fortios_wireless_controller_vap – Configure Virtual Access Points (VAPs) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
|
fortios_wireless_controller_vap | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- wireless_controller_vap - Configure Virtual Access Points (VAPs). type: dict more...
- access_control_list - Profile name for access-control-list. Source wireless-controller.access-control-list.name. type: str more...
- acct_interim_interval - WiFi RADIUS accounting interim interval (60 - 86400 sec). type: int more...
- additional_akms - Additional AKMs. type: list choices: akm6 more...
- address_group - Firewall Address Group Name. Source firewall.addrgrp.name. type: str more...
- address_group_policy - Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str choices: disable, allow, deny more...
- alias - Alias. type: str more...
- antivirus_profile - AntiVirus profile name. Source antivirus.profile.name. type: str more...
- application_detection_engine - Enable/disable application detection engine . type: str choices: enable, disable more...
- application_dscp_marking - Enable/disable application attribute based DSCP marking . type: str choices: enable, disable more...
- application_list - Application control list name. Source application.list.name. type: str more...
- application_report_intv - Application report interval (30 - 864000 sec). type: int more...
- atf_weight - Airtime weight in percentage . type: int more...
- auth - Authentication protocol. type: str choices: psk, radius, usergroup more...
- auth_cert - HTTPS server certificate. Source vpn.certificate.local.name. type: str more...
- auth_portal_addr - Address of captive portal. type: str more...
- beacon_advertising - Fortinet beacon advertising IE data . type: list choices: name, model, serial-number more...
- broadcast_ssid - Enable/disable broadcasting the SSID . type: str choices: enable, disable more...
- broadcast_suppression - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. type: list choices: dhcp-up, dhcp-down, dhcp-starvation, dhcp-ucast, arp-known, arp-unknown, arp-reply, arp-poison, arp-proxy, netbios-ns, netbios-ds, ipv6, all-other-mc, all-other-bc more...
- bss_color_partial - Enable/disable 802.11ax partial BSS color . type: str choices: enable, disable more...
- bstm_disassociation_imminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached . type: str choices: enable, disable more...
- bstm_load_balancing_disassoc_timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30). type: int more...
- bstm_rssi_disassoc_timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000). type: int more...
- captive_portal_ac_name - Local-bridging captive portal ac-name. type: str more...
- captive_portal_auth_timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec). type: int more...
- captive_portal_macauth_radius_secret - Secret key to access the macauth RADIUS server. type: str more...
- captive_portal_macauth_radius_server - Captive portal external RADIUS server domain name or IP address. type: str more...
- captive_portal_radius_secret - Secret key to access the RADIUS server. type: str more...
- captive_portal_radius_server - Captive portal RADIUS server domain name or IP address. type: str more...
- captive_portal_session_timeout_interval - Session timeout interval (0 - 864000 sec). type: int more...
- dhcp_address_enforcement - Enable/disable DHCP address enforcement . type: str choices: enable, disable more...
- dhcp_lease_time - DHCP lease time in seconds for NAT IP address. type: int more...
- dhcp_option43_insertion - Enable/disable insertion of DHCP option 43 . type: str choices: enable, disable more...
- dhcp_option82_circuit_id_insertion - Enable/disable DHCP option 82 circuit-id insert . type: str choices: style-1, style-2, style-3, disable more...
- dhcp_option82_insertion - Enable/disable DHCP option 82 insert . type: str choices: enable, disable more...
- dhcp_option82_remote_id_insertion - Enable/disable DHCP option 82 remote-id insert . type: str choices: style-1, disable more...
- dynamic_vlan - Enable/disable dynamic VLAN assignment. type: str choices: enable, disable more...
- eap_reauth - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str choices: enable, disable more...
- eap_reauth_intv - EAP re-authentication interval (1800 - 864000 sec). type: int more...
- eapol_key_retries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . type: str choices: disable, enable more...
- encrypt - Encryption protocol to use (only available when security is set to a WPA type). type: str choices: TKIP, AES, TKIP-AES more...
- external_fast_roaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . type: str choices: enable, disable more...
- external_logout - URL of external authentication logout server. type: str more...
- external_web - URL of external authentication web server. type: str more...
- external_web_format - URL query parameter detection . type: str choices: auto-detect, no-query-string, partial-query-string more...
- fast_bss_transition - Enable/disable 802.11r Fast BSS Transition (FT) . type: str choices: disable, enable more...
- fast_roaming - Enable/disable fast-roaming, or pre-authentication, where supported by clients . type: str choices: enable, disable more...
- ft_mobility_domain - Mobility domain identifier in FT (1 - 65535). type: int more...
- ft_over_ds - Enable/disable FT over the Distribution System (DS). type: str choices: disable, enable more...
- ft_r0_key_lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int more...
- gas_comeback_delay - GAS comeback delay (0 or 100 - 10000 milliseconds). type: int more...
- gas_fragmentation_limit - GAS fragmentation limit (512 - 4096). type: int more...
- gtk_rekey - Enable/disable GTK rekey for WPA security. type: str choices: enable, disable more...
- gtk_rekey_intv - GTK rekey interval (1800 - 864000 sec). type: int more...
- high_efficiency - Enable/disable 802.11ax high efficiency . type: str choices: enable, disable more...
- hotspot20_profile - Hotspot 2.0 profile name. Source wireless-controller.hotspot20.hs-profile.name. type: str more...
- igmp_snooping - Enable/disable IGMP snooping. type: str choices: enable, disable more...
- intra_vap_privacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . type: str choices: enable, disable more...
- ip - IP address and subnet mask for the local standalone NAT subnet. type: str more...
- ips_sensor - IPS sensor name. Source ips.sensor.name. type: str more...
- ipv6_rules - Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. type: list choices: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad more...
- key - WEP Key. type: str more...
- keyindex - WEP key index (1 - 4). type: int more...
- l3_roaming - Enable/disable layer 3 roaming . type: str choices: enable, disable more...
- l3_roaming_mode - Select the way that layer 3 roaming traffic is passed . type: str choices: direct, indirect more...
- ldpc - VAP low-density parity-check (LDPC) coding configuration. type: str choices: disable, rx, tx, rxtx more...
- local_authentication - Enable/disable AP local authentication. type: str choices: enable, disable more...
- local_bridging - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . type: str choices: enable, disable more...
- local_lan - Allow/deny traffic destined for a Class A, B, or C private IP address . type: str choices: allow, deny more...
- local_standalone - Enable/disable AP local standalone . type: str choices: enable, disable more...
- local_standalone_dns - Enable/disable AP local standalone DNS. type: str choices: enable, disable more...
- local_standalone_dns_ip - IPv4 addresses for the local standalone DNS. type: list
- local_standalone_nat - Enable/disable AP local standalone NAT mode. type: str choices: enable, disable more...
- mac_auth_bypass - Enable/disable MAC authentication bypass. type: str choices: enable, disable more...
- mac_called_station_delimiter - MAC called station delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- mac_calling_station_delimiter - MAC calling station delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- mac_case - MAC case . type: str choices: uppercase, lowercase more...
- mac_filter - Enable/disable MAC filtering to block wireless clients by mac address. type: str choices: enable, disable more...
- mac_filter_list - Create a list of MAC addresses for MAC address filtering. type: list more...
- id - ID. type: int more...
- mac - MAC address. type: str more...
- mac_filter_policy - Deny or allow the client with this MAC address. type: str choices: allow, deny more...
- mac_filter_policy_other - Allow or block clients with MAC addresses that are not in the filter list. type: str choices: allow, deny more...
- mac_password_delimiter - MAC authentication password delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- mac_username_delimiter - MAC authentication username delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- max_clients - Maximum number of clients that can connect simultaneously to the VAP . type: int more...
- max_clients_ap - Maximum number of clients that can connect simultaneously to the VAP per AP radio . type: int more...
- mbo - Enable/disable Multiband Operation . type: str choices: disable, enable more...
- mbo_cell_data_conn_pref - MBO cell data connection preference (0, 1, or 255). type: str choices: excluded, prefer-not, prefer-use more...
- me_disable_thresh - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
- mesh_backhaul - Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. type: str choices: enable, disable more...
- mpsk - Enable/disable multiple PSK authentication. type: str choices: enable, disable more...
- mpsk_concurrent_clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535). type: int more...
- mpsk_key - List of multiple PSK entries. type: list more...
- comment - Comment. type: str more...
- concurrent_clients - Number of clients that can connect using this pre-shared key. type: str more...
- key_name - Pre-shared key name. type: str more...
- mpsk_schedules - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. type: list more...
- name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str more...
- passphrase - WPA Pre-shared key. type: str more...
- mpsk_profile - MPSK profile name. Source wireless-controller.mpsk-profile.name. type: str more...
- mu_mimo - Enable/disable Multi-user MIMO . type: str choices: enable, disable more...
- multicast_enhance - Enable/disable converting multicast to unicast to improve performance . type: str choices: enable, disable more...
- multicast_rate - Multicast rate (0, 6000, 12000, or 24000 kbps). type: str choices: 0, 6000, 12000, 24000 more...
- nac - Enable/disable network access control. type: str choices: enable, disable more...
- nac_profile - NAC profile name. Source wireless-controller.nac-profile.name. type: str more...
- name - Virtual AP name. type: str required: true more...
- neighbor_report_dual_band - Enable/disable dual-band neighbor report . type: str choices: disable, enable more...
- okc - Enable/disable Opportunistic Key Caching (OKC) . type: str choices: disable, enable more...
- osen - Enable/disable OSEN as part of key management . type: str choices: enable, disable more...
- owe_groups - OWE-Groups. type: list choices: 19, 20, 21 more...
- owe_transition - Enable/disable OWE transition mode support. type: str choices: disable, enable more...
- owe_transition_ssid - OWE transition mode peer SSID. type: str more...
- passphrase - WPA pre-shared key (PSK) to be used to authenticate WiFi users. type: str more...
- pmf - Protected Management Frames (PMF) support . type: str choices: disable, enable, optional more...
- pmf_assoc_comeback_timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int more...
- pmf_sa_query_retry_timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int more...
- port_macauth - Enable/disable LAN port MAC authentication . type: str choices: disable, radius, address-group more...
- port_macauth_reauth_timeout - LAN port MAC authentication re-authentication timeout value . type: int more...
- port_macauth_timeout - LAN port MAC authentication idle timeout value . type: int more...
- portal_message_override_group - Replacement message group for this VAP (only available when security is set to a captive portal type). Source system.replacemsg-group .name. type: str more...
- portal_message_overrides - Individual message overrides. type: dict more...
- auth_disclaimer_page - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str more...
- auth_login_failed_page - Override auth-login-failed-page message with message from portal-message-overrides group. type: str more...
- auth_login_page - Override auth-login-page message with message from portal-message-overrides group. type: str more...
- auth_reject_page - Override auth-reject-page message with message from portal-message-overrides group. type: str more...
- portal_type - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. type: str choices: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth more...
- primary_wag_profile - Primary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str more...
- probe_resp_suppression - Enable/disable probe response suppression (to ignore weak signals) . type: str choices: enable, disable more...
- probe_resp_threshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). type: str more...
- ptk_rekey - Enable/disable PTK rekey for WPA-Enterprise security. type: str choices: enable, disable more...
- ptk_rekey_intv - PTK rekey interval (1800 - 864000 sec). type: int more...
- qos_profile - Quality of service profile name. Source wireless-controller.qos-profile.name. type: str more...
- quarantine - Enable/disable station quarantine . type: str choices: enable, disable more...
- radio_2g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20). type: str more...
- radio_5g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20). type: str more...
- radio_sensitivity - Enable/disable software radio sensitivity (to ignore weak signals) . type: str choices: enable, disable more...
- radius_mac_auth - Enable/disable RADIUS-based MAC authentication of clients . type: str choices: enable, disable more...
- radius_mac_auth_server - RADIUS-based MAC authentication server. Source user.radius.name. type: str more...
- radius_mac_auth_usergroups - Selective user groups that are permitted for RADIUS mac authentication. type: list more...
- name - User group name. type: str more...
- radius_mac_mpsk_auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication . type: str choices: enable, disable more...
- radius_mac_mpsk_timeout - RADIUS MAC MPSK cache timeout interval (0 or 300 - 864000). type: int more...
- radius_server - RADIUS server to be used to authenticate WiFi users. Source user.radius.name. type: str more...
- rates_11a - Allowed data rates for 802.11a. type: list choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic more...
- rates_11ac_mcs_map - Comma separated list of max supported VHT MCS for spatial streams 1 through 8. type: str more...
- rates_11ac_ss12 - Allowed data rates for 802.11ac with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2 more...
- rates_11ac_ss34 - Allowed data rates for 802.11ac with 3 or 4 spatial streams. type: list choices: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4 more...
- rates_11ax_mcs_map - Comma separated list of max supported HE MCS for spatial streams 1 through 8. type: str more...
- rates_11ax_ss12 - Allowed data rates for 802.11ax with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2 more...
- rates_11ax_ss34 - Allowed data rates for 802.11ax with 3 or 4 spatial streams. type: list choices: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4 more...
- rates_11bg - Allowed data rates for 802.11b/g. type: list choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic more...
- rates_11n_ss12 - Allowed data rates for 802.11n with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2 more...
- rates_11n_ss34 - Allowed data rates for 802.11n with 3 or 4 spatial streams. type: list choices: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4 more...
- sae_groups - SAE-Groups. type: list choices: 19, 20, 21, 1, 2, 5, 14, 15, 16, 17, 18, 27, 28, 29, 30, 31 more...
- sae_h2e_only - Use hash-to-element-only mechanism for PWE derivation . type: str choices: enable, disable more...
- sae_password - WPA3 SAE password to be used to authenticate WiFi users. type: str more...
- sae_pk - Enable/disable WPA3 SAE-PK . type: str choices: enable, disable more...
- sae_private_key - Private key used for WPA3 SAE-PK authentication. type: str more...
- scan_botnet_connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: disable, monitor, block more...
- schedule - Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space. type: list more...
- name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str more...
- secondary_wag_profile - Secondary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str more...
- security - Security mode for the wireless interface . type: str choices: open, captive-portal, wep64, wep128, wpa-personal, wpa-personal+captive-portal, wpa-enterprise, wpa-only-personal, wpa-only-personal+captive-portal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-personal+captive-portal, wpa2-only-enterprise, wpa3-enterprise, wpa3-only-enterprise, wpa3-enterprise-transition, wpa3-sae, wpa3-sae-transition, owe, osen more...
- security_exempt_list - Optional security exempt list for captive portal authentication. Source user.security-exempt-list.name. type: str more...
- security_obsolete_option - Enable/disable obsolete security options. type: str choices: enable, disable more...
- security_redirect_url - Optional URL for redirecting users after they pass captive portal authentication. type: str more...
- selected_usergroups - Selective user groups that are permitted to authenticate. type: list more...
- name - User group name. Source user.group.name. type: str more...
- split_tunneling - Enable/disable split tunneling . type: str choices: enable, disable more...
- ssid - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. type: str more...
- sticky_client_remove - Enable/disable sticky client remove to maintain good signal level clients in SSID . type: str choices: enable, disable more...
- sticky_client_threshold_2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20). type: str more...
- sticky_client_threshold_5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20). type: str more...
- sticky_client_threshold_6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20). type: str more...
- target_wake_time - Enable/disable 802.11ax target wake time . type: str choices: enable, disable more...
- tkip_counter_measure - Enable/disable TKIP counter measure. type: str choices: enable, disable more...
- tunnel_echo_interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec). type: int more...
- tunnel_fallback_interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec). type: int more...
- usergroup - Firewall user group to be used to authenticate WiFi users. type: list more...
- name - User group name. Source user.group.name. type: str more...
- utm_log - Enable/disable UTM logging. type: str choices: enable, disable more...
- utm_profile - UTM profile name. Source wireless-controller.utm-profile.name. type: str more...
- utm_status - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. type: str choices: enable, disable more...
- vdom - Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. type: str more...
- vlan_auto - Enable/disable automatic management of SSID VLAN interface. type: str choices: enable, disable more...
- vlan_name - Table for mapping VLAN name to VLAN ID. type: list more...
- vlan_pool - VLAN pool. type: list more...
- id - ID. type: int more...
- wtp_group - WTP group name. Source wireless-controller.wtp-group.name. type: str more...
- vlan_pooling - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. type: str choices: wtp-group, round-robin, hash, disable more...
- vlanid - Optional VLAN ID. type: int more...
- voice_enterprise - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . type: str choices: disable, enable more...
- webfilter_profile - WebFilter profile name. Source webfilter.profile.name. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points (VAPs).
fortios_wireless_controller_vap:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
wireless_controller_vap:
access_control_list: "<your_own_value> (source wireless-controller.access-control-list.name)"
acct_interim_interval: "43200"
additional_akms: "akm6"
address_group: "<your_own_value> (source firewall.addrgrp.name)"
address_group_policy: "disable"
alias: "<your_own_value>"
antivirus_profile: "<your_own_value> (source antivirus.profile.name)"
application_detection_engine: "enable"
application_dscp_marking: "enable"
application_list: "<your_own_value> (source application.list.name)"
application_report_intv: "120"
atf_weight: "20"
auth: "psk"
auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_portal_addr: "<your_own_value>"
beacon_advertising: "name"
broadcast_ssid: "enable"
broadcast_suppression: "dhcp-up"
bss_color_partial: "enable"
bstm_disassociation_imminent: "enable"
bstm_load_balancing_disassoc_timer: "10"
bstm_rssi_disassoc_timer: "200"
captive_portal_ac_name: "<your_own_value>"
captive_portal_auth_timeout: "0"
captive_portal_macauth_radius_secret: "<your_own_value>"
captive_portal_macauth_radius_server: "<your_own_value>"
captive_portal_radius_secret: "<your_own_value>"
captive_portal_radius_server: "<your_own_value>"
captive_portal_session_timeout_interval: "432000"
dhcp_address_enforcement: "enable"
dhcp_lease_time: "2400"
dhcp_option43_insertion: "enable"
dhcp_option82_circuit_id_insertion: "style-1"
dhcp_option82_insertion: "enable"
dhcp_option82_remote_id_insertion: "style-1"
dynamic_vlan: "enable"
eap_reauth: "enable"
eap_reauth_intv: "86400"
eapol_key_retries: "disable"
encrypt: "TKIP"
external_fast_roaming: "enable"
external_logout: "<your_own_value>"
external_web: "<your_own_value>"
external_web_format: "auto-detect"
fast_bss_transition: "disable"
fast_roaming: "enable"
ft_mobility_domain: "1000"
ft_over_ds: "disable"
ft_r0_key_lifetime: "480"
gas_comeback_delay: "500"
gas_fragmentation_limit: "1024"
gtk_rekey: "enable"
gtk_rekey_intv: "86400"
high_efficiency: "enable"
hotspot20_profile: "<your_own_value> (source wireless-controller.hotspot20.hs-profile.name)"
igmp_snooping: "enable"
intra_vap_privacy: "enable"
ip: "<your_own_value>"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
ipv6_rules: "drop-icmp6ra"
key: "<your_own_value>"
keyindex: "1"
l3_roaming: "enable"
l3_roaming_mode: "direct"
ldpc: "disable"
local_authentication: "enable"
local_bridging: "enable"
local_lan: "allow"
local_standalone: "enable"
local_standalone_dns: "enable"
local_standalone_dns_ip: "<your_own_value>"
local_standalone_nat: "enable"
mac_auth_bypass: "enable"
mac_called_station_delimiter: "hyphen"
mac_calling_station_delimiter: "hyphen"
mac_case: "uppercase"
mac_filter: "enable"
mac_filter_list:
-
id: "81"
mac: "<your_own_value>"
mac_filter_policy: "allow"
mac_filter_policy_other: "allow"
mac_password_delimiter: "hyphen"
mac_username_delimiter: "hyphen"
max_clients: "0"
max_clients_ap: "0"
mbo: "disable"
mbo_cell_data_conn_pref: "excluded"
me_disable_thresh: "32"
mesh_backhaul: "enable"
mpsk: "enable"
mpsk_concurrent_clients: "32767"
mpsk_key:
-
comment: "Comment."
concurrent_clients: "<your_own_value>"
key_name: "<your_own_value>"
mpsk_schedules:
-
name: "default_name_100 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
passphrase: "<your_own_value>"
mpsk_profile: "<your_own_value> (source wireless-controller.mpsk-profile.name)"
mu_mimo: "enable"
multicast_enhance: "enable"
multicast_rate: "0"
nac: "enable"
nac_profile: "<your_own_value> (source wireless-controller.nac-profile.name)"
name: "default_name_108"
neighbor_report_dual_band: "disable"
okc: "disable"
osen: "enable"
owe_groups: "19"
owe_transition: "disable"
owe_transition_ssid: "<your_own_value>"
passphrase: "<your_own_value>"
pmf: "disable"
pmf_assoc_comeback_timeout: "1"
pmf_sa_query_retry_timeout: "2"
port_macauth: "disable"
port_macauth_reauth_timeout: "7200"
port_macauth_timeout: "600"
portal_message_override_group: "<your_own_value> (source system.replacemsg-group.name)"
portal_message_overrides:
auth_disclaimer_page: "<your_own_value>"
auth_login_failed_page: "<your_own_value>"
auth_login_page: "<your_own_value>"
auth_reject_page: "<your_own_value>"
portal_type: "auth"
primary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
probe_resp_suppression: "enable"
probe_resp_threshold: "<your_own_value>"
ptk_rekey: "enable"
ptk_rekey_intv: "86400"
qos_profile: "<your_own_value> (source wireless-controller.qos-profile.name)"
quarantine: "enable"
radio_2g_threshold: "<your_own_value>"
radio_5g_threshold: "<your_own_value>"
radio_sensitivity: "enable"
radius_mac_auth: "enable"
radius_mac_auth_server: "<your_own_value> (source user.radius.name)"
radius_mac_auth_usergroups:
-
name: "default_name_142"
radius_mac_mpsk_auth: "enable"
radius_mac_mpsk_timeout: "86400"
radius_server: "<your_own_value> (source user.radius.name)"
rates_11a: "1"
rates_11ac_mcs_map: "<your_own_value>"
rates_11ac_ss12: "mcs0/1"
rates_11ac_ss34: "mcs0/3"
rates_11ax_mcs_map: "<your_own_value>"
rates_11ax_ss12: "mcs0/1"
rates_11ax_ss34: "mcs0/3"
rates_11bg: "1"
rates_11n_ss12: "mcs0/1"
rates_11n_ss34: "mcs16/3"
sae_groups: "19"
sae_h2e_only: "enable"
sae_password: "<your_own_value>"
sae_pk: "enable"
sae_private_key: "<your_own_value>"
scan_botnet_connections: "disable"
schedule:
-
name: "default_name_163 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
secondary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
security: "open"
security_exempt_list: "<your_own_value> (source user.security-exempt-list.name)"
security_obsolete_option: "enable"
security_redirect_url: "<your_own_value>"
selected_usergroups:
-
name: "default_name_170 (source user.group.name)"
split_tunneling: "enable"
ssid: "<your_own_value>"
sticky_client_remove: "enable"
sticky_client_threshold_2g: "<your_own_value>"
sticky_client_threshold_5g: "<your_own_value>"
sticky_client_threshold_6g: "<your_own_value>"
target_wake_time: "enable"
tkip_counter_measure: "enable"
tunnel_echo_interval: "300"
tunnel_fallback_interval: "7200"
usergroup:
-
name: "default_name_182 (source user.group.name)"
utm_log: "enable"
utm_profile: "<your_own_value> (source wireless-controller.utm-profile.name)"
utm_status: "enable"
vdom: "<your_own_value> (source system.vdom.name)"
vlan_auto: "enable"
vlan_name:
-
name: "default_name_189"
vlan_id: "0"
vlan_pool:
-
id: "192"
wtp_group: "<your_own_value> (source wireless-controller.wtp-group.name)"
vlan_pooling: "wtp-group"
vlanid: "0"
voice_enterprise: "disable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3