Extended sequence number (ESN) negotiation. type: str choices: require, allow, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  esn	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	no
  [require]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [allow]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• fec_base - Number of base Forward Error Correction packets (1 - 100). type: int more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fec_base	yes	yes	yes	yes	yes	yes	yes	yes

• fec_codec - ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). type: int more...

  	v7.0.0
  fec_codec	yes

• fec_egress - Enable/disable Forward Error Correction for egress IPsec traffic. type: str choices: enable, disable more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fec_egress	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes

• fec_ingress - Enable/disable Forward Error Correction for ingress IPsec traffic. type: str choices: enable, disable more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fec_ingress	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes

• fec_receive_timeout - Timeout in milliseconds before dropping Forward Error Correction packets (1 - 10000). type: int more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fec_receive_timeout	yes	yes	yes	yes	yes	yes	yes	yes

• fec_redundant - Number of redundant Forward Error Correction packets (1 - 100). type: int more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fec_redundant	yes	yes	yes	yes	yes	yes	yes	yes

• fec_send_timeout - Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000). type: int more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fec_send_timeout	yes	yes	yes	yes	yes	yes	yes	yes

• forticlient_enforcement - Enable/disable FortiClient enforcement. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  forticlient_enforcement	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• fragmentation - Enable/disable fragment IKE message on re-transmission. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fragmentation	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• fragmentation_mtu - IKE fragmentation MTU (500 - 16000). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  fragmentation_mtu	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• group_authentication - Enable/disable IKEv2 IDi group authentication. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  group_authentication	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• group_authentication_secret - Password for IKEv2 IDi group authentication. (ASCII string or hexadecimal indicated by a leading 0x.) type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  group_authentication_secret	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ha_sync_esp_seqno - Enable/disable sequence number jump ahead for IPsec HA. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ha_sync_esp_seqno	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• idle_timeout - Enable/disable IPsec tunnel idle timeout. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  idle_timeout	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• idle_timeoutinterval - IPsec tunnel idle timeout in minutes (5 - 43200). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  idle_timeoutinterval	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ike_version - IKE protocol version. type: str choices: 1, 2 more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ike_version	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [2]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• include_local_lan - Enable/disable allow local LAN access on unity clients. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  include_local_lan	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• interface - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  interface	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_dns_server1 - IPv4 DNS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_dns_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_dns_server2 - IPv4 DNS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_dns_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_dns_server3 - IPv4 DNS server 3. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_dns_server3	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_end_ip - End of IPv4 range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_end_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_exclude_range - Configuration Method IPv4 exclude ranges. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_exclude_range	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• end_ip - End of IPv4 exclusive range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  end_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• id - ID. type: int required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  id	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• start_ip - Start of IPv4 exclusive range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  start_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_name - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_netmask - IPv4 Netmask. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_netmask	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_split_exclude - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_split_exclude	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_split_include - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_split_include	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_start_ip - Start of IPv4 range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_start_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_wins_server1 - WINS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_wins_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv4_wins_server2 - WINS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv4_wins_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_dns_server1 - IPv6 DNS server 1. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_dns_server1	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_dns_server2 - IPv6 DNS server 2. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_dns_server2	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_dns_server3 - IPv6 DNS server 3. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_dns_server3	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_end_ip - End of IPv6 range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_end_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_exclude_range - Configuration method IPv6 exclude ranges. type: list more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_exclude_range	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• end_ip - End of IPv6 exclusive range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  end_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• id - ID. type: int required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  id	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• start_ip - Start of IPv6 exclusive range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  start_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_prefix - IPv6 prefix. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_prefix	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_split_exclude - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_split_exclude	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_split_include - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_split_include	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ipv6_start_ip - Start of IPv6 range. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ipv6_start_ip	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• keepalive - NAT-T keep alive interval. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  keepalive	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• keylife - Time to wait in seconds before phase 1 encryption key expires. type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  keylife	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• local_gw - Local VPN gateway. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  local_gw	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• localid - Local ID. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  localid	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• localid_type - Local ID type. type: str choices: auto, fqdn, user-fqdn, keyid, address, asn1dn more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  localid_type	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [auto]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [fqdn]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [user-fqdn]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [keyid]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [address]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [asn1dn]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• loopback_asymroute - Enable/disable asymmetric routing for IKE traffic on loopback interface. type: str choices: enable, disable more...

  	v7.0.0
  loopback_asymroute	yes
  [enable]	yes
  [disable]	yes

• mesh_selector_type - Add selectors containing subsets of the configuration depending on traffic. type: str choices: disable, subnet, host more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mesh_selector_type	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [subnet]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [host]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• mode - ID protection mode used to establish a secure channel. type: str choices: aggressive, main more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mode	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aggressive]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [main]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• mode_cfg - Enable/disable configuration method. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  mode_cfg	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• name - IPsec remote gateway name. type: str required: True more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  name	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• nattraversal - Enable/disable NAT traversal. type: str choices: enable, disable, forced more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  nattraversal	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [forced]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• negotiate_timeout - IKE SA negotiation timeout in seconds (1 - 300). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  negotiate_timeout	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• network_id - VPN gateway network ID. type: int more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  network_id	yes	yes	yes	yes	yes	yes	yes	yes

• network_overlay - Enable/disable network overlays. type: str choices: disable, enable more...

  	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  network_overlay	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes

• npu_offload - Enable/disable offloading NPU. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  npu_offload	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	no
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• peer - Accept this peer certificate. Source user.peer.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  peer	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• peergrp - Accept this peer certificate group. Source user.peergrp.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  peergrp	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• peerid - Accept this peer identity. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  peerid	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• peertype - Accept this peer type. type: str choices: any, one, dialup, peer, peergrp more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  peertype	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [any]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [one]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [peer]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [peergrp]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ppk - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str choices: disable, allow, require more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ppk	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [allow]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [require]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ppk_identity	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  ppk_secret	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• priority - Priority for routes added by IKE (0 - 4294967295). type: int more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  priority	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• proposal - Phase1 proposal. type: list choices: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512 more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  proposal	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [des-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [des-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [des-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [des-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [des-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [3des-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [3des-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [3des-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [3des-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [3des-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128gcm-prfsha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128gcm-prfsha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128gcm-prfsha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes128gcm-prfsha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes192-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes192-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes192-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes192-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes192-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256gcm-prfsha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256gcm-prfsha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256gcm-prfsha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aes256gcm-prfsha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [chacha20poly1305-prfsha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [chacha20poly1305-prfsha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [chacha20poly1305-prfsha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [chacha20poly1305-prfsha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria128-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria128-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria128-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria128-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria128-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria192-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria192-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria192-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria192-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria192-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria256-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria256-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria256-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria256-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [aria256-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [seed-md5]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [seed-sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [seed-sha256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [seed-sha384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [seed-sha512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• psksecret - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  psksecret	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• psksecret_remote - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  psksecret_remote	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• reauth - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  reauth	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• rekey - Enable/disable phase1 rekey. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  rekey	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• remote_gw - Remote VPN gateway. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  remote_gw	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• remotegw_ddns - Domain name of remote gateway (eg. name.DDNS.com). type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  remotegw_ddns	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• rsa_signature_format - Digital Signature Authentication RSA signature format. type: str choices: pkcs1, pss more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  rsa_signature_format	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [pkcs1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [pss]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• save_password - Enable/disable saving XAuth username and password on VPN clients. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  save_password	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• send_cert_chain - Enable/disable sending certificate chain. type: str choices: enable, disable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  send_cert_chain	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• signature_hash_alg - Digital Signature Authentication hash algorithms. type: list choices: sha1, sha2-256, sha2-384, sha2-512 more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  signature_hash_alg	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sha1]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sha2-256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sha2-384]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [sha2-512]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• split_include_service - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  split_include_service	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• suite_b - Use Suite-B. type: str choices: disable, suite-b-gcm-128, suite-b-gcm-256 more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  suite_b	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [suite-b-gcm-128]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [suite-b-gcm-256]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• type - Remote gateway type. type: str choices: static, dynamic, ddns more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  type	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [static]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dynamic]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [ddns]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• unity_support - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str choices: disable, enable more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  unity_support	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [enable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• usrgrp - User group name for dialup peers. Source user.group.name. type: str more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  usrgrp	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

• wizard_type - GUI VPN Wizard Type. type: str choices: custom, dialup-forticlient, dialup-ios, dialup-android, dialup-windows, dialup-cisco, static-fortigate, dialup-fortigate, static-cisco, dialup-cisco-fw, simplified-static-fortigate, hub-fortigate-auto-discovery, spoke-fortigate-auto-discovery more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  wizard_type	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [custom]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup-forticlient]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup-ios]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup-android]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup-windows]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup-cisco]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [static-fortigate]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup-fortigate]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [static-cisco]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [dialup-cisco-fw]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [simplified-static-fortigate]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes
  [hub-fortigate-auto-discovery]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes
  [spoke-fortigate-auto-discovery]	n/a	n/a	n/a	yes	yes	yes	yes	yes	yes	yes	yes

• xauthtype - XAuth type. type: str choices: disable, client, pap, chap, auto more...

  	v6.0.0	v6.0.5	v6.0.11	v6.2.0	v6.2.3	v6.2.5	v6.2.7	v6.4.0	v6.4.1	v6.4.4	v7.0.0
  xauthtype	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [disable]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [client]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [pap]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [chap]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes
  [auto]	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Notes

Note

• Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure VPN remote gateway.
    fortios_vpn_ipsec_phase1:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      vpn_ipsec_phase1:
        acct_verify: "enable"
        add_gw_route: "enable"
        add_route: "disable"
        assign_ip: "disable"
        assign_ip_from: "range"
        authmethod: "psk"
        authmethod_remote: "psk"
        authpasswd: "<your_own_value>"
        authusr: "<your_own_value>"
        authusrgrp: "<your_own_value> (source user.group.name)"
        auto_negotiate: "enable"
        backup_gateway:
         -
            address: "<your_own_value>"
        banner: "<your_own_value>"
        cert_id_validation: "enable"
        certificate:
         -
            name: "default_name_19 (source vpn.certificate.local.name)"
        childless_ike: "enable"
        client_auto_negotiate: "disable"
        client_keep_alive: "disable"
        comments: "<your_own_value>"
        dhcp_ra_giaddr: "<your_own_value>"
        dhcp6_ra_linkaddr: "<your_own_value>"
        dhgrp: "1"
        digital_signature_auth: "enable"
        distance: "28"
        dns_mode: "manual"
        domain: "<your_own_value>"
        dpd: "disable"
        dpd_retrycount: "32"
        dpd_retryinterval: "<your_own_value>"
        eap: "enable"
        eap_exclude_peergrp: "<your_own_value> (source user.peergrp.name)"
        eap_identity: "use-id-payload"
        enforce_unique_id: "disable"
        esn: "require"
        fec_base: "39"
        fec_codec: "40"
        fec_egress: "enable"
        fec_ingress: "enable"
        fec_receive_timeout: "43"
        fec_redundant: "44"
        fec_send_timeout: "45"
        forticlient_enforcement: "enable"
        fragmentation: "enable"
        fragmentation_mtu: "48"
        group_authentication: "enable"
        group_authentication_secret: "<your_own_value>"
        ha_sync_esp_seqno: "enable"
        idle_timeout: "enable"
        idle_timeoutinterval: "53"
        ike_version: "1"
        include_local_lan: "disable"
        interface: "<your_own_value> (source system.interface.name)"
        ipv4_dns_server1: "<your_own_value>"
        ipv4_dns_server2: "<your_own_value>"
        ipv4_dns_server3: "<your_own_value>"
        ipv4_end_ip: "<your_own_value>"
        ipv4_exclude_range:
         -
            end_ip: "<your_own_value>"
            id:  "63"
            start_ip: "<your_own_value>"
        ipv4_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        ipv4_netmask: "<your_own_value>"
        ipv4_split_exclude: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        ipv4_split_include: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        ipv4_start_ip: "<your_own_value>"
        ipv4_wins_server1: "<your_own_value>"
        ipv4_wins_server2: "<your_own_value>"
        ipv6_dns_server1: "<your_own_value>"
        ipv6_dns_server2: "<your_own_value>"
        ipv6_dns_server3: "<your_own_value>"
        ipv6_end_ip: "<your_own_value>"
        ipv6_exclude_range:
         -
            end_ip: "<your_own_value>"
            id:  "78"
            start_ip: "<your_own_value>"
        ipv6_name: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_prefix: "81"
        ipv6_split_exclude: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_split_include: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_start_ip: "<your_own_value>"
        keepalive: "85"
        keylife: "86"
        local_gw: "<your_own_value>"
        localid: "<your_own_value>"
        localid_type: "auto"
        loopback_asymroute: "enable"
        mesh_selector_type: "disable"
        mode: "aggressive"
        mode_cfg: "disable"
        name: "default_name_94"
        nattraversal: "enable"
        negotiate_timeout: "96"
        network_id: "97"
        network_overlay: "disable"
        npu_offload: "enable"
        peer: "<your_own_value> (source user.peer.name)"
        peergrp: "<your_own_value> (source user.peergrp.name)"
        peerid: "<your_own_value>"
        peertype: "any"
        ppk: "disable"
        ppk_identity: "<your_own_value>"
        ppk_secret: "<your_own_value>"
        priority: "107"
        proposal: "des-md5"
        psksecret: "<your_own_value>"
        psksecret_remote: "<your_own_value>"
        reauth: "disable"
        rekey: "enable"
        remote_gw: "<your_own_value>"
        remotegw_ddns: "<your_own_value>"
        rsa_signature_format: "pkcs1"
        save_password: "disable"
        send_cert_chain: "enable"
        signature_hash_alg: "sha1"
        split_include_service: "<your_own_value> (source firewall.service.group.name firewall.service.custom.name)"
        suite_b: "disable"
        type: "static"
        unity_support: "disable"
        usrgrp: "<your_own_value> (source user.group.name)"
        wizard_type: "custom"
        xauthtype: "disable"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• build - Build number of the fortigate image returned: always type: str sample: 1547
• http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
• http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
• mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
• name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
• path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
• revision - Internal revision number returned: always type: str sample: 17.0.2.10658
• serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
• status - Indication of the operation's result returned: always type: str sample: success
• vdom - Virtual domain used returned: always type: str sample: root
• version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Link Zheng (@chillancezen)
• Jie Xue (@JieX19)
• Hongbin Lu (@fgtdev-hblu)
• Frank Shen (@frankshen01)
• Miguel Angel Munoz (@mamunozgonzalez)
• Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.