fortios_wireless_controller_vap – Configure Virtual Access Points (VAPs) in Fortinet’s FortiOS and FortiGate.
New in version 2.0.0.
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15
Tips
Using member operation to add an element to an existing object.
FortiOS Version Compatibility
Supported Version Ranges: v6.0.0 -> 7.4.3
Parameters
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- wireless_controller_vap - Configure Virtual Access Points (VAPs). type: dict more...
- access_control_list - Profile name for access-control-list. Source wireless-controller.access-control-list.name. type: str more...
- acct_interim_interval - WiFi RADIUS accounting interim interval (60 - 86400 sec). type: int more...
- additional_akms - Additional AKMs. type: list choices: akm6 more...
- address_group - Firewall Address Group Name. Source firewall.addrgrp.name. type: str more...
- address_group_policy - Configure MAC address filtering policy for MAC addresses that are in the address-group. type: str choices: disable, allow, deny more...
- alias - Alias. type: str more...
- antivirus_profile - AntiVirus profile name. Source antivirus.profile.name. type: str more...
- application_detection_engine - Enable/disable application detection engine . type: str choices: enable, disable more...
- application_dscp_marking - Enable/disable application attribute based DSCP marking . type: str choices: enable, disable more...
- application_list - Application control list name. Source application.list.name. type: str more...
- application_report_intv - Application report interval (30 - 864000 sec). type: int more...
- atf_weight - Airtime weight in percentage . type: int more...
- auth - Authentication protocol. type: str choices: radius, usergroup, psk more...
- auth_cert - HTTPS server certificate. Source vpn.certificate.local.name. type: str more...
- auth_portal_addr - Address of captive portal. type: str more...
- beacon_advertising - Fortinet beacon advertising IE data . type: list choices: name, model, serial-number more...
- broadcast_ssid - Enable/disable broadcasting the SSID . type: str choices: enable, disable more...
- broadcast_suppression - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. type: list choices: dhcp-up, dhcp-down, dhcp-starvation, dhcp-ucast, arp-known, arp-unknown, arp-reply, arp-poison, arp-proxy, netbios-ns, netbios-ds, ipv6, all-other-mc, all-other-bc more...
- bss_color_partial - Enable/disable 802.11ax partial BSS color . type: str choices: enable, disable more...
- bstm_disassociation_imminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached . type: str choices: enable, disable more...
- bstm_load_balancing_disassoc_timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30). type: int more...
- bstm_rssi_disassoc_timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000). type: int more...
- captive_portal_ac_name - Local-bridging captive portal ac-name. type: str more...
- captive_portal_auth_timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec). type: int more...
- captive_portal_fw_accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. type: str choices: enable, disable more...
- captive_portal_macauth_radius_secret - Secret key to access the macauth RADIUS server. type: str more...
- captive_portal_macauth_radius_server - Captive portal external RADIUS server domain name or IP address. type: str more...
- captive_portal_radius_secret - Secret key to access the RADIUS server. type: str more...
- captive_portal_radius_server - Captive portal RADIUS server domain name or IP address. type: str more...
- captive_portal_session_timeout_interval - Session timeout interval (0 - 864000 sec). type: int more...
- dhcp_address_enforcement - Enable/disable DHCP address enforcement . type: str choices: enable, disable more...
- dhcp_lease_time - DHCP lease time in seconds for NAT IP address. type: int more...
- dhcp_option43_insertion - Enable/disable insertion of DHCP option 43 . type: str choices: enable, disable more...
- dhcp_option82_circuit_id_insertion - Enable/disable DHCP option 82 circuit-id insert . type: str choices: style-1, style-2, style-3, disable more...
- dhcp_option82_insertion - Enable/disable DHCP option 82 insert . type: str choices: enable, disable more...
- dhcp_option82_remote_id_insertion - Enable/disable DHCP option 82 remote-id insert . type: str choices: style-1, disable more...
- dynamic_vlan - Enable/disable dynamic VLAN assignment. type: str choices: enable, disable more...
- eap_reauth - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str choices: enable, disable more...
- eap_reauth_intv - EAP re-authentication interval (1800 - 864000 sec). type: int more...
- eapol_key_retries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . type: str choices: disable, enable more...
- encrypt - Encryption protocol to use (only available when security is set to a WPA type). type: str choices: TKIP, AES, TKIP-AES more...
- external_fast_roaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . type: str choices: enable, disable more...
- external_logout - URL of external authentication logout server. type: str more...
- external_web - URL of external authentication web server. type: str more...
- external_web_format - URL query parameter detection . type: str choices: auto-detect, no-query-string, partial-query-string more...
- fast_bss_transition - Enable/disable 802.11r Fast BSS Transition (FT) . type: str choices: disable, enable more...
- fast_roaming - Enable/disable fast-roaming, or pre-authentication, where supported by clients . type: str choices: enable, disable more...
- ft_mobility_domain - Mobility domain identifier in FT (1 - 65535). type: int more...
- ft_over_ds - Enable/disable FT over the Distribution System (DS). type: str choices: disable, enable more...
- ft_r0_key_lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int more...
- gas_comeback_delay - GAS comeback delay (0 or 100 - 10000 milliseconds). type: int more...
- gas_fragmentation_limit - GAS fragmentation limit (512 - 4096). type: int more...
- gtk_rekey - Enable/disable GTK rekey for WPA security. type: str choices: enable, disable more...
- gtk_rekey_intv - GTK rekey interval (1800 - 864000 sec). type: int more...
- high_efficiency - Enable/disable 802.11ax high efficiency . type: str choices: enable, disable more...
- hotspot20_profile - Hotspot 2.0 profile name. Source wireless-controller.hotspot20.hs-profile.name. type: str more...
- igmp_snooping - Enable/disable IGMP snooping. type: str choices: enable, disable more...
- intra_vap_privacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . type: str choices: enable, disable more...
- ip - IP address and subnet mask for the local standalone NAT subnet. type: str more...
- ips_sensor - IPS sensor name. Source ips.sensor.name. type: str more...
- ipv6_rules - Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. type: list choices: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad more...
- key - WEP Key. type: str more...
- keyindex - WEP key index (1 - 4). type: int more...
- l3_roaming - Enable/disable layer 3 roaming . type: str choices: enable, disable more...
- l3_roaming_mode - Select the way that layer 3 roaming traffic is passed . type: str choices: direct, indirect more...
- ldpc - VAP low-density parity-check (LDPC) coding configuration. type: str choices: disable, rx, tx, rxtx more...
- local_authentication - Enable/disable AP local authentication. type: str choices: enable, disable more...
- local_bridging - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . type: str choices: enable, disable more...
- local_lan - Allow/deny traffic destined for a Class A, B, or C private IP address . type: str choices: allow, deny more...
- local_standalone - Enable/disable AP local standalone . type: str choices: enable, disable more...
- local_standalone_dns - Enable/disable AP local standalone DNS. type: str choices: enable, disable more...
- local_standalone_dns_ip - IPv4 addresses for the local standalone DNS. type: list
- local_standalone_nat - Enable/disable AP local standalone NAT mode. type: str choices: enable, disable more...
- mac_auth_bypass - Enable/disable MAC authentication bypass. type: str choices: enable, disable more...
- mac_called_station_delimiter - MAC called station delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- mac_calling_station_delimiter - MAC calling station delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- mac_case - MAC case . type: str choices: uppercase, lowercase more...
- mac_filter - Enable/disable MAC filtering to block wireless clients by mac address. type: str choices: enable, disable more...
- mac_filter_list - Create a list of MAC addresses for MAC address filtering. type: list member_path: mac_filter_list:id more...
- id - ID. see Notes. type: int required: true more...
- mac - MAC address. type: str more...
- mac_filter_policy - Deny or allow the client with this MAC address. type: str choices: allow, deny more...
- mac_filter_policy_other - Allow or block clients with MAC addresses that are not in the filter list. type: str choices: allow, deny more...
- mac_password_delimiter - MAC authentication password delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- mac_username_delimiter - MAC authentication username delimiter . type: str choices: hyphen, single-hyphen, colon, none more...
- max_clients - Maximum number of clients that can connect simultaneously to the VAP . type: int more...
- max_clients_ap - Maximum number of clients that can connect simultaneously to the VAP per AP radio . type: int more...
- mbo - Enable/disable Multiband Operation . type: str choices: disable, enable more...
- mbo_cell_data_conn_pref - MBO cell data connection preference (0, 1, or 255). type: str choices: excluded, prefer-not, prefer-use more...
- me_disable_thresh - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int more...
- mesh_backhaul - Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. type: str choices: enable, disable more...
- mpsk - Enable/disable multiple PSK authentication. type: str choices: enable, disable more...
- mpsk_concurrent_clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535). type: int more...
- mpsk_key - List of multiple PSK entries. type: list member_path: mpsk_key:key_name more...
- comment - Comment. type: str more...
- concurrent_clients - Number of clients that can connect using this pre-shared key. type: str more...
- key_name - Pre-shared key name. type: str required: true more...
- mpsk_schedules - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. type: list member_path: mpsk_key:key_name/mpsk_schedules:name more...
- name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str required: true more...
- passphrase - WPA Pre-shared key. type: str more...
- mpsk_profile - MPSK profile name. Source wireless-controller.mpsk-profile.name. type: str more...
- mu_mimo - Enable/disable Multi-user MIMO . type: str choices: enable, disable more...
- multicast_enhance - Enable/disable converting multicast to unicast to improve performance . type: str choices: enable, disable more...
- multicast_rate - Multicast rate (0, 6000, 12000, or 24000 kbps). type: str choices: 0, 6000, 12000, 24000 more...
- nac - Enable/disable network access control. type: str choices: enable, disable more...
- nac_profile - NAC profile name. Source wireless-controller.nac-profile.name. type: str more...
- name - Virtual AP name. type: str required: true more...
- neighbor_report_dual_band - Enable/disable dual-band neighbor report . type: str choices: disable, enable more...
- okc - Enable/disable Opportunistic Key Caching (OKC) . type: str choices: disable, enable more...
- osen - Enable/disable OSEN as part of key management . type: str choices: enable, disable more...
- owe_groups - OWE-Groups. type: list choices: 19, 20, 21 more...
- owe_transition - Enable/disable OWE transition mode support. type: str choices: disable, enable more...
- owe_transition_ssid - OWE transition mode peer SSID. type: str more...
- passphrase - WPA pre-shared key (PSK) to be used to authenticate WiFi users. type: str more...
- pmf - Protected Management Frames (PMF) support . type: str choices: disable, enable, optional more...
- pmf_assoc_comeback_timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int more...
- pmf_sa_query_retry_timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int more...
- port_macauth - Enable/disable LAN port MAC authentication . type: str choices: disable, radius, address-group more...
- port_macauth_reauth_timeout - LAN port MAC authentication re-authentication timeout value . type: int more...
- port_macauth_timeout - LAN port MAC authentication idle timeout value . type: int more...
- portal_message_override_group - Replacement message group for this VAP (only available when security is set to a captive portal type). Source system.replacemsg-group .name. type: str more...
- portal_message_overrides - Individual message overrides. type: dict more...
- auth_disclaimer_page - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str more...
- auth_login_failed_page - Override auth-login-failed-page message with message from portal-message-overrides group. type: str more...
- auth_login_page - Override auth-login-page message with message from portal-message-overrides group. type: str more...
- auth_reject_page - Override auth-reject-page message with message from portal-message-overrides group. type: str more...
- portal_type - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. type: str choices: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth, external-macauth more...
- primary_wag_profile - Primary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str more...
- probe_resp_suppression - Enable/disable probe response suppression (to ignore weak signals) . type: str choices: enable, disable more...
- probe_resp_threshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). type: str more...
- ptk_rekey - Enable/disable PTK rekey for WPA-Enterprise security. type: str choices: enable, disable more...
- ptk_rekey_intv - PTK rekey interval (1800 - 864000 sec). type: int more...
- qos_profile - Quality of service profile name. Source wireless-controller.qos-profile.name. type: str more...
- quarantine - Enable/disable station quarantine . type: str choices: enable, disable more...
- radio_2g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20). type: str more...
- radio_5g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20). type: str more...
- radio_sensitivity - Enable/disable software radio sensitivity (to ignore weak signals) . type: str choices: enable, disable more...
- radius_mac_auth - Enable/disable RADIUS-based MAC authentication of clients . type: str choices: enable, disable more...
- radius_mac_auth_block_interval - Don"t send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds). type: int more...
- radius_mac_auth_server - RADIUS-based MAC authentication server. Source user.radius.name. type: str more...
- radius_mac_auth_usergroups - Selective user groups that are permitted for RADIUS mac authentication. type: list member_path: radius_mac_auth_usergroups:name more...
- name - User group name. type: str required: true more...
- radius_mac_mpsk_auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication . type: str choices: enable, disable more...
- radius_mac_mpsk_timeout - RADIUS MAC MPSK cache timeout interval (0 or 300 - 864000). type: int more...
- radius_server - RADIUS server to be used to authenticate WiFi users. Source user.radius.name. type: str more...
- rates_11a - Allowed data rates for 802.11a. type: list choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic more...
- rates_11ac_mcs_map - Comma separated list of max supported VHT MCS for spatial streams 1 through 8. type: str more...
- rates_11ac_ss12 - Allowed data rates for 802.11ac with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2 more...
- rates_11ac_ss34 - Allowed data rates for 802.11ac with 3 or 4 spatial streams. type: list choices: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4 more...
- rates_11ax_mcs_map - Comma separated list of max supported HE MCS for spatial streams 1 through 8. type: str more...
- rates_11ax_ss12 - Allowed data rates for 802.11ax with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2 more...
- rates_11ax_ss34 - Allowed data rates for 802.11ax with 3 or 4 spatial streams. type: list choices: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4 more...
- rates_11bg - Allowed data rates for 802.11b/g. type: list choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic more...
- rates_11n_ss12 - Allowed data rates for 802.11n with 1 or 2 spatial streams. type: list choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2 more...
- rates_11n_ss34 - Allowed data rates for 802.11n with 3 or 4 spatial streams. type: list choices: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4 more...
- roaming_acct_interim_update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. type: str choices: enable, disable more...
- sae_groups - SAE-Groups. type: list choices: 19, 20, 21, 1, 2, 5, 14, 15, 16, 17, 18, 27, 28, 29, 30, 31 more...
- sae_h2e_only - Use hash-to-element-only mechanism for PWE derivation . type: str choices: enable, disable more...
- sae_hnp_only - Use hunting-and-pecking-only mechanism for PWE derivation . type: str choices: enable, disable more...
- sae_password - WPA3 SAE password to be used to authenticate WiFi users. type: str more...
- sae_pk - Enable/disable WPA3 SAE-PK . type: str choices: enable, disable more...
- sae_private_key - Private key used for WPA3 SAE-PK authentication. type: str more...
- scan_botnet_connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: disable, monitor, block more...
- schedule - Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space. type: list member_path: schedule:name more...
- name - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str required: true more...
- secondary_wag_profile - Secondary wireless access gateway profile name. Source wireless-controller.wag-profile.name. type: str more...
- security - Security mode for the wireless interface . type: str choices: open, captive-portal, wep64, wep128, wpa-personal, wpa-personal+captive-portal, wpa-enterprise, wpa-only-personal, wpa-only-personal+captive-portal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-personal+captive-portal, wpa2-only-enterprise, wpa3-enterprise, wpa3-only-enterprise, wpa3-enterprise-transition, wpa3-sae, wpa3-sae-transition, owe, osen more...
- security_exempt_list - Optional security exempt list for captive portal authentication. Source user.security-exempt-list.name. type: str more...
- security_obsolete_option - Enable/disable obsolete security options. type: str choices: enable, disable more...
- security_redirect_url - Optional URL for redirecting users after they pass captive portal authentication. type: str more...
- selected_usergroups - Selective user groups that are permitted to authenticate. type: list member_path: selected_usergroups:name more...
- name - User group name. Source user.group.name. type: str required: true more...
- set_80211k - Enable/disable 802.11k assisted roaming . type: str choices: disable, enable more...
- set_80211v - Enable/disable 802.11v assisted roaming . type: str choices: disable, enable more...
- split_tunneling - Enable/disable split tunneling . type: str choices: enable, disable more...
- ssid - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. type: str more...
- sticky_client_remove - Enable/disable sticky client remove to maintain good signal level clients in SSID . type: str choices: enable, disable more...
- sticky_client_threshold_2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20). type: str more...
- sticky_client_threshold_5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20). type: str more...
- sticky_client_threshold_6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20). type: str more...
- target_wake_time - Enable/disable 802.11ax target wake time . type: str choices: enable, disable more...
- tkip_counter_measure - Enable/disable TKIP counter measure. type: str choices: enable, disable more...
- tunnel_echo_interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec). type: int more...
- tunnel_fallback_interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec). type: int more...
- usergroup - Firewall user group to be used to authenticate WiFi users. type: list member_path: usergroup:name more...
- name - User group name. Source user.group.name. type: str required: true more...
- utm_log - Enable/disable UTM logging. type: str choices: enable, disable more...
- utm_profile - UTM profile name. Source wireless-controller.utm-profile.name. type: str more...
- utm_status - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. type: str choices: enable, disable more...
- vdom - Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. type: str more...
- vlan_auto - Enable/disable automatic management of SSID VLAN interface. type: str choices: enable, disable more...
- vlan_name - Table for mapping VLAN name to VLAN ID. type: list member_path: vlan_name:name more...
- name - VLAN name. type: str required: true more...
- vlan_id - VLAN IDs (maximum 8 VLAN IDs). type: list
- vlan_pool - VLAN pool. type: list member_path: vlan_pool:id more...
- id - ID. see Notes. type: int required: true more...
- wtp_group - WTP group name. Source wireless-controller.wtp-group.name. type: str more...
- vlan_pooling - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. type: str choices: wtp-group, round-robin, hash, disable more...
- vlanid - Optional VLAN ID. type: int more...
- voice_enterprise - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . type: str choices: disable, enable more...
- webfilter_profile - WebFilter profile name. Source webfilter.profile.name. type: str more...
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- name: Configure Virtual Access Points (VAPs).
fortinet.fortios.fortios_wireless_controller_vap:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
wireless_controller_vap:
access_control_list: "<your_own_value> (source wireless-controller.access-control-list.name)"
acct_interim_interval: "43200"
additional_akms: "akm6"
address_group: "<your_own_value> (source firewall.addrgrp.name)"
address_group_policy: "disable"
alias: "<your_own_value>"
antivirus_profile: "<your_own_value> (source antivirus.profile.name)"
application_detection_engine: "enable"
application_dscp_marking: "enable"
application_list: "<your_own_value> (source application.list.name)"
application_report_intv: "120"
atf_weight: "20"
auth: "radius"
auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_portal_addr: "<your_own_value>"
beacon_advertising: "name"
broadcast_ssid: "enable"
broadcast_suppression: "dhcp-up"
bss_color_partial: "enable"
bstm_disassociation_imminent: "enable"
bstm_load_balancing_disassoc_timer: "10"
bstm_rssi_disassoc_timer: "200"
captive_portal_ac_name: "<your_own_value>"
captive_portal_auth_timeout: "0"
captive_portal_fw_accounting: "enable"
captive_portal_macauth_radius_secret: "<your_own_value>"
captive_portal_macauth_radius_server: "<your_own_value>"
captive_portal_radius_secret: "<your_own_value>"
captive_portal_radius_server: "<your_own_value>"
captive_portal_session_timeout_interval: "432000"
dhcp_address_enforcement: "enable"
dhcp_lease_time: "2400"
dhcp_option43_insertion: "enable"
dhcp_option82_circuit_id_insertion: "style-1"
dhcp_option82_insertion: "enable"
dhcp_option82_remote_id_insertion: "style-1"
dynamic_vlan: "enable"
eap_reauth: "enable"
eap_reauth_intv: "86400"
eapol_key_retries: "disable"
encrypt: "TKIP"
external_fast_roaming: "enable"
external_logout: "<your_own_value>"
external_web: "<your_own_value>"
external_web_format: "auto-detect"
fast_bss_transition: "disable"
fast_roaming: "enable"
ft_mobility_domain: "1000"
ft_over_ds: "disable"
ft_r0_key_lifetime: "480"
gas_comeback_delay: "500"
gas_fragmentation_limit: "1024"
gtk_rekey: "enable"
gtk_rekey_intv: "86400"
high_efficiency: "enable"
hotspot20_profile: "<your_own_value> (source wireless-controller.hotspot20.hs-profile.name)"
igmp_snooping: "enable"
intra_vap_privacy: "enable"
ip: "<your_own_value>"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
ipv6_rules: "drop-icmp6ra"
key: "<your_own_value>"
keyindex: "1"
l3_roaming: "enable"
l3_roaming_mode: "direct"
ldpc: "disable"
local_authentication: "enable"
local_bridging: "enable"
local_lan: "allow"
local_standalone: "enable"
local_standalone_dns: "enable"
local_standalone_dns_ip: "<your_own_value>"
local_standalone_nat: "enable"
mac_auth_bypass: "enable"
mac_called_station_delimiter: "hyphen"
mac_calling_station_delimiter: "hyphen"
mac_case: "uppercase"
mac_filter: "enable"
mac_filter_list:
-
id: "82"
mac: "<your_own_value>"
mac_filter_policy: "allow"
mac_filter_policy_other: "allow"
mac_password_delimiter: "hyphen"
mac_username_delimiter: "hyphen"
max_clients: "0"
max_clients_ap: "0"
mbo: "disable"
mbo_cell_data_conn_pref: "excluded"
me_disable_thresh: "32"
mesh_backhaul: "enable"
mpsk: "enable"
mpsk_concurrent_clients: "32767"
mpsk_key:
-
comment: "Comment."
concurrent_clients: "<your_own_value>"
key_name: "<your_own_value>"
mpsk_schedules:
-
name: "default_name_101 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
passphrase: "<your_own_value>"
mpsk_profile: "<your_own_value> (source wireless-controller.mpsk-profile.name)"
mu_mimo: "enable"
multicast_enhance: "enable"
multicast_rate: "0"
nac: "enable"
nac_profile: "<your_own_value> (source wireless-controller.nac-profile.name)"
name: "default_name_109"
neighbor_report_dual_band: "disable"
okc: "disable"
osen: "enable"
owe_groups: "19"
owe_transition: "disable"
owe_transition_ssid: "<your_own_value>"
passphrase: "<your_own_value>"
pmf: "disable"
pmf_assoc_comeback_timeout: "1"
pmf_sa_query_retry_timeout: "2"
port_macauth: "disable"
port_macauth_reauth_timeout: "7200"
port_macauth_timeout: "600"
portal_message_override_group: "<your_own_value> (source system.replacemsg-group.name)"
portal_message_overrides:
auth_disclaimer_page: "<your_own_value>"
auth_login_failed_page: "<your_own_value>"
auth_login_page: "<your_own_value>"
auth_reject_page: "<your_own_value>"
portal_type: "auth"
primary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
probe_resp_suppression: "enable"
probe_resp_threshold: "<your_own_value>"
ptk_rekey: "enable"
ptk_rekey_intv: "86400"
qos_profile: "<your_own_value> (source wireless-controller.qos-profile.name)"
quarantine: "enable"
radio_2g_threshold: "<your_own_value>"
radio_5g_threshold: "<your_own_value>"
radio_sensitivity: "enable"
radius_mac_auth: "enable"
radius_mac_auth_block_interval: "0"
radius_mac_auth_server: "<your_own_value> (source user.radius.name)"
radius_mac_auth_usergroups:
-
name: "default_name_144"
radius_mac_mpsk_auth: "enable"
radius_mac_mpsk_timeout: "86400"
radius_server: "<your_own_value> (source user.radius.name)"
rates_11a: "1"
rates_11ac_mcs_map: "<your_own_value>"
rates_11ac_ss12: "mcs0/1"
rates_11ac_ss34: "mcs0/3"
rates_11ax_mcs_map: "<your_own_value>"
rates_11ax_ss12: "mcs0/1"
rates_11ax_ss34: "mcs0/3"
rates_11bg: "1"
rates_11n_ss12: "mcs0/1"
rates_11n_ss34: "mcs16/3"
roaming_acct_interim_update: "enable"
sae_groups: "19"
sae_h2e_only: "enable"
sae_hnp_only: "enable"
sae_password: "<your_own_value>"
sae_pk: "enable"
sae_private_key: "<your_own_value>"
scan_botnet_connections: "disable"
schedule:
-
name: "default_name_167 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
secondary_wag_profile: "<your_own_value> (source wireless-controller.wag-profile.name)"
security: "open"
security_exempt_list: "<your_own_value> (source user.security-exempt-list.name)"
security_obsolete_option: "enable"
security_redirect_url: "<your_own_value>"
selected_usergroups:
-
name: "default_name_174 (source user.group.name)"
set_80211k: "disable"
set_80211v: "disable"
split_tunneling: "enable"
ssid: "<your_own_value>"
sticky_client_remove: "enable"
sticky_client_threshold_2g: "<your_own_value>"
sticky_client_threshold_5g: "<your_own_value>"
sticky_client_threshold_6g: "<your_own_value>"
target_wake_time: "enable"
tkip_counter_measure: "enable"
tunnel_echo_interval: "300"
tunnel_fallback_interval: "7200"
usergroup:
-
name: "default_name_188 (source user.group.name)"
utm_log: "enable"
utm_profile: "<your_own_value> (source wireless-controller.utm-profile.name)"
utm_status: "enable"
vdom: "<your_own_value> (source system.vdom.name)"
vlan_auto: "enable"
vlan_name:
-
name: "default_name_195"
vlan_id: "<your_own_value>"
vlan_pool:
-
id: "198"
wtp_group: "<your_own_value> (source wireless-controller.wtp-group.name)"
vlan_pooling: "wtp-group"
vlanid: "0"
voice_enterprise: "disable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status
This module is not guaranteed to have a backwards compatible interface.