fortios_system_interface – Configure interfaces in Fortinet’s FortiOS and FortiGate.

New in version 2.0.0.

Synopsis 

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements 

The below requirements are needed on the host that executes this module.

ansible>=2.15

Tips 

Using member operation to add an element to an existing object.

FortiOS Version Compatibility 

Supported Version Ranges: v6.0.0 -> 7.4.3

Parameters 

access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
enable_log - Enable/Disable logging for task. type: bool required: false default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
system_interface - Configure interfaces. type: dict more...

Supported Version Ranges

system_interface v6.0.0 -> 7.4.3

ac_name - PPPoE server name. type: str more...

Supported Version Ranges

ac_name v6.0.0 -> 7.4.3
aggregate - Aggregate interface. type: str more...

Supported Version Ranges

aggregate v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
aggregate_type - Type of aggregation. type: str choices: physical, vxlan more...

Supported Version Ranges

aggregate_type v7.2.1 -> 7.4.3

[physical] v7.2.1 -> 7.4.3
[vxlan] v7.2.1 -> 7.4.3
algorithm - Frame distribution algorithm. type: str choices: L2, L3, L4, Source-MAC more...

Supported Version Ranges

algorithm v6.0.0 -> 7.4.3

[L2] v6.0.0 -> 7.4.3
[L3] v6.0.0 -> 7.4.3
[L4] v6.0.0 -> 7.4.3
[Source-MAC] v7.2.1 -> 7.4.3
alias - Alias will be displayed with the interface name to make it easier to distinguish. type: str more...

Supported Version Ranges

alias v6.0.0 -> 7.4.3

allowaccess - Permitted types of management access to this interface. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, fabric, ftm, speed-test, capwap more...

ap_discover - Enable/disable automatic registration of unknown FortiAP devices. type: str choices: enable, disable more...

Supported Version Ranges

ap_discover v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
arpforward - Enable/disable ARP forwarding. type: str choices: enable, disable more...

Supported Version Ranges

arpforward v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
auth_cert - HTTPS server certificate. Source vpn.certificate.local.name. type: str more...

Supported Version Ranges

auth_cert v7.0.4 -> 7.4.3
auth_portal_addr - Address of captive portal. type: str more...

Supported Version Ranges

auth_portal_addr v7.0.4 -> 7.4.3
auth_type - PPP authentication type to use. type: str choices: auto, pap, chap, mschapv1, mschapv2 more...

Supported Version Ranges

auth_type v6.0.0 -> 7.4.3

[auto] v6.0.0 -> 7.4.3
[pap] v6.0.0 -> 7.4.3
[chap] v6.0.0 -> 7.4.3
[mschapv1] v6.0.0 -> 7.4.3
[mschapv2] v6.0.0 -> 7.4.3
auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. type: str choices: enable, disable more...

Supported Version Ranges

auto_auth_extension_device v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
bandwidth_measure_time - Bandwidth measure time. type: int more...

Supported Version Ranges

bandwidth_measure_time v6.4.0 -> 7.4.3
bfd - Bidirectional Forwarding Detection (BFD) settings. type: str choices: global, enable, disable more...

Supported Version Ranges

bfd v6.0.0 -> 7.4.3

[global] v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
bfd_desired_min_tx - BFD desired minimal transmit interval. type: int more...

Supported Version Ranges

bfd_desired_min_tx v6.0.0 -> 7.4.3
bfd_detect_mult - BFD detection multiplier. type: int more...

Supported Version Ranges

bfd_detect_mult v6.0.0 -> 7.4.3
bfd_required_min_rx - BFD required minimal receive interval. type: int more...

Supported Version Ranges

bfd_required_min_rx v6.0.0 -> 7.4.3
broadcast_forticlient_discovery - Enable/disable broadcasting FortiClient discovery messages. type: str choices: enable, disable more...

Supported Version Ranges

broadcast_forticlient_discovery v6.0.0 -> v6.2.7

[enable] v6.0.0 -> v6.2.7
[disable] v6.0.0 -> v6.2.7
broadcast_forward - Enable/disable broadcast forwarding. type: str choices: enable, disable more...

Supported Version Ranges

broadcast_forward v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
captive_portal - Enable/disable captive portal. type: int more...

Supported Version Ranges

captive_portal v6.0.0 -> v6.0.11 v6.2.3 -> v6.2.3
cli_conn_status - CLI connection status. type: int more...

Supported Version Ranges

cli_conn_status v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
client_options - DHCP client options. type: list member_path: client_options:id more...

Supported Version Ranges

client_options v6.4.0 -> 7.4.3

code - DHCP client option code. type: int more...

Supported Version Ranges

code v6.4.0 -> 7.4.3
id - ID. see Notes. type: int required: true more...

Supported Version Ranges

id v6.4.0 -> 7.4.3
ip - DHCP option IPs. type: list
type - DHCP client option type. type: str choices: hex, string, ip, fqdn more...

Supported Version Ranges

type v6.4.0 -> 7.4.3

[hex] v6.4.0 -> 7.4.3
[string] v6.4.0 -> 7.4.3
[ip] v6.4.0 -> 7.4.3
[fqdn] v6.4.0 -> 7.4.3
value - DHCP client option value. type: str more...

Supported Version Ranges

value v6.4.0 -> 7.4.3

color - Color of icon on the GUI. type: int more...

Supported Version Ranges

color v6.0.0 -> 7.4.3
dedicated_to - Configure interface for single purpose. type: str choices: none, management more...

Supported Version Ranges

dedicated_to v6.0.0 -> 7.4.3

[none] v6.0.0 -> 7.4.3
[management] v6.0.0 -> 7.4.3

default_purdue_level - default purdue level of device detected on this interface. type: str choices: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5 more...

defaultgw - Enable to get the gateway IP from the DHCP or PPPoE server. type: str choices: enable, disable more...

Supported Version Ranges

defaultgw v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
description - Description. type: str more...

Supported Version Ranges

description v6.0.0 -> 7.4.3
detected_peer_mtu - MTU of detected peer (0 - 4294967295). type: int more...

Supported Version Ranges

detected_peer_mtu v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
detectprotocol - Protocols used to detect the server. type: list choices: ping, tcp-echo, udp-echo more...

Supported Version Ranges

detectprotocol v6.0.0 -> 7.4.3

[ping] v6.0.0 -> 7.4.3
[tcp-echo] v6.0.0 -> 7.4.3
[udp-echo] v6.0.0 -> 7.4.3
detectserver - Gateway"s ping server for this IP. type: str more...

Supported Version Ranges

detectserver v6.0.0 -> 7.4.3
device_access_list - Device access list. type: str more...

Supported Version Ranges

device_access_list v6.0.0 -> v6.0.11 v6.2.3 -> v6.2.3
device_identification - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. type: str choices: enable, disable more...

Supported Version Ranges

device_identification v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
device_identification_active_scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. type: str choices: enable, disable more...

Supported Version Ranges

device_identification_active_scan v6.0.0 -> v6.0.11 v6.2.3 -> v6.2.3

[enable] v6.0.0 -> v6.0.11
[disable] v6.0.0 -> v6.0.11
device_netscan - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. type: str choices: disable, enable more...

Supported Version Ranges

device_netscan v6.0.0 -> v6.0.11

[disable] v6.0.0 -> v6.0.11
[enable] v6.0.0 -> v6.0.11
device_user_identification - Enable/disable passive gathering of user identity information about users on this interface. type: str choices: enable, disable more...

Supported Version Ranges

device_user_identification v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
devindex - Device Index. type: int more...

Supported Version Ranges

devindex v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
dhcp_broadcast_flag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client . type: str choices: disable, enable more...

Supported Version Ranges

dhcp_broadcast_flag v7.4.0 -> 7.4.3

[disable] v7.4.0 -> 7.4.3
[enable] v7.4.0 -> 7.4.3
dhcp_classless_route_addition - Enable/disable addition of classless static routes retrieved from DHCP server. type: str choices: enable, disable more...

Supported Version Ranges

dhcp_classless_route_addition v7.0.1 -> 7.4.3

[enable] v7.0.1 -> 7.4.3
[disable] v7.0.1 -> 7.4.3
dhcp_client_identifier - DHCP client identifier. type: str more...

Supported Version Ranges

dhcp_client_identifier v6.0.0 -> 7.4.3
dhcp_relay_agent_option - Enable/disable DHCP relay agent option. type: str choices: enable, disable more...

Supported Version Ranges

dhcp_relay_agent_option v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
dhcp_relay_circuit_id - DHCP relay circuit ID. type: str more...

Supported Version Ranges

dhcp_relay_circuit_id v7.4.1 -> 7.4.3
dhcp_relay_interface - Specify outgoing interface to reach server. Source system.interface.name. type: str more...

Supported Version Ranges

dhcp_relay_interface v6.2.0 -> v6.2.0 v6.2.5 -> v6.4.0 v6.4.4 -> 7.4.3
dhcp_relay_interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify more...

Supported Version Ranges

dhcp_relay_interface_select_method v6.2.0 -> v6.2.0 v6.2.5 -> v6.4.0 v6.4.4 -> 7.4.3

[auto] v6.2.0 -> v6.2.0
[sdwan] v6.2.0 -> v6.2.0
[specify] v6.2.0 -> v6.2.0
dhcp_relay_ip - DHCP relay IP address. type: list
dhcp_relay_link_selection - DHCP relay link selection. type: str more...

Supported Version Ranges

dhcp_relay_link_selection v7.0.4 -> 7.4.3
dhcp_relay_request_all_server - Enable/disable sending of DHCP requests to all servers. type: str choices: disable, enable more...

Supported Version Ranges

dhcp_relay_request_all_server v7.0.0 -> 7.4.3

[disable] v7.0.0 -> 7.4.3
[enable] v7.0.0 -> 7.4.3
dhcp_relay_service - Enable/disable allowing this interface to act as a DHCP relay. type: str choices: disable, enable more...

Supported Version Ranges

dhcp_relay_service v6.0.0 -> 7.4.3

[disable] v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
dhcp_relay_source_ip - IP address used by the DHCP relay as its source IP. type: str more...

Supported Version Ranges

dhcp_relay_source_ip v7.4.1 -> 7.4.3
dhcp_relay_type - DHCP relay type (regular or IPsec). type: str choices: regular, ipsec more...

Supported Version Ranges

dhcp_relay_type v6.0.0 -> 7.4.3

[regular] v6.0.0 -> 7.4.3
[ipsec] v6.0.0 -> 7.4.3
dhcp_renew_time - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. type: int more...

Supported Version Ranges

dhcp_renew_time v6.0.0 -> 7.4.3
dhcp_smart_relay - Enable/disable DHCP smart relay. type: str choices: disable, enable more...

Supported Version Ranges

dhcp_smart_relay v7.4.0 -> 7.4.3

[disable] v7.4.0 -> 7.4.3
[enable] v7.4.0 -> 7.4.3
dhcp_snooping_server_list - Configure DHCP server access list. type: list member_path: dhcp_snooping_server_list:name more...

Supported Version Ranges

dhcp_snooping_server_list v7.0.1 -> 7.4.3

name - DHCP server name. type: str required: true more...

Supported Version Ranges

name v7.0.1 -> 7.4.3
server_ip - IP address for DHCP server. type: str more...

Supported Version Ranges

server_ip v7.0.1 -> 7.4.3

disc_retry_timeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. type: int more...

Supported Version Ranges

disc_retry_timeout v6.0.0 -> 7.4.3
disconnect_threshold - Time in milliseconds to wait before sending a notification that this interface is down or disconnected. type: int more...

Supported Version Ranges

disconnect_threshold v6.0.0 -> v7.4.0
distance - Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. type: int more...

Supported Version Ranges

distance v6.0.0 -> 7.4.3
dns_server_override - Enable/disable use DNS acquired by DHCP or PPPoE. type: str choices: enable, disable more...

Supported Version Ranges

dns_server_override v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
dns_server_protocol - DNS transport protocols. type: list choices: cleartext, dot, doh more...

Supported Version Ranges

dns_server_protocol v7.0.4 -> 7.4.3

[cleartext] v7.0.4 -> 7.4.3
[dot] v7.0.4 -> 7.4.3
[doh] v7.0.4 -> 7.4.3
drop_fragment - Enable/disable drop fragment packets. type: str choices: enable, disable more...

Supported Version Ranges

drop_fragment v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
drop_overlapped_fragment - Enable/disable drop overlapped fragment packets. type: str choices: enable, disable more...

Supported Version Ranges

drop_overlapped_fragment v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
eap_ca_cert - EAP CA certificate name. Source certificate.ca.name. type: str more...

Supported Version Ranges

eap_ca_cert v7.2.0 -> 7.4.3
eap_identity - EAP identity. type: str more...

Supported Version Ranges

eap_identity v7.2.0 -> 7.4.3
eap_method - EAP method. type: str choices: tls, peap more...

Supported Version Ranges

eap_method v7.2.0 -> 7.4.3

[tls] v7.2.0 -> 7.4.3
[peap] v7.2.0 -> 7.4.3
eap_password - EAP password. type: str more...

Supported Version Ranges

eap_password v7.2.0 -> 7.4.3
eap_supplicant - Enable/disable EAP-Supplicant. type: str choices: enable, disable more...

Supported Version Ranges

eap_supplicant v7.2.0 -> 7.4.3

[enable] v7.2.0 -> 7.4.3
[disable] v7.2.0 -> 7.4.3
eap_user_cert - EAP user certificate name. Source certificate.local.name. type: str more...

Supported Version Ranges

eap_user_cert v7.2.0 -> 7.4.3

egress_cos - Override outgoing CoS in user VLAN tag. type: str choices: disable, cos0, cos1, cos2, cos3, cos4, cos5, cos6, cos7 more...

egress_queues - Configure queues of NP port on egress path. type: dict more...

Supported Version Ranges

egress_queues v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3

cos0 - CoS profile name for CoS 0. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos0 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3
cos1 - CoS profile name for CoS 1. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos1 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3
cos2 - CoS profile name for CoS 2. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos2 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3
cos3 - CoS profile name for CoS 3. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos3 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3
cos4 - CoS profile name for CoS 4. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos4 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3
cos5 - CoS profile name for CoS 5. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos5 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3
cos6 - CoS profile name for CoS 6. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos6 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3
cos7 - CoS profile name for CoS 7. Source system.isf-queue-profile.name. type: str more...

Supported Version Ranges

cos7 v6.4.0 -> v6.4.0 v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3

egress_shaping_profile - Outgoing traffic shaping profile. Source firewall.shaping-profile.profile-name. type: str more...

Supported Version Ranges

egress_shaping_profile v6.0.0 -> 7.4.3
endpoint_compliance - Enable/disable endpoint compliance enforcement. type: str choices: enable, disable more...

Supported Version Ranges

endpoint_compliance v6.0.0 -> v6.0.11

[enable] v6.0.0 -> v6.0.11
[disable] v6.0.0 -> v6.0.11
estimated_downstream_bandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. type: int more...

Supported Version Ranges

estimated_downstream_bandwidth v6.0.0 -> 7.4.3
estimated_upstream_bandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. type: int more...

Supported Version Ranges

estimated_upstream_bandwidth v6.0.0 -> 7.4.3
explicit_ftp_proxy - Enable/disable the explicit FTP proxy on this interface. type: str choices: enable, disable more...

Supported Version Ranges

explicit_ftp_proxy v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
explicit_web_proxy - Enable/disable the explicit web proxy on this interface. type: str choices: enable, disable more...

Supported Version Ranges

explicit_web_proxy v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
external - Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet). type: str choices: enable, disable more...

Supported Version Ranges

external v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
fail_action_on_extender - Action on FortiExtender when interface fail. type: str choices: soft-restart, hard-restart, reboot more...

Supported Version Ranges

fail_action_on_extender v6.0.0 -> 7.4.3

[soft-restart] v6.0.0 -> 7.4.3
[hard-restart] v6.0.0 -> 7.4.3
[reboot] v6.0.0 -> 7.4.3
fail_alert_interfaces - Names of the FortiGate interfaces to which the link failure alert is sent. type: list member_path: fail_alert_interfaces:name more...

Supported Version Ranges

fail_alert_interfaces v6.0.0 -> 7.4.3

name - Names of the non-virtual interface. Source system.interface.name. type: str required: true more...

Supported Version Ranges

name v6.0.0 -> 7.4.3

fail_alert_method - Select link-failed-signal or link-down method to alert about a failed link. type: str choices: link-failed-signal, link-down more...

Supported Version Ranges

fail_alert_method v6.0.0 -> 7.4.3

[link-failed-signal] v6.0.0 -> 7.4.3
[link-down] v6.0.0 -> 7.4.3
fail_detect - Enable/disable fail detection features for this interface. type: str choices: enable, disable more...

Supported Version Ranges

fail_detect v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
fail_detect_option - Options for detecting that this interface has failed. type: list choices: detectserver, link-down more...

Supported Version Ranges

fail_detect_option v6.0.0 -> 7.4.3

[detectserver] v6.0.0 -> 7.4.3
[link-down] v6.0.0 -> 7.4.3
fortiheartbeat - Enable/disable FortiHeartBeat (FortiTelemetry on GUI). type: str choices: enable, disable more...

Supported Version Ranges

fortiheartbeat v6.0.0 -> v6.0.11

[enable] v6.0.0 -> v6.0.11
[disable] v6.0.0 -> v6.0.11
fortilink - Enable FortiLink to dedicate this interface to manage other Fortinet devices. type: str choices: enable, disable more...

Supported Version Ranges

fortilink v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
fortilink_backup_link - FortiLink split interface backup link. type: int more...

Supported Version Ranges

fortilink_backup_link v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
fortilink_neighbor_detect - Protocol for FortiGate neighbor discovery. type: str choices: lldp, fortilink more...

Supported Version Ranges

fortilink_neighbor_detect v6.2.0 -> 7.4.3

[lldp] v6.2.0 -> 7.4.3
[fortilink] v6.2.0 -> 7.4.3
fortilink_split_interface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. type: str choices: enable, disable more...

Supported Version Ranges

fortilink_split_interface v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
fortilink_stacking - Enable/disable FortiLink switch-stacking on this interface. type: str choices: enable, disable more...

Supported Version Ranges

fortilink_stacking v6.0.0 -> v6.4.4

[enable] v6.0.0 -> v6.4.4
[disable] v6.0.0 -> v6.4.4
forward_domain - Transparent mode forward domain. type: int more...

Supported Version Ranges

forward_domain v6.0.0 -> 7.4.3

forward_error_correction - Configure forward error correction (FEC). type: str choices: none, disable, cl91-rs-fec, cl74-fc-fec, auto more...

gi_gk - Enable/disable Gi Gatekeeper. type: str choices: enable, disable more...

Supported Version Ranges

gi_gk v6.0.0 -> v7.0.8 v7.2.0 -> v7.2.4 v7.4.3 -> 7.4.3

[enable] v6.0.0 -> v7.0.8
[disable] v6.0.0 -> v7.0.8
gwdetect - Enable/disable detect gateway alive for first. type: str choices: enable, disable more...

Supported Version Ranges

gwdetect v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ha_priority - HA election priority for the PING server. type: int more...

Supported Version Ranges

ha_priority v6.0.0 -> 7.4.3
icmp_accept_redirect - Enable/disable ICMP accept redirect. type: str choices: enable, disable more...

Supported Version Ranges

icmp_accept_redirect v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
icmp_send_redirect - Enable/disable sending of ICMP redirects. type: str choices: enable, disable more...

Supported Version Ranges

icmp_send_redirect v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ident_accept - Enable/disable authentication for this interface. type: str choices: enable, disable more...

Supported Version Ranges

ident_accept v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
idle_timeout - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. type: int more...

Supported Version Ranges

idle_timeout v6.0.0 -> 7.4.3
ike_saml_server - Configure IKE authentication SAML server. Source user.saml.name. type: str more...

Supported Version Ranges

ike_saml_server v7.2.0 -> 7.4.3
inbandwidth - Bandwidth limit for incoming traffic (0 - 80000000 kbps), 0 means unlimited. type: int more...

Supported Version Ranges

inbandwidth v6.0.0 -> 7.4.3

ingress_cos - Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. type: str choices: disable, cos0, cos1, cos2, cos3, cos4, cos5, cos6, cos7 more...

ingress_shaping_profile - Incoming traffic shaping profile. Source firewall.shaping-profile.profile-name. type: str more...

Supported Version Ranges

ingress_shaping_profile v6.2.0 -> 7.4.3
ingress_spillover_threshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. type: int more...

Supported Version Ranges

ingress_spillover_threshold v6.0.0 -> 7.4.3
interconnect_profile - Set interconnect profile. type: str choices: default, profile1, profile2 more...

Supported Version Ranges

interconnect_profile v7.4.2 -> v7.4.2

[default] v7.4.2 -> v7.4.2
[profile1] v7.4.2 -> v7.4.2
[profile2] v7.4.2 -> v7.4.2
interface - Interface name. Source system.interface.name. type: str more...

Supported Version Ranges

interface v6.0.0 -> 7.4.3
internal - Implicitly created. type: int more...

Supported Version Ranges

internal v6.0.0 -> 7.4.3
ip - Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. type: str more...

Supported Version Ranges

ip v6.0.0 -> 7.4.3
ip_managed_by_fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM. type: str choices: inherit-global, enable, disable more...

Supported Version Ranges

ip_managed_by_fortiipam v6.4.0 -> 7.4.3

[inherit-global] v7.4.0 -> 7.4.3

[enable] v6.4.0 -> 7.4.3
[disable] v6.4.0 -> 7.4.3
ipmac - Enable/disable IP/MAC binding. type: str choices: enable, disable more...

Supported Version Ranges

ipmac v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ips_sniffer_mode - Enable/disable the use of this interface as a one-armed sniffer. type: str choices: enable, disable more...

Supported Version Ranges

ips_sniffer_mode v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ipunnumbered - Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. type: str more...

Supported Version Ranges

ipunnumbered v6.0.0 -> 7.4.3
ipv6 - IPv6 of interface. type: dict more...

Supported Version Ranges

ipv6 v6.0.0 -> 7.4.3

autoconf - Enable/disable address auto config. type: str choices: enable, disable more...

Supported Version Ranges

autoconf v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
cli_conn6_status - CLI IPv6 connection status. type: int more...

Supported Version Ranges

cli_conn6_status v7.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
dhcp6_client_options - DHCPv6 client options. type: list choices: rapid, iapd, iana more...

Supported Version Ranges

dhcp6_client_options v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0

[rapid] v6.0.0 -> v7.0.5
[iapd] v6.0.0 -> v7.0.5
[iana] v6.0.0 -> v7.0.5
dhcp6_iapd_list - DHCPv6 IA-PD list. type: list member_path: ipv6/dhcp6_iapd_list:iaid more...

Supported Version Ranges

dhcp6_iapd_list v7.0.2 -> 7.4.3

iaid - Identity association identifier. see Notes. type: int required: true more...

Supported Version Ranges

iaid v7.0.2 -> 7.4.3
prefix_hint - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. type: str more...

Supported Version Ranges

prefix_hint v7.0.2 -> 7.4.3
prefix_hint_plt - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. type: int more...

Supported Version Ranges

prefix_hint_plt v7.0.2 -> 7.4.3
prefix_hint_vlt - DHCPv6 prefix hint valid life time (sec). type: int more...

Supported Version Ranges

prefix_hint_vlt v7.0.2 -> 7.4.3

dhcp6_information_request - Enable/disable DHCPv6 information request. type: str choices: enable, disable more...

Supported Version Ranges

dhcp6_information_request v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
dhcp6_prefix_delegation - Enable/disable DHCPv6 prefix delegation. type: str choices: enable, disable more...

Supported Version Ranges

dhcp6_prefix_delegation v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
dhcp6_prefix_hint - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. type: str more...

Supported Version Ranges

dhcp6_prefix_hint v6.0.0 -> v7.0.1
dhcp6_prefix_hint_plt - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. type: int more...

Supported Version Ranges

dhcp6_prefix_hint_plt v6.0.0 -> v7.0.1
dhcp6_prefix_hint_vlt - DHCPv6 prefix hint valid life time (sec). type: int more...

Supported Version Ranges

dhcp6_prefix_hint_vlt v6.0.0 -> v7.0.1
dhcp6_relay_interface_id - DHCP6 relay interface ID. type: str more...

Supported Version Ranges

dhcp6_relay_interface_id v7.4.1 -> 7.4.3
dhcp6_relay_ip - DHCPv6 relay IP address. type: list
dhcp6_relay_service - Enable/disable DHCPv6 relay. type: str choices: disable, enable more...

Supported Version Ranges

dhcp6_relay_service v6.0.0 -> 7.4.3

[disable] v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
dhcp6_relay_source_interface - Enable/disable use of address on this interface as the source address of the relay message. type: str choices: disable, enable more...

Supported Version Ranges

dhcp6_relay_source_interface v7.2.4 -> 7.4.3

[disable] v7.2.4 -> 7.4.3
[enable] v7.2.4 -> 7.4.3
dhcp6_relay_source_ip - IPv6 address used by the DHCP6 relay as its source IP. type: str more...

Supported Version Ranges

dhcp6_relay_source_ip v7.4.1 -> 7.4.3
dhcp6_relay_type - DHCPv6 relay type. type: str choices: regular more...

Supported Version Ranges

dhcp6_relay_type v6.0.0 -> 7.4.3

[regular] v6.0.0 -> 7.4.3
icmp6_send_redirect - Enable/disable sending of ICMPv6 redirects. type: str choices: enable, disable more...

Supported Version Ranges

icmp6_send_redirect v6.4.4 -> 7.4.3

[enable] v6.4.4 -> 7.4.3
[disable] v6.4.4 -> 7.4.3
interface_identifier - IPv6 interface identifier. type: str more...

Supported Version Ranges

interface_identifier v6.4.0 -> 7.4.3
ip6_address - Primary IPv6 address prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx. type: str more...

Supported Version Ranges

ip6_address v6.0.0 -> 7.4.3

ip6_allowaccess - Allow management access to the interface. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, fabric, capwap more...

ip6_default_life - Default life (sec). type: int more...

Supported Version Ranges

ip6_default_life v6.0.0 -> 7.4.3
ip6_delegated_prefix_iaid - IAID of obtained delegated-prefix from the upstream interface. type: int more...

Supported Version Ranges

ip6_delegated_prefix_iaid v7.0.2 -> 7.4.3
ip6_delegated_prefix_list - Advertised IPv6 delegated prefix list. type: list member_path: ipv6/ip6_delegated_prefix_list:prefix_id more...

Supported Version Ranges

ip6_delegated_prefix_list v6.0.0 -> 7.4.3

autonomous_flag - Enable/disable the autonomous flag. type: str choices: enable, disable more...

Supported Version Ranges

autonomous_flag v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
delegated_prefix_iaid - IAID of obtained delegated-prefix from the upstream interface. type: int more...

Supported Version Ranges

delegated_prefix_iaid v7.0.2 -> 7.4.3
onlink_flag - Enable/disable the onlink flag. type: str choices: enable, disable more...

Supported Version Ranges

onlink_flag v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
prefix_id - Prefix ID. see Notes. type: int required: true more...

Supported Version Ranges

prefix_id v6.0.0 -> 7.4.3
rdnss - Recursive DNS server option. type: list
rdnss_service - Recursive DNS service option. type: str choices: delegated, default, specify more...

Supported Version Ranges

rdnss_service v6.0.0 -> 7.4.3

[delegated] v6.0.0 -> 7.4.3
[default] v6.0.0 -> 7.4.3
[specify] v6.0.0 -> 7.4.3
subnet - Add subnet ID to routing prefix. type: str more...

Supported Version Ranges

subnet v6.0.0 -> 7.4.3
upstream_interface - Name of the interface that provides delegated information. Source system.interface.name. type: str more...

Supported Version Ranges

upstream_interface v6.0.0 -> 7.4.3

ip6_dns_server_override - Enable/disable using the DNS server acquired by DHCP. type: str choices: enable, disable more...

Supported Version Ranges

ip6_dns_server_override v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ip6_extra_addr - Extra IPv6 address prefixes of interface. type: list member_path: ipv6/ip6_extra_addr:prefix more...

Supported Version Ranges

ip6_extra_addr v6.0.0 -> 7.4.3

prefix - IPv6 address prefix. type: str required: true more...

Supported Version Ranges

prefix v6.0.0 -> 7.4.3

ip6_hop_limit - Hop limit (0 means unspecified). type: int more...

Supported Version Ranges

ip6_hop_limit v6.0.0 -> 7.4.3
ip6_link_mtu - IPv6 link MTU. type: int more...

Supported Version Ranges

ip6_link_mtu v6.0.0 -> 7.4.3
ip6_manage_flag - Enable/disable the managed flag. type: str choices: enable, disable more...

Supported Version Ranges

ip6_manage_flag v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ip6_max_interval - IPv6 maximum interval (4 to 1800 sec). type: int more...

Supported Version Ranges

ip6_max_interval v6.0.0 -> 7.4.3
ip6_min_interval - IPv6 minimum interval (3 to 1350 sec). type: int more...

Supported Version Ranges

ip6_min_interval v6.0.0 -> 7.4.3
ip6_mode - Addressing mode (static, DHCP, delegated). type: str choices: static, dhcp, pppoe, delegated more...

Supported Version Ranges

ip6_mode v6.0.0 -> 7.4.3

[static] v6.0.0 -> 7.4.3
[dhcp] v6.0.0 -> 7.4.3
[pppoe] v6.0.0 -> 7.4.3
[delegated] v6.0.0 -> 7.4.3
ip6_other_flag - Enable/disable the other IPv6 flag. type: str choices: enable, disable more...

Supported Version Ranges

ip6_other_flag v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ip6_prefix_list - Advertised prefix list. type: list member_path: ipv6/ip6_prefix_list:prefix more...

Supported Version Ranges

ip6_prefix_list v6.0.0 -> 7.4.3

autonomous_flag - Enable/disable the autonomous flag. type: str choices: enable, disable more...

Supported Version Ranges

autonomous_flag v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
dnssl - DNS search list option. type: list member_path: ipv6/ip6_prefix_list:prefix/dnssl:domain more...

Supported Version Ranges

dnssl v6.0.0 -> 7.4.3

domain - Domain name. type: str required: true more...

Supported Version Ranges

domain v6.0.0 -> 7.4.3

onlink_flag - Enable/disable the onlink flag. type: str choices: enable, disable more...

Supported Version Ranges

onlink_flag v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
preferred_life_time - Preferred life time (sec). type: int more...

Supported Version Ranges

preferred_life_time v6.0.0 -> 7.4.3
prefix - IPv6 prefix. type: str required: true more...

Supported Version Ranges

prefix v6.0.0 -> 7.4.3
rdnss - Recursive DNS server option. type: list
valid_life_time - Valid life time (sec). type: int more...

Supported Version Ranges

valid_life_time v6.0.0 -> 7.4.3

ip6_prefix_mode - Assigning a prefix from DHCP or RA. type: str choices: dhcp6, ra more...

Supported Version Ranges

ip6_prefix_mode v7.0.0 -> 7.4.3

[dhcp6] v7.0.0 -> 7.4.3
[ra] v7.0.0 -> 7.4.3
ip6_reachable_time - IPv6 reachable time (milliseconds; 0 means unspecified). type: int more...

Supported Version Ranges

ip6_reachable_time v6.0.0 -> 7.4.3
ip6_retrans_time - IPv6 retransmit time (milliseconds; 0 means unspecified). type: int more...

Supported Version Ranges

ip6_retrans_time v6.0.0 -> 7.4.3
ip6_send_adv - Enable/disable sending advertisements about the interface. type: str choices: enable, disable more...

Supported Version Ranges

ip6_send_adv v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ip6_subnet - Subnet to routing prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx. type: str more...

Supported Version Ranges

ip6_subnet v6.0.0 -> 7.4.3
ip6_upstream_interface - Interface name providing delegated information. Source system.interface.name. type: str more...

Supported Version Ranges

ip6_upstream_interface v6.0.0 -> 7.4.3
nd_cert - Neighbor discovery certificate. Source certificate.local.name. type: str more...

Supported Version Ranges

nd_cert v6.0.0 -> 7.4.3
nd_cga_modifier - Neighbor discovery CGA modifier. type: str more...

Supported Version Ranges

nd_cga_modifier v6.0.0 -> 7.4.3
nd_mode - Neighbor discovery mode. type: str choices: basic, SEND-compatible more...

Supported Version Ranges

nd_mode v6.0.0 -> 7.4.3

[basic] v6.0.0 -> 7.4.3
[SEND-compatible] v6.0.0 -> 7.4.3
nd_security_level - Neighbor discovery security level (0 - 7; 0 = least secure). type: int more...

Supported Version Ranges

nd_security_level v6.0.0 -> 7.4.3
nd_timestamp_delta - Neighbor discovery timestamp delta value (1 - 3600 sec; ). type: int more...

Supported Version Ranges

nd_timestamp_delta v6.0.0 -> 7.4.3
nd_timestamp_fuzz - Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). type: int more...

Supported Version Ranges

nd_timestamp_fuzz v6.0.0 -> 7.4.3
ra_send_mtu - Enable/disable sending link MTU in RA packet. type: str choices: enable, disable more...

Supported Version Ranges

ra_send_mtu v7.0.0 -> 7.4.3

[enable] v7.0.0 -> 7.4.3
[disable] v7.0.0 -> 7.4.3
unique_autoconf_addr - Enable/disable unique auto config address. type: str choices: enable, disable more...

Supported Version Ranges

unique_autoconf_addr v6.4.0 -> 7.4.3

[enable] v6.4.0 -> 7.4.3
[disable] v6.4.0 -> 7.4.3
vrip6_link_local - Link-local IPv6 address of virtual router. type: str more...

Supported Version Ranges

vrip6_link_local v6.0.0 -> 7.4.3
vrrp_virtual_mac6 - Enable/disable virtual MAC for VRRP. type: str choices: enable, disable more...

Supported Version Ranges

vrrp_virtual_mac6 v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
vrrp6 - IPv6 VRRP configuration. type: list member_path: ipv6/vrrp6:vrid more...

Supported Version Ranges

vrrp6 v6.0.0 -> 7.4.3

accept_mode - Enable/disable accept mode. type: str choices: enable, disable more...

Supported Version Ranges

accept_mode v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
adv_interval - Advertisement interval (1 - 255 seconds). type: int more...

Supported Version Ranges

adv_interval v6.0.0 -> 7.4.3
ignore_default_route - Enable/disable ignoring of default route when checking destination. type: str choices: enable, disable more...

Supported Version Ranges

ignore_default_route v7.4.2 -> 7.4.3

[enable] v7.4.2 -> 7.4.3
[disable] v7.4.2 -> 7.4.3
preempt - Enable/disable preempt mode. type: str choices: enable, disable more...

Supported Version Ranges

preempt v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
priority - Priority of the virtual router (1 - 255). type: int more...

Supported Version Ranges

priority v6.0.0 -> 7.4.3
start_time - Startup time (1 - 255 seconds). type: int more...

Supported Version Ranges

start_time v6.0.0 -> 7.4.3
status - Enable/disable VRRP. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
vrdst6 - Monitor the route to this destination. type: list
vrgrp - VRRP group ID (1 - 65535). type: int more...

Supported Version Ranges

vrgrp v6.0.0 -> 7.4.3
vrid - Virtual router identifier (1 - 255). see Notes. type: int required: true more...

Supported Version Ranges

vrid v6.0.0 -> 7.4.3
vrip6 - IPv6 address of the virtual router. type: str more...

Supported Version Ranges

vrip6 v6.0.0 -> 7.4.3

l2forward - Enable/disable l2 forwarding. type: str choices: enable, disable more...

Supported Version Ranges

l2forward v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
lacp_ha_secondary - LACP HA secondary member. type: str choices: enable, disable more...

Supported Version Ranges

lacp_ha_secondary v7.2.1 -> 7.4.3

[enable] v7.2.1 -> 7.4.3
[disable] v7.2.1 -> 7.4.3
lacp_ha_slave - LACP HA slave. type: str choices: enable, disable more...

Supported Version Ranges

lacp_ha_slave v6.0.0 -> v7.2.0

[enable] v6.0.0 -> v7.2.0
[disable] v6.0.0 -> v7.2.0
lacp_mode - LACP mode. type: str choices: static, passive, active more...

Supported Version Ranges

lacp_mode v6.0.0 -> 7.4.3

[static] v6.0.0 -> 7.4.3
[passive] v6.0.0 -> 7.4.3
[active] v6.0.0 -> 7.4.3
lacp_speed - How often the interface sends LACP messages. type: str choices: slow, fast more...

Supported Version Ranges

lacp_speed v6.0.0 -> 7.4.3

[slow] v6.0.0 -> 7.4.3
[fast] v6.0.0 -> 7.4.3
lcp_echo_interval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. type: int more...

Supported Version Ranges

lcp_echo_interval v6.0.0 -> 7.4.3
lcp_max_echo_fails - Maximum missed LCP echo messages before disconnect. type: int more...

Supported Version Ranges

lcp_max_echo_fails v6.0.0 -> 7.4.3
link_up_delay - Number of milliseconds to wait before considering a link is up. type: int more...

Supported Version Ranges

link_up_delay v6.0.0 -> 7.4.3
lldp_network_policy - LLDP-MED network policy profile. Source system.lldp.network-policy.name. type: str more...

Supported Version Ranges

lldp_network_policy v6.2.0 -> 7.4.3
lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str choices: enable, disable, vdom more...

Supported Version Ranges

lldp_reception v6.2.0 -> 7.4.3

[enable] v6.2.0 -> 7.4.3
[disable] v6.2.0 -> 7.4.3
[vdom] v6.2.0 -> 7.4.3
lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable, vdom more...

Supported Version Ranges

lldp_transmission v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
[vdom] v6.0.0 -> 7.4.3
macaddr - Change the interface"s MAC address. type: str more...

Supported Version Ranges

macaddr v6.0.0 -> 7.4.3
managed_device - Available when FortiLink is enabled, used for managed devices through FortiLink interface. type: list member_path: managed_device:name more...

Supported Version Ranges

managed_device v6.0.0 -> v6.0.11

name - Managed dev identifier. type: str required: true more...

Supported Version Ranges

name v6.0.0 -> v6.0.11

managed_subnetwork_size - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit"s DHCP server settings. type: str choices: 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536 more...

management_ip - High Availability in-band management IP address of this interface. type: str more...

Supported Version Ranges

management_ip v6.0.0 -> 7.4.3
measured_downstream_bandwidth - Measured downstream bandwidth (kbps). type: int more...

Supported Version Ranges

measured_downstream_bandwidth v6.4.0 -> 7.4.3
measured_upstream_bandwidth - Measured upstream bandwidth (kbps). type: int more...

Supported Version Ranges

measured_upstream_bandwidth v6.4.0 -> 7.4.3

mediatype - Select SFP media interface type type: str choices: none, gmii, sgmii, sr, lr, cr, sr2, lr2, cr2, sr4, lr4, cr4, sr8, lr8, cr8, cfp2-sr10, cfp2-lr4 more...

member - Physical interfaces that belong to the aggregate or redundant interface. type: list member_path: member:interface_name more...

Supported Version Ranges

member v6.0.0 -> 7.4.3

interface_name - Physical interface name. Source system.interface.name. type: str required: true more...

Supported Version Ranges

interface_name v6.0.0 -> 7.4.3

min_links - Minimum number of aggregated ports that must be up. type: int more...

Supported Version Ranges

min_links v6.0.0 -> 7.4.3
min_links_down - Action to take when less than the configured minimum number of links are active. type: str choices: operational, administrative more...

Supported Version Ranges

min_links_down v6.0.0 -> 7.4.3

[operational] v6.0.0 -> 7.4.3
[administrative] v6.0.0 -> 7.4.3
mirroring_direction - Port mirroring direction. type: str choices: rx, tx, both more...

Supported Version Ranges

mirroring_direction v7.4.2 -> v7.4.2

[rx] v7.4.2 -> v7.4.2
[tx] v7.4.2 -> v7.4.2
[both] v7.4.2 -> v7.4.2
mirroring_filter - Mirroring filter. type: dict more...

Supported Version Ranges

mirroring_filter v7.4.2 -> v7.4.2

filter_dport - Destinatin port of mirroring filter. type: int more...

Supported Version Ranges

filter_dport v7.4.2 -> v7.4.2
filter_dstip - Destinatin IP and mask of mirroring filter. type: str more...

Supported Version Ranges

filter_dstip v7.4.2 -> v7.4.2
filter_protocol - Protocol of mirroring filter. type: int more...

Supported Version Ranges

filter_protocol v7.4.2 -> v7.4.2
filter_sport - Source port of mirroring filter. type: int more...

Supported Version Ranges

filter_sport v7.4.2 -> v7.4.2
filter_srcip - Source IP and mask of mirroring filter. type: str more...

Supported Version Ranges

filter_srcip v7.4.2 -> v7.4.2

mirroring_port - Mirroring port. Source system.interface.name. type: str more...

Supported Version Ranges

mirroring_port v7.4.2 -> v7.4.2
mode - Addressing mode (static, DHCP, PPPoE). type: str choices: static, dhcp, pppoe more...

Supported Version Ranges

mode v6.0.0 -> 7.4.3

[static] v6.0.0 -> 7.4.3
[dhcp] v6.0.0 -> 7.4.3
[pppoe] v6.0.0 -> 7.4.3
monitor_bandwidth - Enable monitoring bandwidth on this interface. type: str choices: enable, disable more...

Supported Version Ranges

monitor_bandwidth v6.4.0 -> 7.4.3

[enable] v6.4.0 -> 7.4.3
[disable] v6.4.0 -> 7.4.3
mtu - MTU value for this interface. type: int more...

Supported Version Ranges

mtu v6.0.0 -> 7.4.3
mtu_override - Enable to set a custom MTU for this interface. type: str choices: enable, disable more...

Supported Version Ranges

mtu_override v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
name - Name. type: str required: true more...

Supported Version Ranges

name v6.0.0 -> 7.4.3
ndiscforward - Enable/disable NDISC forwarding. type: str choices: enable, disable more...

Supported Version Ranges

ndiscforward v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
netbios_forward - Enable/disable NETBIOS forwarding. type: str choices: disable, enable more...

Supported Version Ranges

netbios_forward v6.0.0 -> 7.4.3

[disable] v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
netflow_sampler - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). type: str choices: disable, tx, rx, both more...

Supported Version Ranges

netflow_sampler v6.0.0 -> 7.4.3

[disable] v6.0.0 -> 7.4.3
[tx] v6.0.0 -> 7.4.3
[rx] v6.0.0 -> 7.4.3
[both] v6.0.0 -> 7.4.3
np_qos_profile - NP QoS profile ID. type: int more...

Supported Version Ranges

np_qos_profile v7.4.2 -> v7.4.2
outbandwidth - Bandwidth limit for outgoing traffic (0 - 80000000 kbps). type: int more...

Supported Version Ranges

outbandwidth v6.0.0 -> 7.4.3
padt_retry_timeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. type: int more...

Supported Version Ranges

padt_retry_timeout v6.0.0 -> 7.4.3
password - PPPoE account"s password. type: str more...

Supported Version Ranges

password v6.0.0 -> 7.4.3
ping_serv_status - PING server status. type: int more...

Supported Version Ranges

ping_serv_status v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
polling_interval - sFlow polling interval in seconds (1 - 255). type: int more...

Supported Version Ranges

polling_interval v6.0.0 -> 7.4.3
port_mirroring - Enable/disable NP port mirroring. type: str choices: disable, enable more...

Supported Version Ranges

port_mirroring v7.4.2 -> v7.4.2

[disable] v7.4.2 -> v7.4.2
[enable] v7.4.2 -> v7.4.2
pppoe_unnumbered_negotiate - Enable/disable PPPoE unnumbered negotiation. type: str choices: enable, disable more...

Supported Version Ranges

pppoe_unnumbered_negotiate v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
pptp_auth_type - PPTP authentication type. type: str choices: auto, pap, chap, mschapv1, mschapv2 more...

Supported Version Ranges

pptp_auth_type v6.0.0 -> 7.4.3

[auto] v6.0.0 -> 7.4.3
[pap] v6.0.0 -> 7.4.3
[chap] v6.0.0 -> 7.4.3
[mschapv1] v6.0.0 -> 7.4.3
[mschapv2] v6.0.0 -> 7.4.3
pptp_client - Enable/disable PPTP client. type: str choices: enable, disable more...

Supported Version Ranges

pptp_client v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
pptp_password - PPTP password. type: str more...

Supported Version Ranges

pptp_password v6.0.0 -> 7.4.3
pptp_server_ip - PPTP server IP address. type: str more...

Supported Version Ranges

pptp_server_ip v6.0.0 -> 7.4.3
pptp_timeout - Idle timer in minutes (0 for disabled). type: int more...

Supported Version Ranges

pptp_timeout v6.0.0 -> 7.4.3
pptp_user - PPTP user name. type: str more...

Supported Version Ranges

pptp_user v6.0.0 -> 7.4.3
preserve_session_route - Enable/disable preservation of session route when dirty. type: str choices: enable, disable more...

Supported Version Ranges

preserve_session_route v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
priority - Priority of learned routes. type: int more...

Supported Version Ranges

priority v6.0.0 -> 7.4.3
priority_override - Enable/disable fail back to higher priority port once recovered. type: str choices: enable, disable more...

Supported Version Ranges

priority_override v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
proxy_captive_portal - Enable/disable proxy captive portal on this interface. type: str choices: enable, disable more...

Supported Version Ranges

proxy_captive_portal v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
reachable_time - IPv4 reachable time in milliseconds (30000 - 3600000). type: int more...

Supported Version Ranges

reachable_time v7.0.4 -> 7.4.3
redundant_interface - Redundant interface. type: str more...

Supported Version Ranges

redundant_interface v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
remote_ip - Remote IP address of tunnel. type: str more...

Supported Version Ranges

remote_ip v6.0.0 -> 7.4.3
replacemsg_override_group - Replacement message override group. type: str more...

Supported Version Ranges

replacemsg_override_group v6.0.0 -> 7.4.3
ring_rx - RX ring size. type: int more...

Supported Version Ranges

ring_rx
ring_tx - TX ring size. type: int more...

Supported Version Ranges

ring_tx
role - Interface role. type: str choices: lan, wan, dmz, undefined more...

Supported Version Ranges

role v6.0.0 -> 7.4.3

[lan] v6.0.0 -> 7.4.3
[wan] v6.0.0 -> 7.4.3
[dmz] v6.0.0 -> 7.4.3
[undefined] v6.0.0 -> 7.4.3
sample_direction - Data that NetFlow collects (rx, tx, or both). type: str choices: tx, rx, both more...

Supported Version Ranges

sample_direction v6.0.0 -> 7.4.3

[tx] v6.0.0 -> 7.4.3
[rx] v6.0.0 -> 7.4.3
[both] v6.0.0 -> 7.4.3
sample_rate - sFlow sample rate (10 - 99999). type: int more...

Supported Version Ranges

sample_rate v6.0.0 -> 7.4.3
scan_botnet_connections - Enable monitoring or blocking connections to Botnet servers through this interface. type: str choices: disable, block, monitor more...

Supported Version Ranges

scan_botnet_connections v6.0.0 -> v6.0.11

[disable] v6.0.0 -> v6.0.11
[block] v6.0.0 -> v6.0.11
[monitor] v6.0.0 -> v6.0.11
secondary_IP - Enable/disable adding a secondary IP to this interface. type: str choices: enable, disable more...

Supported Version Ranges

secondary_IP v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
secondaryip - Second IP address of interface. type: list member_path: secondaryip:id more...

Supported Version Ranges

secondaryip v6.0.0 -> 7.4.3

allowaccess - Management access settings for the secondary IP address. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, fabric, ftm, speed-test, capwap more...

detectprotocol - Protocols used to detect the server. type: list choices: ping, tcp-echo, udp-echo more...

Supported Version Ranges

detectprotocol v6.0.0 -> 7.4.3

[ping] v6.0.0 -> 7.4.3
[tcp-echo] v6.0.0 -> 7.4.3
[udp-echo] v6.0.0 -> 7.4.3
detectserver - Gateway"s ping server for this IP. type: str more...

Supported Version Ranges

detectserver v6.0.0 -> 7.4.3
gwdetect - Enable/disable detect gateway alive for first. type: str choices: enable, disable more...

Supported Version Ranges

gwdetect v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
ha_priority - HA election priority for the PING server. type: int more...

Supported Version Ranges

ha_priority v6.0.0 -> 7.4.3
id - ID. see Notes. type: int required: true more...

Supported Version Ranges

id v6.0.0 -> 7.4.3
ip - Secondary IP address of the interface. type: str more...

Supported Version Ranges

ip v6.0.0 -> 7.4.3
ping_serv_status - PING server status. type: int more...

Supported Version Ranges

ping_serv_status v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
secip_relay_ip - DHCP relay IP address. type: list

security_8021x_dynamic_vlan_id - VLAN ID for virtual switch. type: int more...

Supported Version Ranges

security_8021x_dynamic_vlan_id v7.4.2 -> v7.4.2
security_8021x_master - 802.1X master virtual-switch. type: str more...

Supported Version Ranges

security_8021x_master v7.4.2 -> v7.4.2
security_8021x_member_mode - 802.1X member mode. type: str choices: switch, disable more...

Supported Version Ranges

security_8021x_member_mode v7.4.2 -> v7.4.2

[switch] v7.4.2 -> v7.4.2
[disable] v7.4.2 -> v7.4.2
security_8021x_mode - 802.1X mode. type: str choices: default, dynamic-vlan, fallback, slave more...

Supported Version Ranges

security_8021x_mode v7.4.2 -> v7.4.2

[default] v7.4.2 -> v7.4.2
[dynamic-vlan] v7.4.2 -> v7.4.2
[fallback] v7.4.2 -> v7.4.2
[slave] v7.4.2 -> v7.4.2
security_exempt_list - Name of security-exempt-list. type: str more...

Supported Version Ranges

security_exempt_list v6.0.0 -> 7.4.3
security_external_logout - URL of external authentication logout server. type: str more...

Supported Version Ranges

security_external_logout v6.0.0 -> 7.4.3
security_external_web - URL of external authentication web server. type: str more...

Supported Version Ranges

security_external_web v6.0.0 -> 7.4.3
security_groups - User groups that can authenticate with the captive portal. type: list member_path: security_groups:name more...

Supported Version Ranges

security_groups v6.0.0 -> 7.4.3

name - Names of user groups that can authenticate with the captive portal. Source user.group.name. type: str required: true more...

Supported Version Ranges

name v6.0.0 -> 7.4.3

security_mac_auth_bypass - Enable/disable MAC authentication bypass. type: str choices: mac-auth-only, enable, disable more...

Supported Version Ranges

security_mac_auth_bypass v6.0.0 -> 7.4.3

[mac-auth-only] v6.2.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
security_mode - Turn on captive portal authentication for this interface. type: str choices: none, captive-portal, 802.1X more...

Supported Version Ranges

security_mode v6.0.0 -> 7.4.3

[none] v6.0.0 -> 7.4.3
[captive-portal] v6.0.0 -> 7.4.3
[802.1X] v6.0.0 -> 7.4.3
security_redirect_url - URL redirection after disclaimer/authentication. type: str more...

Supported Version Ranges

security_redirect_url v6.0.0 -> 7.4.3
service_name - PPPoE service name. type: str more...

Supported Version Ranges

service_name v6.0.0 -> 7.4.3
sflow_sampler - Enable/disable sFlow on this interface. type: str choices: enable, disable more...

Supported Version Ranges

sflow_sampler v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
snmp_index - Permanent SNMP Index of the interface. type: int more...

Supported Version Ranges

snmp_index v6.0.0 -> 7.4.3

speed - Interface speed. The default setting and the options available depend on the interface hardware. type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000auto, 10000full, 10000auto, 40000full, 40000auto, 100auto, 2500auto, 5000auto, 25000full, 25000auto, 50000full, 50000auto, 100Gfull, 100Gauto, 200Gfull, 200Gauto, 400Gfull, 400Gauto, 1000half more...

spillover_threshold - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. type: int more...

Supported Version Ranges

spillover_threshold v6.0.0 -> 7.4.3
src_check - Enable/disable source IP check. type: str choices: enable, disable more...

Supported Version Ranges

src_check v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
status - Bring the interface up or shut the interface down. type: str choices: up, down more...

Supported Version Ranges

status v6.0.0 -> 7.4.3

[up] v6.0.0 -> 7.4.3
[down] v6.0.0 -> 7.4.3
stp - Enable/disable STP. type: str choices: disable, enable more...

Supported Version Ranges

stp v6.0.0 -> v6.2.7 v6.4.1 -> v7.0.12 v7.2.1 -> v7.2.4 v7.4.2 -> v7.4.2

[disable] v6.0.0 -> v6.2.7
[enable] v6.0.0 -> v6.2.7
stp_edge - Enable/disable as STP edge port. type: str choices: disable, enable more...

Supported Version Ranges

stp_edge v7.4.2 -> v7.4.2

[disable] v7.4.2 -> v7.4.2
[enable] v7.4.2 -> v7.4.2
stp_ha_secondary - Control STP behavior on HA secondary. type: str choices: disable, enable, priority-adjust more...

Supported Version Ranges

stp_ha_secondary v7.0.0 -> v7.0.12 v7.2.1 -> v7.2.4 v7.4.2 -> v7.4.2

[disable] v7.0.0 -> v7.0.12
[enable] v7.0.0 -> v7.0.12
[priority-adjust] v7.0.0 -> v7.0.12
stp_ha_slave - Control STP behaviour on HA slave. type: str choices: disable, enable, priority-adjust more...

Supported Version Ranges

stp_ha_slave v6.0.0 -> v6.2.7 v6.4.1 -> v6.4.4

[disable] v6.0.0 -> v6.2.7
[enable] v6.0.0 -> v6.2.7
[priority-adjust] v6.0.0 -> v6.2.7
stpforward - Enable/disable STP forwarding. type: str choices: enable, disable more...

Supported Version Ranges

stpforward v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
stpforward_mode - Configure STP forwarding mode. type: str choices: rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing more...

Supported Version Ranges

stpforward_mode v6.0.0 -> 7.4.3

[rpl-all-ext-id] v6.0.0 -> 7.4.3
[rpl-bridge-ext-id] v6.0.0 -> 7.4.3
[rpl-nothing] v6.0.0 -> 7.4.3
subst - Enable to always send packets from this interface to a destination MAC address. type: str choices: enable, disable more...

Supported Version Ranges

subst v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
substitute_dst_mac - Destination MAC address that all packets are sent to from this interface. type: str more...

Supported Version Ranges

substitute_dst_mac v6.0.0 -> 7.4.3
sw_algorithm - Frame distribution algorithm for switch. type: str choices: l2, l3, eh more...

Supported Version Ranges

sw_algorithm v7.2.0 -> v7.2.0 v7.4.0 -> v7.4.1 v7.4.3 -> 7.4.3

[l2] v7.2.0 -> v7.2.0
[l3] v7.2.0 -> v7.2.0
[eh] v7.2.0 -> v7.2.0
swc_first_create - Initial create for switch-controller VLANs. type: int more...

Supported Version Ranges

swc_first_create v6.4.4 -> 7.4.3
swc_vlan - Creation status for switch-controller VLANs. type: int more...

Supported Version Ranges

swc_vlan v6.4.0 -> v7.0.5 v7.2.0 -> v7.2.0
switch - Contained in switch. type: str more...

Supported Version Ranges

switch v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
switch_controller_access_vlan - Block FortiSwitch port-to-port traffic. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_access_vlan v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
switch_controller_arp_inspection - Enable/disable FortiSwitch ARP inspection. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_arp_inspection v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
switch_controller_dhcp_snooping - Switch controller DHCP snooping. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_dhcp_snooping v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
switch_controller_dhcp_snooping_option82 - Switch controller DHCP snooping option82. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_dhcp_snooping_option82 v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
switch_controller_dhcp_snooping_verify_mac - Switch controller DHCP snooping verify MAC. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_dhcp_snooping_verify_mac v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
switch_controller_dynamic - Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name. type: str more...

Supported Version Ranges

switch_controller_dynamic v7.0.0 -> 7.4.3

switch_controller_feature - Interface"s purpose when assigning traffic (read only). type: str choices: none, default-vlan, quarantine, rspan, voice, video, nac, nac-segment more...

switch_controller_igmp_snooping - Switch controller IGMP snooping. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_igmp_snooping v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
switch_controller_igmp_snooping_fast_leave - Switch controller IGMP snooping fast-leave. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_igmp_snooping_fast_leave v6.2.0 -> 7.4.3

[enable] v6.2.0 -> 7.4.3
[disable] v6.2.0 -> 7.4.3
switch_controller_igmp_snooping_proxy - Switch controller IGMP snooping proxy. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_igmp_snooping_proxy v6.2.0 -> 7.4.3

[enable] v6.2.0 -> 7.4.3
[disable] v6.2.0 -> 7.4.3
switch_controller_iot_scanning - Enable/disable managed FortiSwitch IoT scanning. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_iot_scanning v6.4.4 -> 7.4.3

[enable] v6.4.4 -> 7.4.3
[disable] v6.4.4 -> 7.4.3
switch_controller_learning_limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). type: int more...

Supported Version Ranges

switch_controller_learning_limit v6.0.0 -> 7.4.3
switch_controller_mgmt_vlan - VLAN to use for FortiLink management purposes. type: int more...

Supported Version Ranges

switch_controller_mgmt_vlan v6.4.0 -> 7.4.3
switch_controller_nac - Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name. type: str more...

Supported Version Ranges

switch_controller_nac v6.4.0 -> 7.4.3
switch_controller_netflow_collect - NetFlow collection and processing. type: str choices: disable, enable more...

Supported Version Ranges

switch_controller_netflow_collect v7.2.1 -> 7.4.3

[disable] v7.2.1 -> 7.4.3
[enable] v7.2.1 -> 7.4.3
switch_controller_offload - Enable/disable managed FortiSwitch routing offload. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_offload v7.4.1 -> 7.4.3

[enable] v7.4.1 -> 7.4.3
[disable] v7.4.1 -> 7.4.3
switch_controller_offload_gw - Enable/disable managed FortiSwitch routing offload gateway. type: str choices: enable, disable more...

Supported Version Ranges

switch_controller_offload_gw v7.4.1 -> 7.4.3

[enable] v7.4.1 -> 7.4.3
[disable] v7.4.1 -> 7.4.3
switch_controller_offload_ip - IP for routing offload on FortiSwitch. type: str more...

Supported Version Ranges

switch_controller_offload_ip v7.4.1 -> 7.4.3
switch_controller_rspan_mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. type: str choices: disable, enable more...

Supported Version Ranges

switch_controller_rspan_mode v6.2.0 -> 7.4.3

[disable] v6.2.0 -> 7.4.3
[enable] v6.2.0 -> 7.4.3
switch_controller_source_ip - Source IP address used in FortiLink over L3 connections. type: str choices: outbound, fixed more...

Supported Version Ranges

switch_controller_source_ip v6.4.4 -> 7.4.3

[outbound] v6.4.4 -> 7.4.3
[fixed] v6.4.4 -> 7.4.3
switch_controller_traffic_policy - Switch controller traffic policy for the VLAN. Source switch-controller.traffic-policy.name. type: str more...

Supported Version Ranges

switch_controller_traffic_policy v6.2.0 -> 7.4.3
system_id - Define a system ID for the aggregate interface. type: str more...

Supported Version Ranges

system_id v7.0.2 -> 7.4.3
system_id_type - Method in which system ID is generated. type: str choices: auto, user more...

Supported Version Ranges

system_id_type v7.0.2 -> 7.4.3

[auto] v7.0.2 -> 7.4.3
[user] v7.0.2 -> 7.4.3
tagging - Config object tagging. type: list member_path: tagging:name more...

Supported Version Ranges

tagging v6.0.0 -> 7.4.3

category - Tag category. Source system.object-tagging.category. type: str more...

Supported Version Ranges

category v6.0.0 -> 7.4.3
name - Tagging entry name. type: str required: true more...

Supported Version Ranges

name v6.0.0 -> 7.4.3
tags - Tags. type: list member_path: tagging:name/tags:name more...

Supported Version Ranges

tags v6.0.0 -> 7.4.3

name - Tag name. Source system.object-tagging.tags.name. type: str required: true more...

Supported Version Ranges

name v6.0.0 -> 7.4.3

tcp_mss - TCP maximum segment size. 0 means do not change segment size. type: int more...

Supported Version Ranges

tcp_mss v6.0.0 -> 7.4.3
trunk - Enable/disable VLAN trunk. type: str choices: enable, disable more...

Supported Version Ranges

trunk v7.4.2 -> v7.4.2

[enable] v7.4.2 -> v7.4.2
[disable] v7.4.2 -> v7.4.2
trust_ip_1 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str more...

Supported Version Ranges

trust_ip_1 v6.0.0 -> 7.4.3
trust_ip_2 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str more...

Supported Version Ranges

trust_ip_2 v6.0.0 -> 7.4.3
trust_ip_3 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str more...

Supported Version Ranges

trust_ip_3 v6.0.0 -> 7.4.3
trust_ip6_1 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str more...

Supported Version Ranges

trust_ip6_1 v6.0.0 -> 7.4.3
trust_ip6_2 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str more...

Supported Version Ranges

trust_ip6_2 v6.0.0 -> 7.4.3
trust_ip6_3 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str more...

Supported Version Ranges

trust_ip6_3 v6.0.0 -> 7.4.3

type - Interface type. type: str choices: physical, vlan, aggregate, redundant, tunnel, vdom-link, loopback, switch, vap-switch, wl-mesh, fext-wan, vxlan, geneve, hdlc, switch-vlan, emac-vlan, ssl, lan-extension, hard-switch more...

username - Username of the PPPoE account, provided by your ISP. type: str more...

Supported Version Ranges

username v6.0.0 -> 7.4.3
vdom - Interface is in this virtual domain (VDOM). Source system.vdom.name. type: str more...

Supported Version Ranges

vdom v6.0.0 -> 7.4.3
vindex - Switch control interface VLAN ID. type: int more...

Supported Version Ranges

vindex v6.0.0 -> v7.0.5 v7.2.0 -> v7.2.0
vlan_protocol - Ethernet protocol of VLAN. type: str choices: 8021q, 8021ad more...

Supported Version Ranges

vlan_protocol v6.4.0 -> 7.4.3

[8021q] v6.4.0 -> 7.4.3
[8021ad] v6.4.0 -> 7.4.3
vlanforward - Enable/disable traffic forwarding between VLANs on this interface. type: str choices: enable, disable more...

Supported Version Ranges

vlanforward v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
vlanid - VLAN ID (1 - 4094). type: int more...

Supported Version Ranges

vlanid v6.0.0 -> 7.4.3
vrf - Virtual Routing Forwarding ID. type: int more...

Supported Version Ranges

vrf v6.0.0 -> 7.4.3
vrrp - VRRP configuration. type: list member_path: vrrp:vrid more...

Supported Version Ranges

vrrp v6.0.0 -> 7.4.3

accept_mode - Enable/disable accept mode. type: str choices: enable, disable more...

Supported Version Ranges

accept_mode v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
adv_interval - Advertisement interval (1 - 255 seconds). type: int more...

Supported Version Ranges

adv_interval v6.0.0 -> 7.4.3
ignore_default_route - Enable/disable ignoring of default route when checking destination. type: str choices: enable, disable more...

Supported Version Ranges

ignore_default_route v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
preempt - Enable/disable preempt mode. type: str choices: enable, disable more...

Supported Version Ranges

preempt v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
priority - Priority of the virtual router (1 - 255). type: int more...

Supported Version Ranges

priority v6.0.0 -> 7.4.3
proxy_arp - VRRP Proxy ARP configuration. type: list member_path: vrrp:vrid/proxy_arp:id more...

Supported Version Ranges

proxy_arp v6.0.0 -> 7.4.3

id - ID. see Notes. type: int required: true more...

Supported Version Ranges

id v6.0.0 -> 7.4.3
ip - Set IP addresses of proxy ARP. type: str more...

Supported Version Ranges

ip v6.0.0 -> 7.4.3

start_time - Startup time (1 - 255 seconds). type: int more...

Supported Version Ranges

start_time v6.0.0 -> 7.4.3
status - Enable/disable this VRRP configuration. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
version - VRRP version. type: str choices: 2, 3 more...

Supported Version Ranges

version v6.0.0 -> 7.4.3

[2] v6.0.0 -> 7.4.3
[3] v6.0.0 -> 7.4.3
vrdst - Monitor the route to this destination. type: list
vrdst_priority - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). type: int more...

Supported Version Ranges

vrdst_priority v6.0.0 -> 7.4.3
vrgrp - VRRP group ID (1 - 65535). type: int more...

Supported Version Ranges

vrgrp v6.0.0 -> 7.4.3
vrid - Virtual router identifier (1 - 255). see Notes. type: int required: true more...

Supported Version Ranges

vrid v6.0.0 -> 7.4.3
vrip - IP address of the virtual router. type: str more...

Supported Version Ranges

vrip v6.0.0 -> 7.4.3

vrrp_virtual_mac - Enable/disable use of virtual MAC for VRRP. type: str choices: enable, disable more...

Supported Version Ranges

vrrp_virtual_mac v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
wccp - Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. type: str choices: enable, disable more...

Supported Version Ranges

wccp v6.0.0 -> 7.4.3

[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
weight - Default weight for static routes (if route has no weight configured). type: int more...

Supported Version Ranges

weight v6.0.0 -> 7.4.3
wins_ip - WINS server IP. type: str more...

Supported Version Ranges

wins_ip v6.0.0 -> 7.4.3

Notes 

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples 

- name: Configure interfaces.
  fortinet.fortios.fortios_system_interface:
      vdom: "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      system_interface:
          ac_name: "<your_own_value>"
          aggregate: "<your_own_value>"
          aggregate_type: "physical"
          algorithm: "L2"
          alias: "<your_own_value>"
          allowaccess: "ping"
          ap_discover: "enable"
          arpforward: "enable"
          auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
          auth_portal_addr: "<your_own_value>"
          auth_type: "auto"
          auto_auth_extension_device: "enable"
          bandwidth_measure_time: "0"
          bfd: "global"
          bfd_desired_min_tx: "250"
          bfd_detect_mult: "3"
          bfd_required_min_rx: "250"
          broadcast_forticlient_discovery: "enable"
          broadcast_forward: "enable"
          captive_portal: "2147483647"
          cli_conn_status: "0"
          client_options:
              -
                  code: "0"
                  id: "26"
                  ip: "<your_own_value>"
                  type: "hex"
                  value: "<your_own_value>"
          color: "0"
          dedicated_to: "none"
          default_purdue_level: "1"
          defaultgw: "enable"
          description: "<your_own_value>"
          detected_peer_mtu: "0"
          detectprotocol: "ping"
          detectserver: "<your_own_value>"
          device_access_list: "<your_own_value>"
          device_identification: "enable"
          device_identification_active_scan: "enable"
          device_netscan: "disable"
          device_user_identification: "enable"
          devindex: "0"
          dhcp_broadcast_flag: "disable"
          dhcp_classless_route_addition: "enable"
          dhcp_client_identifier: "myId_46"
          dhcp_relay_agent_option: "enable"
          dhcp_relay_circuit_id: "<your_own_value>"
          dhcp_relay_interface: "<your_own_value> (source system.interface.name)"
          dhcp_relay_interface_select_method: "auto"
          dhcp_relay_ip: "<your_own_value>"
          dhcp_relay_link_selection: "<your_own_value>"
          dhcp_relay_request_all_server: "disable"
          dhcp_relay_service: "disable"
          dhcp_relay_source_ip: "<your_own_value>"
          dhcp_relay_type: "regular"
          dhcp_renew_time: "0"
          dhcp_smart_relay: "disable"
          dhcp_snooping_server_list:
              -
                  name: "default_name_60"
                  server_ip: "<your_own_value>"
          disc_retry_timeout: "1"
          disconnect_threshold: "0"
          distance: "5"
          dns_server_override: "enable"
          dns_server_protocol: "cleartext"
          drop_fragment: "enable"
          drop_overlapped_fragment: "enable"
          eap_ca_cert: "<your_own_value> (source certificate.ca.name)"
          eap_identity: "<your_own_value>"
          eap_method: "tls"
          eap_password: "<your_own_value>"
          eap_supplicant: "enable"
          eap_user_cert: "<your_own_value> (source certificate.local.name)"
          egress_cos: "disable"
          egress_queues:
              cos0: "<your_own_value> (source system.isf-queue-profile.name)"
              cos1: "<your_own_value> (source system.isf-queue-profile.name)"
              cos2: "<your_own_value> (source system.isf-queue-profile.name)"
              cos3: "<your_own_value> (source system.isf-queue-profile.name)"
              cos4: "<your_own_value> (source system.isf-queue-profile.name)"
              cos5: "<your_own_value> (source system.isf-queue-profile.name)"
              cos6: "<your_own_value> (source system.isf-queue-profile.name)"
              cos7: "<your_own_value> (source system.isf-queue-profile.name)"
          egress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)"
          endpoint_compliance: "enable"
          estimated_downstream_bandwidth: "0"
          estimated_upstream_bandwidth: "0"
          explicit_ftp_proxy: "enable"
          explicit_web_proxy: "enable"
          external: "enable"
          fail_action_on_extender: "soft-restart"
          fail_alert_interfaces:
              -
                  name: "default_name_94 (source system.interface.name)"
          fail_alert_method: "link-failed-signal"
          fail_detect: "enable"
          fail_detect_option: "detectserver"
          fortiheartbeat: "enable"
          fortilink: "enable"
          fortilink_backup_link: "0"
          fortilink_neighbor_detect: "lldp"
          fortilink_split_interface: "enable"
          fortilink_stacking: "enable"
          forward_domain: "0"
          forward_error_correction: "none"
          gi_gk: "enable"
          gwdetect: "enable"
          ha_priority: "1"
          icmp_accept_redirect: "enable"
          icmp_send_redirect: "enable"
          ident_accept: "enable"
          idle_timeout: "0"
          ike_saml_server: "<your_own_value> (source user.saml.name)"
          inbandwidth: "0"
          ingress_cos: "disable"
          ingress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)"
          ingress_spillover_threshold: "0"
          interconnect_profile: "default"
          interface: "<your_own_value> (source system.interface.name)"
          internal: "0"
          ip: "<your_own_value>"
          ip_managed_by_fortiipam: "inherit-global"
          ipmac: "enable"
          ips_sniffer_mode: "enable"
          ipunnumbered: "<your_own_value>"
          ipv6:
              autoconf: "enable"
              cli_conn6_status: "0"
              dhcp6_client_options: "rapid"
              dhcp6_iapd_list:
                  -
                      iaid: "<you_own_value>"
                      prefix_hint: "<your_own_value>"
                      prefix_hint_plt: "604800"
                      prefix_hint_vlt: "2592000"
              dhcp6_information_request: "enable"
              dhcp6_prefix_delegation: "enable"
              dhcp6_prefix_hint: "<your_own_value>"
              dhcp6_prefix_hint_plt: "604800"
              dhcp6_prefix_hint_vlt: "2592000"
              dhcp6_relay_interface_id: "<your_own_value>"
              dhcp6_relay_ip: "<your_own_value>"
              dhcp6_relay_service: "disable"
              dhcp6_relay_source_interface: "disable"
              dhcp6_relay_source_ip: "<your_own_value>"
              dhcp6_relay_type: "regular"
              icmp6_send_redirect: "enable"
              interface_identifier: "myId_147"
              ip6_address: "<your_own_value>"
              ip6_allowaccess: "ping"
              ip6_default_life: "1800"
              ip6_delegated_prefix_iaid: "0"
              ip6_delegated_prefix_list:
                  -
                      autonomous_flag: "enable"
                      delegated_prefix_iaid: "0"
                      onlink_flag: "enable"
                      prefix_id: "<you_own_value>"
                      rdnss: "<your_own_value>"
                      rdnss_service: "delegated"
                      subnet: "<your_own_value>"
                      upstream_interface: "<your_own_value> (source system.interface.name)"
              ip6_dns_server_override: "enable"
              ip6_extra_addr:
                  -
                      prefix: "<your_own_value>"
              ip6_hop_limit: "0"
              ip6_link_mtu: "0"
              ip6_manage_flag: "enable"
              ip6_max_interval: "600"
              ip6_min_interval: "198"
              ip6_mode: "static"
              ip6_other_flag: "enable"
              ip6_prefix_list:
                  -
                      autonomous_flag: "enable"
                      dnssl:
                          -
                              domain: "<your_own_value>"
                      onlink_flag: "enable"
                      preferred_life_time: "604800"
                      prefix: "<your_own_value>"
                      rdnss: "<your_own_value>"
                      valid_life_time: "2592000"
              ip6_prefix_mode: "dhcp6"
              ip6_reachable_time: "0"
              ip6_retrans_time: "0"
              ip6_send_adv: "enable"
              ip6_subnet: "<your_own_value>"
              ip6_upstream_interface: "<your_own_value> (source system.interface.name)"
              nd_cert: "<your_own_value> (source certificate.local.name)"
              nd_cga_modifier: "<your_own_value>"
              nd_mode: "basic"
              nd_security_level: "0"
              nd_timestamp_delta: "300"
              nd_timestamp_fuzz: "1"
              ra_send_mtu: "enable"
              unique_autoconf_addr: "enable"
              vrip6_link_local: "<your_own_value>"
              vrrp_virtual_mac6: "enable"
              vrrp6:
                  -
                      accept_mode: "enable"
                      adv_interval: "1"
                      ignore_default_route: "enable"
                      preempt: "enable"
                      priority: "100"
                      start_time: "3"
                      status: "enable"
                      vrdst6: "<your_own_value>"
                      vrgrp: "0"
                      vrid: "<you_own_value>"
                      vrip6: "<your_own_value>"
          l2forward: "enable"
          lacp_ha_secondary: "enable"
          lacp_ha_slave: "enable"
          lacp_mode: "static"
          lacp_speed: "slow"
          lcp_echo_interval: "5"
          lcp_max_echo_fails: "3"
          link_up_delay: "50"
          lldp_network_policy: "<your_own_value> (source system.lldp.network-policy.name)"
          lldp_reception: "enable"
          lldp_transmission: "enable"
          macaddr: "<your_own_value>"
          managed_device:
              -
                  name: "default_name_221"
          managed_subnetwork_size: "32"
          management_ip: "<your_own_value>"
          measured_downstream_bandwidth: "0"
          measured_upstream_bandwidth: "0"
          mediatype: "none"
          member:
              -
                  interface_name: "<your_own_value> (source system.interface.name)"
          min_links: "1"
          min_links_down: "operational"
          mirroring_direction: "rx"
          mirroring_filter:
              filter_dport: "0"
              filter_dstip: "<your_own_value>"
              filter_protocol: "0"
              filter_sport: "0"
              filter_srcip: "<your_own_value>"
          mirroring_port: "<your_own_value> (source system.interface.name)"
          mode: "static"
          monitor_bandwidth: "enable"
          mtu: "1500"
          mtu_override: "enable"
          name: "default_name_243"
          ndiscforward: "enable"
          netbios_forward: "disable"
          netflow_sampler: "disable"
          np_qos_profile: "0"
          outbandwidth: "0"
          padt_retry_timeout: "1"
          password: "<your_own_value>"
          ping_serv_status: "0"
          polling_interval: "20"
          port_mirroring: "disable"
          pppoe_unnumbered_negotiate: "enable"
          pptp_auth_type: "auto"
          pptp_client: "enable"
          pptp_password: "<your_own_value>"
          pptp_server_ip: "<your_own_value>"
          pptp_timeout: "0"
          pptp_user: "<your_own_value>"
          preserve_session_route: "enable"
          priority: "1"
          priority_override: "enable"
          proxy_captive_portal: "enable"
          reachable_time: "30000"
          redundant_interface: "<your_own_value>"
          remote_ip: "<your_own_value>"
          replacemsg_override_group: "<your_own_value>"
          ring_rx: "0"
          ring_tx: "0"
          role: "lan"
          sample_direction: "tx"
          sample_rate: "2000"
          scan_botnet_connections: "disable"
          secondary_IP: "enable"
          secondaryip:
              -
                  allowaccess: "ping"
                  detectprotocol: "ping"
                  detectserver: "<your_own_value>"
                  gwdetect: "enable"
                  ha_priority: "1"
                  id: "282"
                  ip: "<your_own_value>"
                  ping_serv_status: "0"
                  secip_relay_ip: "<your_own_value>"
          security_8021x_dynamic_vlan_id: "0"
          security_8021x_master: "<your_own_value>"
          security_8021x_member_mode: "switch"
          security_8021x_mode: "default"
          security_exempt_list: "<your_own_value>"
          security_external_logout: "<your_own_value>"
          security_external_web: "<your_own_value>"
          security_groups:
              -
                  name: "default_name_294 (source user.group.name)"
          security_mac_auth_bypass: "mac-auth-only"
          security_mode: "none"
          security_redirect_url: "<your_own_value>"
          service_name: "<your_own_value>"
          sflow_sampler: "enable"
          snmp_index: "0"
          speed: "auto"
          spillover_threshold: "0"
          src_check: "enable"
          status: "up"
          stp: "disable"
          stp_edge: "disable"
          stp_ha_secondary: "disable"
          stp_ha_slave: "disable"
          stpforward: "enable"
          stpforward_mode: "rpl-all-ext-id"
          subst: "enable"
          substitute_dst_mac: "<your_own_value>"
          sw_algorithm: "l2"
          swc_first_create: "0"
          swc_vlan: "0"
          switch: "<your_own_value>"
          switch_controller_access_vlan: "enable"
          switch_controller_arp_inspection: "enable"
          switch_controller_dhcp_snooping: "enable"
          switch_controller_dhcp_snooping_option82: "enable"
          switch_controller_dhcp_snooping_verify_mac: "enable"
          switch_controller_dynamic: "<your_own_value> (source switch-controller.fortilink-settings.name)"
          switch_controller_feature: "none"
          switch_controller_igmp_snooping: "enable"
          switch_controller_igmp_snooping_fast_leave: "enable"
          switch_controller_igmp_snooping_proxy: "enable"
          switch_controller_iot_scanning: "enable"
          switch_controller_learning_limit: "0"
          switch_controller_mgmt_vlan: "4094"
          switch_controller_nac: "<your_own_value> (source switch-controller.fortilink-settings.name)"
          switch_controller_netflow_collect: "disable"
          switch_controller_offload: "enable"
          switch_controller_offload_gw: "enable"
          switch_controller_offload_ip: "<your_own_value>"
          switch_controller_rspan_mode: "disable"
          switch_controller_source_ip: "outbound"
          switch_controller_traffic_policy: "<your_own_value> (source switch-controller.traffic-policy.name)"
          system_id: "<your_own_value>"
          system_id_type: "auto"
          tagging:
              -
                  category: "<your_own_value> (source system.object-tagging.category)"
                  name: "default_name_342"
                  tags:
                      -
                          name: "default_name_344 (source system.object-tagging.tags.name)"
          tcp_mss: "0"
          trunk: "enable"
          trust_ip_1: "<your_own_value>"
          trust_ip_2: "<your_own_value>"
          trust_ip_3: "<your_own_value>"
          trust_ip6_1: "<your_own_value>"
          trust_ip6_2: "<your_own_value>"
          trust_ip6_3: "<your_own_value>"
          type: "physical"
          username: "<your_own_value>"
          vdom: "<your_own_value> (source system.vdom.name)"
          vindex: "0"
          vlan_protocol: "8021q"
          vlanforward: "enable"
          vlanid: "0"
          vrf: "0"
          vrrp:
              -
                  accept_mode: "enable"
                  adv_interval: "1"
                  ignore_default_route: "enable"
                  preempt: "enable"
                  priority: "100"
                  proxy_arp:
                      -
                          id: "368"
                          ip: "<your_own_value>"
                  start_time: "3"
                  status: "enable"
                  version: "2"
                  vrdst: "<your_own_value>"
                  vrdst_priority: "0"
                  vrgrp: "0"
                  vrid: "<you_own_value>"
                  vrip: "<your_own_value>"
          vrrp_virtual_mac: "enable"
          wccp: "enable"
          weight: "0"
          wins_ip: "<your_own_value>"

Return Values 

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status 

This module is not guaranteed to have a backwards compatible interface.

Authors 

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.

	Supported Version Ranges
system_interface	`v6.0.0 -> 7.4.3`

	Supported Version Ranges
ac_name	`v6.0.0 -> 7.4.3`

	Supported Version Ranges
aggregate	`v6.0.0 -> v7.0.5`	`v7.2.0 -> v7.2.0`

	Supported Version Ranges
aggregate_type	`v7.2.1 -> 7.4.3`
[physical]	`v7.2.1 -> 7.4.3`
[vxlan]	`v7.2.1 -> 7.4.3`