fortios_system_virtual_wan_link – Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_wan_link category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
|
fortios_system_virtual_wan_link | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- system_virtual_wan_link - Configure redundant internet connections using SD-WAN (formerly virtual WAN link). type: dict more...
- fail_alert_interfaces - Physical interfaces that will be alerted. type: list more...
- name - Physical interface name. Source system.interface.name. type: str more...
- fail_detect - Enable/disable SD-WAN Internet connection status checking (failure detection). type: str choices: enable, disable more...
- health_check - SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it. type: list more...
- addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6 more...
- diffservcode - Differentiated services code point (DSCP) in the IP header of the probe packet. type: str more...
- failtime - Number of failures before server is considered lost (1 - 3600). type: int more...
- ha_priority - HA election priority (1 - 50). type: int more...
- http_agent - String in the http-agent field in the HTTP header. type: str more...
- http_get - URL used to communicate with the server if the protocol if the protocol is HTTP. type: str more...
- http_match - Response string expected from the server if the protocol is HTTP. type: str more...
- interval - Status check interval in milliseconds, or the time between attempting to connect to the server (500 - 3600*1000 msec). type: int more...
- members - Member sequence number list. type: list more...
- seq_num - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int more...
- name - Status check or health check name. type: str more...
- packet_size - Packet size of a twamp test session, type: int more...
- password - Twamp controller password in authentication mode type: str more...
- port - Port number used to communicate with the server over the selected protocol. type: int more...
- probe_packets - Enable/disable transmission of probe packets. type: str choices: disable, enable more...
- probe_timeout - Time to wait before a probe packet is considered lost (500 - 5000 msec). type: int more...
- protocol - Protocol used to determine if the FortiGate can communicate with the server. type: str choices: ping, tcp-echo, udp-echo, http, twamp, ping6 more...
- recoverytime - Number of successful responses received before server is considered recovered (1 - 3600). type: int more...
- security_mode - Twamp controller security mode. type: str choices: none, authentication more...
- server - IP address or FQDN name of the server. type: str more...
- sla - Service level agreement (SLA). type: list more...
- id - SLA ID. type: int more...
- jitter_threshold - Jitter for SLA to make decision in milliseconds. (0 - 10000000). type: int more...
- latency_threshold - Latency for SLA to make decision in milliseconds. (0 - 10000000). type: int more...
- link_cost_factor - Criteria on which to base link selection. type: list choices: latency, jitter, packet-loss more...
- packetloss_threshold - Packet loss for SLA to make decision in percentage. (0 - 100). type: int more...
- sla_fail_log_period - Time interval in seconds that SLA fail log messages will be generated (0 - 3600). type: int more...
- sla_pass_log_period - Time interval in seconds that SLA pass log messages will be generated (0 - 3600). type: int more...
- threshold_alert_jitter - Alert threshold for jitter (ms). type: int more...
- threshold_alert_latency - Alert threshold for latency (ms). type: int more...
- threshold_alert_packetloss - Alert threshold for packet loss (percentage). type: int more...
- threshold_warning_jitter - Warning threshold for jitter (ms). type: int more...
- threshold_warning_latency - Warning threshold for latency (ms). type: int more...
- threshold_warning_packetloss - Warning threshold for packet loss (percentage). type: int more...
- update_cascade_interface - Enable/disable update cascade interface. type: str choices: enable, disable more...
- update_static_route - Enable/disable updating the static route. type: str choices: enable, disable more...
- load_balance_mode - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. type: str choices: source-ip-based, weight-based, usage-based, source-dest-ip-based, measured-volume-based more...
- members - FortiGate interfaces added to the virtual-wan-link. type: list more...
- comment - Comments. type: str more...
- cost - Cost of this interface for services in SLA mode (0 - 4294967295). type: int more...
- gateway - The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to. type: str more...
- gateway6 - IPv6 gateway. type: str more...
- ingress_spillover_threshold - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int more...
- interface - Interface name. Source system.interface.name. type: str more...
- priority - Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules. type: int more...
- seq_num - Sequence number(1-255). type: int more...
- source - Source IP address used in the health-check packet to the server. type: str more...
- source6 - Source IPv6 address used in the health-check packet to the server. type: str more...
- spillover_threshold - Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int more...
- status - Enable/disable this interface in the SD-WAN. type: str choices: disable, enable more...
- volume_ratio - Measured volume ratio (this value / sum of all values = percentage of link volume, 1 - 255). type: int more...
- weight - Weight of this interface for weighted load balancing. (1 - 255) More traffic is directed to interfaces with higher weights. type: int more...
- neighbor - Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status. type: list more...
- health_check - SD-WAN health-check name. Source system.virtual-wan-link.health-check.name. type: str more...
- ip - IP address of neighbor. Source router.bgp.neighbor.ip. type: str more...
- member - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int more...
- role - Role of neighbor. type: str choices: standalone, primary, secondary more...
- sla_id - SLA ID. type: int more...
- neighbor_hold_boot_time - Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. (0 - 10000000). type: int more...
- neighbor_hold_down - Enable/disable hold switching from the secondary neighbor to the primary neighbor. type: str choices: enable, disable more...
- neighbor_hold_down_time - Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. (0 - 10000000). type: int more...
- service - Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN. type: list more...
- addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6 more...
- bandwidth_weight - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. type: int more...
- default - Enable/disable use of SD-WAN as default service. type: str choices: enable, disable more...
- dscp_forward - Enable/disable forward traffic DSCP tag. type: str choices: enable, disable more...
- dscp_forward_tag - Forward traffic DSCP tag. type: str more...
- dscp_reverse - Enable/disable reverse traffic DSCP tag. type: str choices: enable, disable more...
- dscp_reverse_tag - Reverse traffic DSCP tag. type: str more...
- dst - Destination address name. type: list more...
- name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- dst_negate - Enable/disable negation of destination address match. type: str choices: enable, disable more...
- dst6 - Destination address6 name. type: list more...
- name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- end_port - End destination port number. type: int more...
- gateway - Enable/disable SD-WAN service gateway. type: str choices: enable, disable more...
- groups - User groups. type: list more...
- name - Group name. Source user.group.name. type: str more...
- health_check - Health check. Source system.virtual-wan-link.health-check.name. type: str more...
- hold_down_time - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000). type: int more...
- id - Priority rule ID (1 - 4000). type: int more...
- input_device - Source interface name. type: list more...
- name - Interface name. Source system.interface.name. type: str more...
- input_device_negate - Enable/disable negation of input device match. type: str choices: enable, disable more...
- internet_service - Enable/disable use of Internet service for application-based load balancing. type: str choices: enable, disable more...
- internet_service_app_ctrl - Application control based Internet Service ID list. type: list more...
- id - Application control based Internet Service ID. type: int more...
- internet_service_app_ctrl_group - Application control based Internet Service group list. type: list more...
- name - Application control based Internet Service group name. Source application.group.name. type: str more...
- internet_service_ctrl - Control-based Internet Service ID list. type: list more...
- id - Control-based Internet Service ID. type: int more...
- internet_service_ctrl_group - Control-based Internet Service group list. type: list more...
- name - Control-based Internet Service group name. Source application.group.name. type: str more...
- internet_service_custom - Custom Internet service name list. type: list more...
- name - Custom Internet service name. Source firewall.internet-service-custom.name. type: str more...
- internet_service_custom_group - Custom Internet Service group list. type: list more...
- name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str more...
- internet_service_group - Internet Service group list. type: list more...
- name - Internet Service group name. Source firewall.internet-service-group.name. type: str more...
- internet_service_id - Internet service ID list. type: list more...
- id - Internet service ID. Source firewall.internet-service.id. type: int more...
- jitter_weight - Coefficient of jitter in the formula of custom-profile-1. type: int more...
- latency_weight - Coefficient of latency in the formula of custom-profile-1. type: int more...
- link_cost_factor - Link cost factor. type: str choices: latency, jitter, packet-loss, inbandwidth, outbandwidth, bibandwidth, custom-profile-1 more...
- link_cost_threshold - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000). type: int more...
- member - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int more...
- mode - Control how the priority rule sets the priority of interfaces in the SD-WAN. type: str choices: auto, manual, priority, sla, load-balance more...
- name - Priority rule name. type: str more...
- packet_loss_weight - Coefficient of packet-loss in the formula of custom-profile-1. type: int more...
- priority_members - Member sequence number list. type: list more...
- seq_num - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int more...
- protocol - Protocol number. type: int more...
- quality_link - Quality grade. type: int more...
- role - Service role to work with neighbor. type: str choices: standalone, primary, secondary more...
- route_tag - IPv4 route map route-tag. type: int more...
- sla - Service level agreement (SLA). type: list more...
- health_check - Virtual WAN Link health-check. Source system.virtual-wan-link.health-check.name. type: str more...
- id - SLA ID. type: int more...
- sla_compare_method - Method to compare SLA value for sla and load balance mode. type: str choices: order, number more...
- src - Source address name. type: list more...
- name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- src_negate - Enable/disable negation of source address match. type: str choices: enable, disable more...
- src6 - Source address6 name. type: list more...
- name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- standalone_action - Enable/disable service when selected neighbor role is standalone while service role is not standalone. type: str choices: enable, disable more...
- start_port - Start destination port number. type: int more...
- status - Enable/disable SD-WAN service. type: str choices: enable, disable more...
- tos - Type of service bit pattern. type: str more...
- tos_mask - Type of service evaluated bits. type: str more...
- users - User name. type: list more...
- name - User name. Source user.local.name. type: str more...
- status - Enable/disable SD-WAN. type: str choices: disable, enable more...
- zone - Configure SD-WAN zones. type: list more...
- name - Zone name. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
fortios_system_virtual_wan_link:
vdom: "{{ vdom }}"
system_virtual_wan_link:
fail_alert_interfaces:
-
name: "default_name_4 (source system.interface.name)"
fail_detect: "enable"
health_check:
-
addr_mode: "ipv4"
diffservcode: "<your_own_value>"
failtime: "1800"
ha_priority: "25"
http_agent: "<your_own_value>"
http_get: "<your_own_value>"
http_match: "<your_own_value>"
interval: "1800000"
members:
-
seq_num: "2147483647"
name: "default_name_17"
packet_size: "512"
password: "<your_own_value>"
port: "32767"
probe_packets: "disable"
probe_timeout: "2500"
protocol: "ping"
recoverytime: "1800"
security_mode: "none"
server: "192.168.100.40"
sla:
-
id: "28"
jitter_threshold: "5000000"
latency_threshold: "5000000"
link_cost_factor: "latency"
packetloss_threshold: "50"
sla_fail_log_period: "1800"
sla_pass_log_period: "1800"
threshold_alert_jitter: "2147483647"
threshold_alert_latency: "2147483647"
threshold_alert_packetloss: "50"
threshold_warning_jitter: "2147483647"
threshold_warning_latency: "2147483647"
threshold_warning_packetloss: "50"
update_cascade_interface: "enable"
update_static_route: "enable"
load_balance_mode: "source-ip-based"
members:
-
comment: "Comments."
cost: "2147483647"
gateway: "<your_own_value>"
gateway6: "<your_own_value>"
ingress_spillover_threshold: "8388000"
interface: "<your_own_value> (source system.interface.name)"
priority: "2147483647"
seq_num: "127"
source: "<your_own_value>"
source6: "<your_own_value>"
spillover_threshold: "8388000"
status: "disable"
volume_ratio: "127"
weight: "127"
neighbor:
-
health_check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
ip: "<your_own_value> (source router.bgp.neighbor.ip)"
member: "2147483647"
role: "standalone"
sla_id: "2147483647"
neighbor_hold_boot_time: "5000000"
neighbor_hold_down: "enable"
neighbor_hold_down_time: "5000000"
service:
-
addr_mode: "ipv4"
bandwidth_weight: "5000000"
default: "enable"
dscp_forward: "enable"
dscp_forward_tag: "<your_own_value>"
dscp_reverse: "enable"
dscp_reverse_tag: "<your_own_value>"
dst:
-
name: "default_name_77 (source firewall.address.name firewall.addrgrp.name)"
dst_negate: "enable"
dst6:
-
name: "default_name_80 (source firewall.address6.name firewall.addrgrp6.name)"
end_port: "32767"
gateway: "enable"
groups:
-
name: "default_name_84 (source user.group.name)"
health_check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
hold_down_time: "5000000"
id: "87"
input_device:
-
name: "default_name_89 (source system.interface.name)"
input_device_negate: "enable"
internet_service: "enable"
internet_service_app_ctrl:
-
id: "93"
internet_service_app_ctrl_group:
-
name: "default_name_95 (source application.group.name)"
internet_service_ctrl:
-
id: "97"
internet_service_ctrl_group:
-
name: "default_name_99 (source application.group.name)"
internet_service_custom:
-
name: "default_name_101 (source firewall.internet-service-custom.name)"
internet_service_custom_group:
-
name: "default_name_103 (source firewall.internet-service-custom-group.name)"
internet_service_group:
-
name: "default_name_105 (source firewall.internet-service-group.name)"
internet_service_id:
-
id: "107 (source firewall.internet-service.id)"
jitter_weight: "5000000"
latency_weight: "5000000"
link_cost_factor: "latency"
link_cost_threshold: "5000000"
member: "2147483647"
mode: "auto"
name: "default_name_114"
packet_loss_weight: "5000000"
priority_members:
-
seq_num: "2147483647"
protocol: "127"
quality_link: "127"
role: "standalone"
route_tag: "2147483647"
sla:
-
health_check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
id: "124"
sla_compare_method: "order"
src:
-
name: "default_name_127 (source firewall.address.name firewall.addrgrp.name)"
src_negate: "enable"
src6:
-
name: "default_name_130 (source firewall.address6.name firewall.addrgrp6.name)"
standalone_action: "enable"
start_port: "32767"
status: "enable"
tos: "<your_own_value>"
tos_mask: "<your_own_value>"
users:
-
name: "default_name_137 (source user.local.name)"
status: "disable"
zone:
-
name: "default_name_140"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3