fortios_system_settings – Configure VDOM settings in Fortinet’s FortiOS and FortiGate.

New in version 2.0.0.

Synopsis

• This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.15

Tips

Using member operation to add an element to an existing object.

FortiOS Version Compatibility

Supported Version Ranges: v6.0.0 -> 7.4.3

Parameters

• access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
• enable_log - Enable/Disable logging for task. type: bool required: false default: False
• vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
• member_path - Member attribute path to operate on. type: str
• member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
• system_settings - Configure VDOM settings. type: dict more...

  	Supported Version Ranges
  system_settings	v6.0.0 -> 7.4.3

• allow_linkdown_path - Enable/disable link down path. type: str choices: enable, disable more...

  	Supported Version Ranges
  allow_linkdown_path	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• allow_subnet_overlap - Enable/disable allowing interface subnets to use overlapping IP addresses. type: str choices: enable, disable more...

  	Supported Version Ranges
  allow_subnet_overlap	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• application_bandwidth_tracking - Enable/disable application bandwidth tracking. type: str choices: disable, enable more...

  	Supported Version Ranges
  application_bandwidth_tracking	v7.0.0 -> 7.4.3
  [disable]	v7.0.0 -> 7.4.3
  [enable]	v7.0.0 -> 7.4.3

• asymroute - Enable/disable IPv4 asymmetric routing. type: str choices: enable, disable more...

  	Supported Version Ranges
  asymroute	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• asymroute_icmp - Enable/disable ICMP asymmetric routing. type: str choices: enable, disable more...

  	Supported Version Ranges
  asymroute_icmp	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• asymroute6 - Enable/disable asymmetric IPv6 routing. type: str choices: enable, disable more...

  	Supported Version Ranges
  asymroute6	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• asymroute6_icmp - Enable/disable asymmetric ICMPv6 routing. type: str choices: enable, disable more...

  	Supported Version Ranges
  asymroute6_icmp	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• auxiliary_session - Enable/disable auxiliary session. type: str choices: enable, disable more...

  	Supported Version Ranges
  auxiliary_session	v6.2.0 -> 7.4.3
  [enable]	v6.2.0 -> 7.4.3
  [disable]	v6.2.0 -> 7.4.3

• bfd - Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. type: str choices: enable, disable more...

  	Supported Version Ranges
  bfd	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• bfd_desired_min_tx - BFD desired minimal transmit interval (1 - 100000 ms). type: int more...

  	Supported Version Ranges
  bfd_desired_min_tx	v6.0.0 -> 7.4.3

• bfd_detect_mult - BFD detection multiplier (1 - 50). type: int more...

  	Supported Version Ranges
  bfd_detect_mult	v6.0.0 -> 7.4.3

• bfd_dont_enforce_src_port - Enable to not enforce verifying the source port of BFD Packets. type: str choices: enable, disable more...

  	Supported Version Ranges
  bfd_dont_enforce_src_port	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• bfd_required_min_rx - BFD required minimal receive interval (1 - 100000 ms). type: int more...

  	Supported Version Ranges
  bfd_required_min_rx	v6.0.0 -> 7.4.3

• block_land_attack - Enable/disable blocking of land attacks. type: str choices: disable, enable more...

  	Supported Version Ranges
  block_land_attack	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3

• central_nat - Enable/disable central NAT. type: str choices: enable, disable more...

  	Supported Version Ranges
  central_nat	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• comments - VDOM comments. type: str more...

  	Supported Version Ranges
  comments	v6.0.0 -> 7.4.3

• compliance_check - Enable/disable PCI DSS compliance checking. type: str choices: enable, disable more...

  	Supported Version Ranges
  compliance_check	v6.0.0 -> v6.0.11
  [enable]	v6.0.0 -> v6.0.11
  [disable]	v6.0.0 -> v6.0.11

• consolidated_firewall_mode - Consolidated firewall mode. type: str choices: enable, disable more...

  	Supported Version Ranges
  consolidated_firewall_mode	v6.2.0 -> v6.2.7
  [enable]	v6.2.0 -> v6.2.7
  [disable]	v6.2.0 -> v6.2.7

• default_app_port_as_service - Enable/disable policy service enforcement based on application default ports. type: str choices: enable, disable more...

  	Supported Version Ranges
  default_app_port_as_service	v7.2.0 -> 7.4.3
  [enable]	v7.2.0 -> 7.4.3
  [disable]	v7.2.0 -> 7.4.3

• default_policy_expiry_days - Default policy expiry in days (0 - 365 days). type: int more...

  	Supported Version Ranges
  default_policy_expiry_days	v7.2.0 -> 7.4.3

• default_voip_alg_mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn"t include a VoIP profile. type: str choices: proxy-based, kernel-helper-based more...

  	Supported Version Ranges
  default_voip_alg_mode	v6.0.0 -> 7.4.3
  [proxy-based]	v6.0.0 -> 7.4.3
  [kernel-helper-based]	v6.0.0 -> 7.4.3

• deny_tcp_with_icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. type: str choices: enable, disable more...

  	Supported Version Ranges
  deny_tcp_with_icmp	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• detect_unknown_esp - Enable/disable detection of unknown ESP packets . type: str choices: enable, disable more...

  	Supported Version Ranges
  detect_unknown_esp	v7.2.4 -> 7.4.3
  [enable]	v7.2.4 -> 7.4.3
  [disable]	v7.2.4 -> 7.4.3

• device - Interface to use for management access for NAT mode. Source system.interface.name. type: str more...

  	Supported Version Ranges
  device	v6.0.0 -> 7.4.3

• dhcp_proxy - Enable/disable the DHCP Proxy. type: str choices: enable, disable more...

  	Supported Version Ranges
  dhcp_proxy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• dhcp_proxy_interface - Specify outgoing interface to reach server. Source system.interface.name. type: str more...

  	Supported Version Ranges
  dhcp_proxy_interface	v6.2.0 -> v6.2.0	v6.2.5 -> v6.4.0	v6.4.4 -> 7.4.3

• dhcp_proxy_interface_select_method - Specify how to select outgoing interface to reach server. type: str choices: auto, sdwan, specify more...

  	Supported Version Ranges
  dhcp_proxy_interface_select_method	v6.2.0 -> v6.2.0	v6.2.5 -> v6.4.0	v6.4.4 -> 7.4.3
  [auto]	v6.2.0 -> v6.2.0
  [sdwan]	v6.2.0 -> v6.2.0
  [specify]	v6.2.0 -> v6.2.0

• dhcp_server_ip - DHCP Server IPv4 address. type: list
• dhcp6_server_ip - DHCPv6 server IPv6 address. type: list
• discovered_device_timeout - Timeout for discovered devices (1 - 365 days). type: int more...

  	Supported Version Ranges
  discovered_device_timeout	v6.0.0 -> 7.4.3

• dyn_addr_session_check - Enable/disable dirty session check caused by dynamic address updates. type: str choices: enable, disable more...

  	Supported Version Ranges
  dyn_addr_session_check	v7.2.1 -> 7.4.3
  [enable]	v7.2.1 -> 7.4.3
  [disable]	v7.2.1 -> 7.4.3

• ecmp_max_paths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 255). type: int more...

  	Supported Version Ranges
  ecmp_max_paths	v6.0.0 -> 7.4.3

• email_portal_check_dns - Enable/disable using DNS to validate email addresses collected by a captive portal. type: str choices: disable, enable more...

  	Supported Version Ranges
  email_portal_check_dns	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3

• ext_resource_session_check - Enable/disable dirty session check caused by external resource updates. type: str choices: enable, disable more...

  	Supported Version Ranges
  ext_resource_session_check	v7.2.1 -> 7.4.3
  [enable]	v7.2.1 -> 7.4.3
  [disable]	v7.2.1 -> 7.4.3

• firewall_session_dirty - Select how to manage sessions affected by firewall policy configuration changes. type: str choices: check-all, check-new, check-policy-option more...

  	Supported Version Ranges
  firewall_session_dirty	v6.0.0 -> 7.4.3
  [check-all]	v6.0.0 -> 7.4.3
  [check-new]	v6.0.0 -> 7.4.3
  [check-policy-option]	v6.0.0 -> 7.4.3

• fqdn_session_check - Enable/disable dirty session check caused by FQDN updates. type: str choices: enable, disable more...

  	Supported Version Ranges
  fqdn_session_check	v7.2.1 -> 7.4.3
  [enable]	v7.2.1 -> 7.4.3
  [disable]	v7.2.1 -> 7.4.3

• fw_session_hairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. type: str choices: enable, disable more...

  	Supported Version Ranges
  fw_session_hairpin	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gateway - Transparent mode IPv4 default gateway IP address. type: str more...

  	Supported Version Ranges
  gateway	v6.0.0 -> 7.4.3

• gateway6 - Transparent mode IPv6 default gateway IP address. type: str more...

  	Supported Version Ranges
  gateway6	v6.0.0 -> 7.4.3

• gtp_asym_fgsp - Enable/disable GTP asymmetric traffic handling on FGSP. type: str choices: disable, enable more...

  	Supported Version Ranges
  gtp_asym_fgsp	v6.2.0 -> v7.0.8	v7.2.0 -> v7.2.4	v7.4.3 -> 7.4.3
  [disable]	v6.2.0 -> v7.0.8
  [enable]	v6.2.0 -> v7.0.8

• gtp_monitor_mode - Enable/disable GTP monitor mode (VDOM level). type: str choices: enable, disable more...

  	Supported Version Ranges
  gtp_monitor_mode	v6.2.0 -> v7.0.8	v7.2.0 -> v7.2.4	v7.4.3 -> 7.4.3
  [enable]	v6.2.0 -> v7.0.8
  [disable]	v6.2.0 -> v7.0.8

• gui_advanced_policy - Enable/disable advanced policy configuration on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_advanced_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_advanced_wireless_features - Enable/disable advanced wireless features in GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_advanced_wireless_features	v7.2.1 -> 7.4.3
  [enable]	v7.2.1 -> 7.4.3
  [disable]	v7.2.1 -> 7.4.3

• gui_allow_unnamed_policy - Enable/disable the requirement for policy naming on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_allow_unnamed_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_antivirus - Enable/disable AntiVirus on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_antivirus	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_ap_profile - Enable/disable FortiAP profiles on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_ap_profile	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_application_control - Enable/disable application control on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_application_control	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_casb - Enable/disable Inline-CASB on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_casb	v7.4.1 -> 7.4.3
  [enable]	v7.4.1 -> 7.4.3
  [disable]	v7.4.1 -> 7.4.3

• gui_default_policy_columns - Default columns to display for policy lists on GUI. type: list member_path: gui_default_policy_columns:name more...

  	Supported Version Ranges
  gui_default_policy_columns	v6.0.0 -> 7.4.3

• name - Select column name. type: str required: true more...

  	Supported Version Ranges
  name	v6.0.0 -> 7.4.3

• gui_dhcp_advanced - Enable/disable advanced DHCP options on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dhcp_advanced	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_dlp - Enable/disable DLP on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dlp	v6.0.0 -> v6.0.11
  [enable]	v6.0.0 -> v6.0.11
  [disable]	v6.0.0 -> v6.0.11

• gui_dlp_profile - Enable/disable Data Leak Prevention on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dlp_profile	v7.2.4 -> 7.4.3
  [enable]	v7.2.4 -> 7.4.3
  [disable]	v7.2.4 -> 7.4.3

• gui_dns_database - Enable/disable DNS database settings on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dns_database	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_dnsfilter - Enable/disable DNS Filtering on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dnsfilter	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_domain_ip_reputation - Enable/disable Domain and IP Reputation on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_domain_ip_reputation	v6.0.0 -> v6.2.7	v6.4.1 -> v6.4.1
  [enable]	v6.0.0 -> v6.2.7
  [disable]	v6.0.0 -> v6.2.7

• gui_dos_policy - Enable/disable DoS policies on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dos_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_dynamic_device_os_id - Enable/disable Create dynamic addresses to manage known devices. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dynamic_device_os_id	v7.4.0 -> 7.4.3
  [enable]	v7.4.0 -> 7.4.3
  [disable]	v7.4.0 -> 7.4.3

• gui_dynamic_profile_display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dynamic_profile_display	v6.0.0 -> v6.4.1
  [enable]	v6.0.0 -> v6.4.1
  [disable]	v6.0.0 -> v6.4.1

• gui_dynamic_routing - Enable/disable dynamic routing on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_dynamic_routing	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_email_collection - Enable/disable email collection on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_email_collection	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_endpoint_control - Enable/disable endpoint control on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_endpoint_control	v6.0.0 -> v7.2.4
  [enable]	v6.0.0 -> v7.2.4
  [disable]	v6.0.0 -> v7.2.4

• gui_endpoint_control_advanced - Enable/disable advanced endpoint control options on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_endpoint_control_advanced	v6.0.0 -> v7.2.4
  [enable]	v6.0.0 -> v7.2.4
  [disable]	v6.0.0 -> v7.2.4

• gui_enforce_change_summary - Enforce change summaries for select tables in the GUI. type: str choices: disable, require, optional more...

  	Supported Version Ranges
  gui_enforce_change_summary	v7.2.0 -> 7.4.3
  [disable]	v7.2.0 -> 7.4.3
  [require]	v7.2.0 -> 7.4.3
  [optional]	v7.2.0 -> 7.4.3

• gui_explicit_proxy - Enable/disable the explicit proxy on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_explicit_proxy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_file_filter - Enable/disable File-filter on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_file_filter	v6.4.0 -> 7.4.3
  [enable]	v6.4.0 -> 7.4.3
  [disable]	v6.4.0 -> 7.4.3

• gui_fortiap_split_tunneling - Enable/disable FortiAP split tunneling on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_fortiap_split_tunneling	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_fortiextender_controller - Enable/disable FortiExtender on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_fortiextender_controller	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_icap - Enable/disable ICAP on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_icap	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_implicit_policy - Enable/disable implicit firewall policies on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_implicit_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_ips - Enable/disable IPS on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_ips	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_load_balance - Enable/disable server load balancing on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_load_balance	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_local_in_policy - Enable/disable Local-In policies on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_local_in_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_local_reports - Enable/disable local reports on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_local_reports	v6.0.0 -> v7.2.2
  [enable]	v6.0.0 -> v7.2.2
  [disable]	v6.0.0 -> v7.2.2

• gui_multicast_policy - Enable/disable multicast firewall policies on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_multicast_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_multiple_interface_policy - Enable/disable adding multiple interfaces to a policy on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_multiple_interface_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_multiple_utm_profiles - Enable/disable multiple UTM profiles on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_multiple_utm_profiles	v6.0.0 -> v6.2.7	v6.4.1 -> v6.4.1
  [enable]	v6.0.0 -> v6.2.7
  [disable]	v6.0.0 -> v6.2.7

• gui_nat46_64 - Enable/disable NAT46 and NAT64 settings on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_nat46_64	v6.0.0 -> v7.0.0
  [enable]	v6.0.0 -> v7.0.0
  [disable]	v6.0.0 -> v7.0.0

• gui_object_colors - Enable/disable object colors on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_object_colors	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_ot - Enable/disable Operational technology features on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_ot	v7.2.0 -> 7.4.3
  [enable]	v7.2.0 -> 7.4.3
  [disable]	v7.2.0 -> 7.4.3

• gui_per_policy_disclaimer - Enable/disable policy disclaimer on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_per_policy_disclaimer	v6.2.0 -> v6.2.7
  [enable]	v6.2.0 -> v6.2.7
  [disable]	v6.2.0 -> v6.2.7

• gui_policy_based_ipsec - Enable/disable policy-based IPsec VPN on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_policy_based_ipsec	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_policy_disclaimer - Enable/disable policy disclaimer on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_policy_disclaimer	v6.4.0 -> 7.4.3
  [enable]	v6.4.0 -> 7.4.3
  [disable]	v6.4.0 -> 7.4.3

• gui_policy_learning - Enable/disable firewall policy learning mode on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_policy_learning	v6.0.0 -> v6.0.11
  [enable]	v6.0.0 -> v6.0.11
  [disable]	v6.0.0 -> v6.0.11

• gui_proxy_inspection - Enable/disable the proxy features on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_proxy_inspection	v7.2.4 -> 7.4.3
  [enable]	v7.2.4 -> 7.4.3
  [disable]	v7.2.4 -> 7.4.3

• gui_replacement_message_groups - Enable/disable replacement message groups on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_replacement_message_groups	v6.0.0 -> v6.4.4
  [enable]	v6.0.0 -> v6.4.4
  [disable]	v6.0.0 -> v6.4.4

• gui_route_tag_address_creation - Enable/disable route-tag addresses on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_route_tag_address_creation	v7.4.0 -> 7.4.3
  [enable]	v7.4.0 -> 7.4.3
  [disable]	v7.4.0 -> 7.4.3

• gui_security_profile_group - Enable/disable Security Profile Groups on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_security_profile_group	v6.4.4 -> 7.4.3
  [enable]	v6.4.4 -> 7.4.3
  [disable]	v6.4.4 -> 7.4.3

• gui_spamfilter - Enable/disable Antispam on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_spamfilter	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_sslvpn - Enable/disable SSL-VPN settings pages on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_sslvpn	v7.4.1 -> 7.4.3
  [enable]	v7.4.1 -> 7.4.3
  [disable]	v7.4.1 -> 7.4.3

• gui_sslvpn_personal_bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_sslvpn_personal_bookmarks	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_sslvpn_realms - Enable/disable SSL-VPN realms on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_sslvpn_realms	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_switch_controller - Enable/disable the switch controller on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_switch_controller	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_threat_weight - Enable/disable threat weight on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_threat_weight	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_traffic_shaping - Enable/disable traffic shaping on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_traffic_shaping	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_videofilter - Enable/disable Video filtering on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_videofilter	v7.0.0 -> 7.4.3
  [enable]	v7.0.0 -> 7.4.3
  [disable]	v7.0.0 -> 7.4.3

• gui_virtual_patch_profile - Enable/disable Virtual Patching on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_virtual_patch_profile	v7.4.1 -> 7.4.3
  [enable]	v7.4.1 -> 7.4.3
  [disable]	v7.4.1 -> 7.4.3

• gui_voip_profile - Enable/disable VoIP profiles on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_voip_profile	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_vpn - Enable/disable IPsec VPN settings pages on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_vpn	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_waf_profile - Enable/disable Web Application Firewall on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_waf_profile	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_wan_load_balancing - Enable/disable SD-WAN on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_wan_load_balancing	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_wanopt_cache - Enable/disable WAN Optimization and Web Caching on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_wanopt_cache	v6.0.0 -> v7.4.1	v7.4.3 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_webfilter - Enable/disable Web filtering on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_webfilter	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_webfilter_advanced - Enable/disable advanced web filtering on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_webfilter_advanced	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_wireless_controller - Enable/disable the wireless controller on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_wireless_controller	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• gui_ztna - Enable/disable Zero Trust Network Access features on the GUI. type: str choices: enable, disable more...

  	Supported Version Ranges
  gui_ztna	v7.0.0 -> 7.4.3
  [enable]	v7.0.0 -> 7.4.3
  [disable]	v7.0.0 -> 7.4.3

• h323_direct_model - Enable/disable H323 direct model. type: str choices: disable, enable more...

  	Supported Version Ranges
  h323_direct_model	v7.0.4 -> 7.4.3
  [disable]	v7.0.4 -> 7.4.3
  [enable]	v7.0.4 -> 7.4.3

• http_external_dest - Offload HTTP traffic to FortiWeb or FortiCache. type: str choices: fortiweb, forticache more...

  	Supported Version Ranges
  http_external_dest	v6.0.0 -> 7.4.3
  [fortiweb]	v6.0.0 -> 7.4.3
  [forticache]	v6.0.0 -> 7.4.3

• ike_dn_format - Configure IKE ASN.1 Distinguished Name format conventions. type: str choices: with-space, no-space more...

  	Supported Version Ranges
  ike_dn_format	v6.0.0 -> 7.4.3
  [with-space]	v6.0.0 -> 7.4.3
  [no-space]	v6.0.0 -> 7.4.3

• ike_policy_route - Enable/disable IKE Policy Based Routing (PBR). type: str choices: enable, disable more...

  	Supported Version Ranges
  ike_policy_route	v7.0.2 -> 7.4.3
  [enable]	v7.0.2 -> 7.4.3
  [disable]	v7.0.2 -> 7.4.3

• ike_port - UDP port for IKE/IPsec traffic . type: int more...

  	Supported Version Ranges
  ike_port	v7.0.0 -> 7.4.3

• ike_quick_crash_detect - Enable/disable IKE quick crash detection (RFC 6290). type: str choices: enable, disable more...

  	Supported Version Ranges
  ike_quick_crash_detect	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• ike_session_resume - Enable/disable IKEv2 session resumption (RFC 5723). type: str choices: enable, disable more...

  	Supported Version Ranges
  ike_session_resume	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• ike_tcp_port - TCP port for IKE/IPsec traffic . type: int more...

  	Supported Version Ranges
  ike_tcp_port	v7.4.2 -> 7.4.3

• implicit_allow_dns - Enable/disable implicitly allowing DNS traffic. type: str choices: enable, disable more...

  	Supported Version Ranges
  implicit_allow_dns	v6.0.0 -> v6.2.7
  [enable]	v6.0.0 -> v6.2.7
  [disable]	v6.0.0 -> v6.2.7

• inspection_mode - Inspection mode (proxy-based or flow-based). type: str choices: proxy, flow more...

  	Supported Version Ranges
  inspection_mode	v6.0.0 -> v6.0.11
  [proxy]	v6.0.0 -> v6.0.11
  [flow]	v6.0.0 -> v6.0.11

• internet_service_database_cache - Enable/disable Internet Service database caching. type: str choices: disable, enable more...

  	Supported Version Ranges
  internet_service_database_cache	v7.2.4 -> 7.4.3
  [disable]	v7.2.4 -> 7.4.3
  [enable]	v7.2.4 -> 7.4.3

• ip - IP address and netmask. type: str more...

  	Supported Version Ranges
  ip	v6.0.0 -> 7.4.3

• ip6 - IPv6 address prefix for NAT mode. type: str more...

  	Supported Version Ranges
  ip6	v6.0.0 -> 7.4.3

• lan_extension_controller_addr - Controller IP address or FQDN to connect. type: str more...

  	Supported Version Ranges
  lan_extension_controller_addr	v7.2.1 -> 7.4.3

• link_down_access - Enable/disable link down access traffic. type: str choices: enable, disable more...

  	Supported Version Ranges
  link_down_access	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. type: str choices: enable, disable, global more...

  	Supported Version Ranges
  lldp_reception	v6.2.0 -> 7.4.3
  [enable]	v6.2.0 -> 7.4.3
  [disable]	v6.2.0 -> 7.4.3
  [global]	v6.2.0 -> 7.4.3

• lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. type: str choices: enable, disable, global more...

  	Supported Version Ranges
  lldp_transmission	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3
  [global]	v6.0.0 -> 7.4.3

• location_id - Local location ID in the form of an IPv4 address. type: str more...

  	Supported Version Ranges
  location_id	v7.0.0 -> 7.4.3

• mac_ttl - Duration of MAC addresses in Transparent mode (300 - 8640000 sec). type: int more...

  	Supported Version Ranges
  mac_ttl	v6.0.0 -> 7.4.3

• manageip - Transparent mode IPv4 management IP address and netmask. type: str more...

  	Supported Version Ranges
  manageip	v6.0.0 -> 7.4.3

• manageip6 - Transparent mode IPv6 management IP address and netmask. type: str more...

  	Supported Version Ranges
  manageip6	v6.0.0 -> 7.4.3

• multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable more...

  	Supported Version Ranges
  multicast_forward	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• multicast_skip_policy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. type: str choices: enable, disable more...

  	Supported Version Ranges
  multicast_skip_policy	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• multicast_ttl_notchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. type: str choices: enable, disable more...

  	Supported Version Ranges
  multicast_ttl_notchange	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• nat46_force_ipv4_packet_forwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. type: str choices: enable, disable more...

  	Supported Version Ranges
  nat46_force_ipv4_packet_forwarding	v7.0.8 -> v7.0.12	v7.2.1 -> 7.4.3
  [enable]	v7.0.8 -> v7.0.12
  [disable]	v7.0.8 -> v7.0.12

• nat46_generate_ipv6_fragment_header - Enable/disable NAT46 IPv6 fragment header generation. type: str choices: enable, disable more...

  	Supported Version Ranges
  nat46_generate_ipv6_fragment_header	v7.0.6 -> v7.0.12	v7.2.1 -> 7.4.3
  [enable]	v7.0.6 -> v7.0.12
  [disable]	v7.0.6 -> v7.0.12

• nat64_force_ipv6_packet_forwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. type: str choices: enable, disable more...

  	Supported Version Ranges
  nat64_force_ipv6_packet_forwarding	v7.0.8 -> v7.0.12	v7.2.1 -> 7.4.3
  [enable]	v7.0.8 -> v7.0.12
  [disable]	v7.0.8 -> v7.0.12

• ngfw_mode - Next Generation Firewall (NGFW) mode. type: str choices: profile-based, policy-based more...

  	Supported Version Ranges
  ngfw_mode	v6.0.0 -> 7.4.3
  [profile-based]	v6.0.0 -> 7.4.3
  [policy-based]	v6.0.0 -> 7.4.3

• opmode - Firewall operation mode (NAT or Transparent). type: str choices: nat, transparent more...

  	Supported Version Ranges
  opmode	v6.0.0 -> 7.4.3
  [nat]	v6.0.0 -> 7.4.3
  [transparent]	v6.0.0 -> 7.4.3

• pfcp_monitor_mode - Enable/disable PFCP monitor mode (VDOM level). type: str choices: enable, disable more...

  	Supported Version Ranges
  pfcp_monitor_mode	v7.0.1 -> v7.0.8	v7.2.0 -> v7.2.4	v7.4.3 -> 7.4.3
  [enable]	v7.0.1 -> v7.0.8
  [disable]	v7.0.1 -> v7.0.8

• policy_offload_level - Configure firewall policy offload level. type: str choices: disable, dos-offload more...

  	Supported Version Ranges
  policy_offload_level	v7.4.2 -> v7.4.2
  [disable]	v7.4.2 -> v7.4.2
  [dos-offload]	v7.4.2 -> v7.4.2

• prp_trailer_action - Enable/disable action to take on PRP trailer. type: str choices: enable, disable more...

  	Supported Version Ranges
  prp_trailer_action	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• sccp_port - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535). type: int more...

  	Supported Version Ranges
  sccp_port	v6.0.0 -> 7.4.3

• sctp_session_without_init - Enable/disable SCTP session creation without SCTP INIT. type: str choices: enable, disable more...

  	Supported Version Ranges
  sctp_session_without_init	v6.2.0 -> 7.4.3
  [enable]	v6.2.0 -> 7.4.3
  [disable]	v6.2.0 -> 7.4.3

• ses_denied_traffic - Enable/disable including denied session in the session table. type: str choices: enable, disable more...

  	Supported Version Ranges
  ses_denied_traffic	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• sip_expectation - Enable/disable the SIP kernel session helper to create an expectation for port 5060. type: str choices: enable, disable more...

  	Supported Version Ranges
  sip_expectation	v6.2.0 -> 7.4.3
  [enable]	v6.2.0 -> 7.4.3
  [disable]	v6.2.0 -> 7.4.3

• sip_helper - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). type: str choices: enable, disable more...

  	Supported Version Ranges
  sip_helper	v6.0.0 -> v6.0.11
  [enable]	v6.0.0 -> v6.0.11
  [disable]	v6.0.0 -> v6.0.11

• sip_nat_trace - Enable/disable recording the original SIP source IP address when NAT is used. type: str choices: enable, disable more...

  	Supported Version Ranges
  sip_nat_trace	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• sip_ssl_port - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535). type: int more...

  	Supported Version Ranges
  sip_ssl_port	v6.0.0 -> 7.4.3

• sip_tcp_port - TCP port the SIP proxy monitors for SIP traffic (0 - 65535). type: list
• sip_udp_port - UDP port the SIP proxy monitors for SIP traffic (0 - 65535). type: list
• snat_hairpin_traffic - Enable/disable source NAT (SNAT) for hairpin traffic. type: str choices: enable, disable more...

  	Supported Version Ranges
  snat_hairpin_traffic	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• ssl_ssh_profile - Profile for SSL/SSH inspection. Source firewall.ssl-ssh-profile.name. type: str more...

  	Supported Version Ranges
  ssl_ssh_profile	v6.0.0 -> v6.0.11

• status - Enable/disable this VDOM. type: str choices: enable, disable more...

  	Supported Version Ranges
  status	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• strict_src_check - Enable/disable strict source verification. type: str choices: enable, disable more...

  	Supported Version Ranges
  strict_src_check	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• tcp_session_without_syn - Enable/disable allowing TCP session without SYN flags. type: str choices: enable, disable more...

  	Supported Version Ranges
  tcp_session_without_syn	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• utf8_spam_tagging - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. type: str choices: enable, disable more...

  	Supported Version Ranges
  utf8_spam_tagging	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

• v4_ecmp_mode - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. type: str choices: source-ip-based, weight-based, usage-based, source-dest-ip-based more...

  	Supported Version Ranges
  v4_ecmp_mode	v6.0.0 -> 7.4.3
  [source-ip-based]	v6.0.0 -> 7.4.3
  [weight-based]	v6.0.0 -> 7.4.3
  [usage-based]	v6.0.0 -> 7.4.3
  [source-dest-ip-based]	v6.0.0 -> 7.4.3

• vdom_type - Vdom type (traffic, lan-extension or admin). type: str choices: traffic, lan-extension, admin more...

  	Supported Version Ranges
  vdom_type	v7.2.0 -> 7.4.3
  [traffic]	v7.2.0 -> 7.4.3
  [lan-extension]	v7.2.1 -> 7.4.3
  [admin]	v7.2.0 -> 7.4.3

• vpn_stats_log - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. type: list choices: ipsec, pptp, l2tp, ssl more...

  	Supported Version Ranges
  vpn_stats_log	v6.0.0 -> 7.4.3
  [ipsec]	v6.0.0 -> 7.4.3
  [pptp]	v6.0.0 -> 7.4.3
  [l2tp]	v6.0.0 -> 7.4.3
  [ssl]	v6.0.0 -> 7.4.3

• vpn_stats_period - Period to send VPN log statistics (0 or 60 - 86400 sec). type: int more...

  	Supported Version Ranges
  vpn_stats_period	v6.0.0 -> 7.4.3

• wccp_cache_engine - Enable/disable WCCP cache engine. type: str choices: enable, disable more...

  	Supported Version Ranges
  wccp_cache_engine	v6.0.0 -> 7.4.3
  [enable]	v6.0.0 -> 7.4.3
  [disable]	v6.0.0 -> 7.4.3

Notes

Note

• Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- name: Configure VDOM settings.
  fortinet.fortios.fortios_system_settings:
      vdom: "{{ vdom }}"
      system_settings:
          allow_linkdown_path: "enable"
          allow_subnet_overlap: "enable"
          application_bandwidth_tracking: "disable"
          asymroute: "enable"
          asymroute_icmp: "enable"
          asymroute6: "enable"
          asymroute6_icmp: "enable"
          auxiliary_session: "enable"
          bfd: "enable"
          bfd_desired_min_tx: "250"
          bfd_detect_mult: "3"
          bfd_dont_enforce_src_port: "enable"
          bfd_required_min_rx: "250"
          block_land_attack: "disable"
          central_nat: "enable"
          comments: "<your_own_value>"
          compliance_check: "enable"
          consolidated_firewall_mode: "enable"
          default_app_port_as_service: "enable"
          default_policy_expiry_days: "30"
          default_voip_alg_mode: "proxy-based"
          deny_tcp_with_icmp: "enable"
          detect_unknown_esp: "enable"
          device: "<your_own_value> (source system.interface.name)"
          dhcp_proxy: "enable"
          dhcp_proxy_interface: "<your_own_value> (source system.interface.name)"
          dhcp_proxy_interface_select_method: "auto"
          dhcp_server_ip: "<your_own_value>"
          dhcp6_server_ip: "<your_own_value>"
          discovered_device_timeout: "28"
          dyn_addr_session_check: "enable"
          ecmp_max_paths: "255"
          email_portal_check_dns: "disable"
          ext_resource_session_check: "enable"
          firewall_session_dirty: "check-all"
          fqdn_session_check: "enable"
          fw_session_hairpin: "enable"
          gateway: "<your_own_value>"
          gateway6: "<your_own_value>"
          gtp_asym_fgsp: "disable"
          gtp_monitor_mode: "enable"
          gui_advanced_policy: "enable"
          gui_advanced_wireless_features: "enable"
          gui_allow_unnamed_policy: "enable"
          gui_antivirus: "enable"
          gui_ap_profile: "enable"
          gui_application_control: "enable"
          gui_casb: "enable"
          gui_default_policy_columns:
              -
                  name: "default_name_52"
          gui_dhcp_advanced: "enable"
          gui_dlp: "enable"
          gui_dlp_profile: "enable"
          gui_dns_database: "enable"
          gui_dnsfilter: "enable"
          gui_domain_ip_reputation: "enable"
          gui_dos_policy: "enable"
          gui_dynamic_device_os_id: "enable"
          gui_dynamic_profile_display: "enable"
          gui_dynamic_routing: "enable"
          gui_email_collection: "enable"
          gui_endpoint_control: "enable"
          gui_endpoint_control_advanced: "enable"
          gui_enforce_change_summary: "disable"
          gui_explicit_proxy: "enable"
          gui_file_filter: "enable"
          gui_fortiap_split_tunneling: "enable"
          gui_fortiextender_controller: "enable"
          gui_icap: "enable"
          gui_implicit_policy: "enable"
          gui_ips: "enable"
          gui_load_balance: "enable"
          gui_local_in_policy: "enable"
          gui_local_reports: "enable"
          gui_multicast_policy: "enable"
          gui_multiple_interface_policy: "enable"
          gui_multiple_utm_profiles: "enable"
          gui_nat46_64: "enable"
          gui_object_colors: "enable"
          gui_ot: "enable"
          gui_per_policy_disclaimer: "enable"
          gui_policy_based_ipsec: "enable"
          gui_policy_disclaimer: "enable"
          gui_policy_learning: "enable"
          gui_proxy_inspection: "enable"
          gui_replacement_message_groups: "enable"
          gui_route_tag_address_creation: "enable"
          gui_security_profile_group: "enable"
          gui_spamfilter: "enable"
          gui_sslvpn: "enable"
          gui_sslvpn_personal_bookmarks: "enable"
          gui_sslvpn_realms: "enable"
          gui_switch_controller: "enable"
          gui_threat_weight: "enable"
          gui_traffic_shaping: "enable"
          gui_videofilter: "enable"
          gui_virtual_patch_profile: "enable"
          gui_voip_profile: "enable"
          gui_vpn: "enable"
          gui_waf_profile: "enable"
          gui_wan_load_balancing: "enable"
          gui_wanopt_cache: "enable"
          gui_webfilter: "enable"
          gui_webfilter_advanced: "enable"
          gui_wireless_controller: "enable"
          gui_ztna: "enable"
          h323_direct_model: "disable"
          http_external_dest: "fortiweb"
          ike_dn_format: "with-space"
          ike_policy_route: "enable"
          ike_port: "500"
          ike_quick_crash_detect: "enable"
          ike_session_resume: "enable"
          ike_tcp_port: "4500"
          implicit_allow_dns: "enable"
          inspection_mode: "proxy"
          internet_service_database_cache: "disable"
          ip: "<your_own_value>"
          ip6: "<your_own_value>"
          lan_extension_controller_addr: "<your_own_value>"
          link_down_access: "enable"
          lldp_reception: "enable"
          lldp_transmission: "enable"
          location_id: "<your_own_value>"
          mac_ttl: "300"
          manageip: "<your_own_value>"
          manageip6: "<your_own_value>"
          multicast_forward: "enable"
          multicast_skip_policy: "enable"
          multicast_ttl_notchange: "enable"
          nat46_force_ipv4_packet_forwarding: "enable"
          nat46_generate_ipv6_fragment_header: "enable"
          nat64_force_ipv6_packet_forwarding: "enable"
          ngfw_mode: "profile-based"
          opmode: "nat"
          pfcp_monitor_mode: "enable"
          policy_offload_level: "disable"
          prp_trailer_action: "enable"
          sccp_port: "2000"
          sctp_session_without_init: "enable"
          ses_denied_traffic: "enable"
          sip_expectation: "enable"
          sip_helper: "enable"
          sip_nat_trace: "enable"
          sip_ssl_port: "5061"
          sip_tcp_port: "<your_own_value>"
          sip_udp_port: "<your_own_value>"
          snat_hairpin_traffic: "enable"
          ssl_ssh_profile: "<your_own_value> (source firewall.ssl-ssh-profile.name)"
          status: "enable"
          strict_src_check: "enable"
          tcp_session_without_syn: "enable"
          utf8_spam_tagging: "enable"
          v4_ecmp_mode: "source-ip-based"
          vdom_type: "traffic"
          vpn_stats_log: "ipsec"
          vpn_stats_period: "600"
          wccp_cache_engine: "enable"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• build - Build number of the fortigate image returned: always type: str sample: 1547
• http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
• http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
• mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
• name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
• path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
• revision - Internal revision number returned: always type: str sample: 17.0.2.10658
• serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
• status - Indication of the operation's result returned: always type: str sample: success
• vdom - Virtual domain used returned: always type: str sample: root
• version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Link Zheng (@chillancezen)

• Jie Xue (@JieX19)

• Hongbin Lu (@fgtdev-hblu)

• Frank Shen (@frankshen01)

• Miguel Angel Munoz (@mamunozgonzalez)

• Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.