fortios_monitor – Ansible Module for FortiOS Monitor API.
New in version 2.10.
Synopsis
Request FortiOS appliances to perform specific actions or procedures. This module contain all the FortiOS monitor API.
Requirements
The below requirements are needed on the host that executes this module.
install galaxy collection fortinet.fortios >=
2.0.0
.
Parameters
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
- enable_log - Enable/Disable logging for task. type: bool required: False default: False
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
- selector - Action taken in FortiOS appliance. type: str choices:
- abort.user.query - Abort a running user device unified query.
- query_id - Provide a query ID to abort an unified type query. type: int required: True
- activate.user.fortitoken - Activate a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to activate. If omitted, all tokens will be used. type: array required: False
- add-license.registration.forticare - Add a FortiCare license.
- registration_code - FortiCare contract number. type: string required: True
- add-license.registration.vdom - Add a VDOM license.
- license - VDOM license key. type: string required: True
- add.firewall.clearpass-address - Add ClearPass address with SPT (System Posture Token) value.
- endpoint_ip - Endpoint IPv4 address. type: array required: True
- spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
- add.nsx.service - Add NSX service to connector.
- mkey - NSX connector name. type: string required: True
- add_users.user.banned - Immediately add one or more users to the banned list.
- ip_addresses - List of IP Addresses to ban. IPv4 and IPv6 addresses are allowed. type: array required: True
- expiry - Time until expiry in seconds. 0 for indefinite ban. type: int required: False
- auth.user.firewall - Trigger authentication for a single firewall user.
- username - User name. type: string required: True
- ip - User IP address. type: string required: True
- server - Name of an existing LDAP server entry. If supplied, authenticate that user against any matched groups on that LDAP server. type: string required: False
- backup-action.system.fortimanager - Import or update from FortiManager objects.
- operation - Operation to perform on the given CMDB objects [import|update]. type: string required: True
- objects - Array of CMDB tables and mkeys. type: array required: True
- backup.system.config - Backup system config
- destination - Configuration file destination [file* | usb]. type: string required: False
- usb_filename - When using 'usb' destination: the filename to save to on the connected USB device. type: string required: False
- password - Password to encrypt configuration data. type: string required: False
- scope - Specify global or VDOM only backup [global | vdom]. type: string required: True
- vdom - If 'vdom' scope specified, the name of the VDOM to backup configuration. type: string required: False
- password_mask - True to replace all the secrects and passwords with a mask. type: boolean required: False
- file_format - Configuration file format [fos* | yaml]. type: string required: False
- block.endpoint-control.registration - Block endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to block. type: string required: False
- mac - Single MAC to block. type: string required: False
- bounce-port.switch-controller.managed-switch - Reset the port to force all connected clients to re-request DHCP lease. All active client sessions will be terminated.
- mkey - FortiSwitch ID. type: string required: True
- port - FortiSwitch Port ID. type: string required: True
- duration - Duration in seconds from 1 to 5 for port to be down. Defaults to 1 second if not provided. type: int required: False
- stop - Stop a bounce in progress. type: boolean required: False
- cancel.fortiview.session - Cancel a FortiView request session.
- sessionid - Session ID to cancel. type: int required: False
- device - FortiView request session's device. [disk|faz] type: string required: False
- report_by - Report by field. type: string required: False
- view_level - FortiView View level. type: string required: False
- change-password.user.local - Change password for local user.
- username - User name. type: string required: True
- new_password - Password. type: string required: True
- change-vdom-mode.system.admin - Switch between VDOM modes.
- vdom-mode - VDOM mode [no-vdom|split-vdom|multi-vdom] type: string required: True
- check.endpoint-control.registration-password - Check if provided registration password is valid for current VDOM.
- password - Registration password to test. type: string required: True
- clear-counters.firewall.central-snat-map - Reset traffic statistics for one or more firewall central SNAT policy by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear-counters.firewall.dnat - Reset hit count statistics for one or more firewall virtual IP/server by ID.
- id - Single IDs to reset. type: int required: False
- is_ipv6 - Clear only IPv6 VIP stats. type: boolean required: False
- clear-counters.firewall.ztna-firewall-policy - Reset traffic statistics for one or more ZTNA firewall policies by policy ID.
- policy - Single ZTNA firewall policy ID to reset. type: int required: False
- clear-soft-in.router.bgp - Inbound soft-reconfiguration for BGP peers.
- clear-soft-out.router.bgp - Outbound soft-reconfiguration for BGP peers.
- clear-statistics.system.fortiguard - Immediately clear all FortiGuard statistics.
- clear.system.crash-log - Clear system crash log.
- clear.system.sniffer - Clear the results of a specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- clear.vpn.ike - Clear IKE gateways.
- mkey - Name of the IKE gateway to clear. type: string required: True
- clear_all.firewall.session - Immediately clear all active IPv4 and IPv6 sessions and IPS sessions of current VDOM.
- clear_all.user.banned - Immediately clear all banned users.
- clear_all.wifi.rogue_ap - Clear all detected rogue APs.
- clear_counters.firewall.acl - Reset counters for one or more IPv4 ACLs by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.acl6 - Reset counters for one or more IPv6 ACLs by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.consolidated-policy - Reset traffic statistics for one or more consolidated policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.multicast-policy - Reset traffic statistics for one or more firewall IPv4 multicast policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.multicast-policy6 - Reset traffic statistics for one or more firewall IPv6 multicast policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.policy - Reset traffic statistics for one or more firewall policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.policy6 - Reset traffic statistics for one or more IPv6 policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.proxy-policy - Reset traffic statistics for one or more explicit proxy policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_counters.firewall.security-policy - Reset traffic statistics for one or more security policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
- clear_tunnel.vpn.ssl - Remove all active tunnel sessions in current virtual domain.
- clear_users.user.banned - Immediately clear a list of specific banned users by IP.
- ip_addresses - List of banned user IPs to clear. IPv4 and IPv6 addresses are allowed. type: array required: True
- close-all.firewall.session - Immediately close all active IPv4 and IPv6 sessions, as well as IPS sessions of the current VDOM.
- close-multiple.firewall.session - Close multiple IPv4 firewall sessions which match the provided criteria.
- proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
- saddr - Source address. type: string required: False
- daddr - Destination address. type: string required: False
- sport - Source port. type: int required: False
- dport - Destination port. type: int required: False
- naddr - NAT'd source IP address. type: string required: False
- nport - NAT'd source port. type: int required: False
- policy - Policy ID. type: int required: False
- close-multiple.firewall.session6 - Close multiple IPv6 firewall sessions which match the provided criteria.
- proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
- saddr - Source address. type: string required: False
- daddr - Destination address. type: string required: False
- sport - Source port. type: int required: False
- dport - Destination port. type: int required: False
- policy - Policy ID. type: int required: False
- close.firewall.session - Close a single firewall session that matches all provided criteria.
- pro - Protocol name [tcp|udp|icmp|...]. type: string required: True
- saddr - Source address. type: string required: True
- daddr - Destination address. type: string required: True
- sport - Source port. type: int required: True
- dport - Destination port. type: int required: True
- config.system.fortimanager - Configure FortiManager IP. Register FortiManager if 'fortimanager_ip' is provided. Unregister FortiManager if only 'unregister' parameter is specified and set to true.
- fortimanager_ip - FortiManager IP address. type: string required: False
- unregister - Unregister the FortiManager (default=false). type: boolean required: False
- connect.system.modem - Trigger a connect for the configured modem.
- connect.wifi.network - When FortiWiFi is in client mode, connect to the specified network, if configured in the 'wifi' interface.
- ssid - SSID of network to connect to. type: string required: True
- create.forticonverter.ticket - Create a new FortiConverter service ticket to initiate a migration.
- create.registration.forticare - Create a new FortiCare account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- first_name - First name. type: string required: True
- last_name - Last name. type: string required: True
- title - Title. type: string required: False
- company - Company. type: string required: True
- address - Address. type: string required: True
- city - City. type: string required: True
- country_code - Country code. type: int required: True
- state - State/Province. type: string required: True
- state_code - State/Province code. type: string required: False
- postal_code - Postal code. type: string required: True
- phone - Phone number. type: string required: True
- industry - Industry. type: string required: True
- industry_id - Industry ID. type: int required: True
- orgsize_id - Organization size ID. type: int required: True
- reseller_name - Reseller name. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
- create.registration.forticloud - Create a FortiCloud account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- send_logs - Send logs to FortiCloud. type: boolean required: False
- create.vpn-certificate.local - Generate a new certificate signed by Fortinet_CA_SSL.
- certname - Certificate name. type: string required: True
- common_name - Certificate common name. type: string required: True
- scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators. type: string required: True
- create.web-ui.custom-language - Upload custom language file to this Fortigate.
- lang_name - Name of custom language entry. type: string required: True
- lang_comments - Comments of custom language entry. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- deauth.user.firewall - Deauthenticate single, multiple, or all firewall users.
- user_type - User type [proxy|firewall]. Required for both proxy and firewall users. type: string required: False
- id - User ID. Required for both proxy and firewall users. type: int required: False
- ip - User IP address. Required for both proxy and firewall users. type: string required: False
- ip_version - IP version [ip4|ip6]. Only required if user_type is firewall. type: string required: False
- method - Authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest]. Only required if user_type is firewall. type: string required: False
- all - Set to true to deauthenticate all users. Other parameters will be ignored. type: boolean required: False
- users - Array of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties. type: array required: False
- delete.firewall.clearpass-address - Delete ClearPass address with SPT (System Posture Token) value.
- endpoint_ip - Endpoint IPv4 address. type: array required: True
- spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
- delete.log.local-report - Delete a local report.
- mkeys - Local Report Name. type: array required: True
- delete.system.config-revision - Deletes one or more system configuration revisions.
- config_ids - List of configuration ids. type: array required: True
- delete.system.config-script - Delete the history of config scripts.
- id_list - List of config script history ids to delete. type: array required: True
- delete.vpn.ssl - Terminate the provided SSL-VPN session.
- type - The session type [websession|subsession]. type: string required: True
- index - The session index. type: int required: True
- delete.webfilter.override - Delete a configured webfilter override.
- mkey - ID of webfilter override to delete. type: string required: False
- deregister-device.registration.forticare - Deregister the FortiGate from a FortiCare account.
- email - FortiCare email. type: string required: True
- password - Account password. type: string required: True
- deregister.endpoint-control.registration - Deregister endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to deregister. type: string required: False
- mac - Single MAC to deregister. type: string required: False
- dhcp-renew.system.interface - Renew DHCP lease of an interface.
- mkey - Name of the interface. type: string required: True
- ipv6 - Renew the DHCPv6 lease. type: boolean required: False
- diagnose.extender-controller.extender - Execute diagnotic commands.
- id - FortiExtender ID. type: string required: True
- cmd - Command to execute. type: string required: True
- disassociate.wifi.client - Disassociate a WiFi client from the FortiAP it's currently connected to. The client will need to reassociate with the same FortiAP or another to resume connectivity.
- mac - MAC address. type: string required: True
- disconnect.system.ha-peer - Update configuration of peer in HA cluster.
- serial_no - Serial number of the HA member. type: string required: True
- interface - Name of the interface which should be assigned for management. type: string required: True
- ip - IP to assign to the selected interface. type: string required: True
- mask - Full network mask to assign to the selected interface. type: string required: True
- disconnect.system.modem - Trigger a disconnect for the configured modem.
- download-eval.system.vmlicense - Download Evaluation VM License and reboot immediately if successful.
- account_id - FortiCare account email. type: string required: True
- account_password - FortiCare account password. type: string required: True
- is_government - Is the account in use by a government user? type: boolean required: False
- download.switch-controller.fsw-firmware - Download FortiSwitch firmware from FortiGuard to the FortiGate according to FortiSwitch image ID.
- image_id - FortiSwitch image ID. type: string required: True
- download.system.vmlicense - Download Flex-VM license and reboot immediately if successful.
- token - VM license token. type: string required: False
- proxy_url - HTTP proxy URL in the form: http://user:pass@proxyip:proxyport. type: string required: False
- download.wifi.firmware - Download FortiAP firmware from FortiGuard to the FortiGate according to FortiAP image ID.
- image_id - FortiAP image ID. type: string required: True
- dump.system.com-log - Dump system com-log to file.
- dynamic.system.external-resource - Push updates to the specified external resource.
- commands - List of push commands to run. Each push command requires name of external resource, the push command name and a list of entries that the push command acts on. E.g [{"name":"Threat Feed","command":"snapshot","entries":["192.168.1.1","192.168.1.2"]}] type: array required: True
- eject.system.usb-device - Eject USB drives for safe removal.
- email.user.guest - Sent guest login details via email.
- group - Guest group name. type: string required: True
- guest - Guest user IDs. type: array required: True
- enable-app-bandwidth-tracking.system.traffic-history - Enable FortiView application bandwidth tracking.
- factory-reset.switch-controller.managed-switch - Send 'Factory Reset' command to a given FortiSwitch.
- mkey - Name of managed FortiSwitch. type: string required: True
- flush.firewall.gtp - Flush GTP tunnels.
- scope - Scope from which to flush tunnels from [global|*vdom]. type: string required: False
- gtp_profile - Filter: GTP profile. type: string required: False
- version - Filter: GTP version. type: int required: False
- imsi - Filter: International mobile subscriber identity. type: string required: False
- msisdn - Filter: Mobile station international subscriber directory number type: string required: False
- ms_addr - Filter: Mobile user IP address. type: string required: False
- ms_addr6 - Filter: Mobile user IPv6 address. type: string required: False
- cteid - Filter: Control plane fully qualified tunnel endpoint identifier. type: int required: False
- cteid_addr - Filter: Control plane TEID IP address. type: string required: False
- cteid_addr6 - Filter: Control plane TEID IPv6 address. type: string required: False
- fteid - Filter: Data plane fully qualified tunnel endpoint identifier. type: int required: False
- fteid_addr - Filter: Data plane TEID IP address. type: string required: False
- fteid_addr6 - Filter: Data plane TEID IPv6 address. type: string required: False
- apn - Filter: Access point name. type: string required: False
- format.system.logdisk - Format log disk.
- forticonverter.set-source-sn - Set the source FortiGate which will upload its config.
- source_sn - Source FortiGate serial. type: string required: True
- ticket_id - Service ticket ID. type: string required: True
- generate-key.system.api-user - Generate a new api-key for the specified api-key-auth admin. The old api-key will be replaced. The response contains the only chance to read the new api-key plaintext in the api_key field.
- api-user - Generate a new token for this api-user. type: string required: True
- generate-keys.wifi.ssid - Generate pre-shared keys for specific multi pre-shared key profile.
- mpsk_profile - Multi pre-shared key profile to add keys to. type: string required: True
- group - Multi pre-shared key group to add keys to. type: string required: True
- prefix - Prefix to be added at the start of the generated key's name. type: string required: True
- key_length - Length of the keys to be generated [8-63]. type: int required: True
- generate.vpn-certificate.csr - Generate a certificate signing request (CSR) and a private key. The CSR can be retrieved / downloaded from CLI, GUI and REST API.
- certname - Certicate name. Used to retrieve / download the CSR. Not included in CSR and key content. type: string required: True
- subject - Subject (Host IP/Domain Name/E-Mail). Common Name (CN) of the certificate subject. type: string required: True
- keytype - Generate a RSA or an elliptic curve certificate request [rsa|ec]. The Elliptic Curve option is unavailable if the FortiGate is a Low Encryption Device (LENC) type: string required: True
- keysize - Key size.[1024|1536|2048|4096]. 512 only if the FortiGate is a Low Encryption Device (LENC). Required when keytype is RSA. type: int required: False
- curvename - Elliptic curve name. [secp256r1|secp384r1|secp521r1]. Unavailable if the FortiGate is a Low Encryption Device (LENC). Required when keytype is ec. type: string required: False
- orgunits - List of organization units. Organization Units (OU) of the certificate subject. type: array required: False
- org - Organization (O) of the certificate subject. type: string required: False
- city - Locality (L) of the certificate subject. type: string required: False
- state - State (ST) of the certificate subject. type: string required: False
- countrycode - Country (C) of the certificate subject. type: string required: False
- email - Email of the certificate subject. type: string required: False
- subject_alt_name - Subject alternative name (SAN) of the certificate. type: string required: False
- password - Password / pass phrase for the private key. If not provided, FortiGate generates a random one. type: string required: False
- scep_url - SCEP server URL. If provided, use the url to enroll the csr through SCEP. type: string required: False
- scep_password - SCEP challenge password. Some SCEP servers may require challege password. Provide it when SCEP server requires. type: string required: False
- scope - Scope of CSR [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- geoip.geoip-query - Retrieve location details for IPs queried against FortiGuard's geoip service.
- ip_addresses - One or more IP address strings to query for location details. type: array required: True
- import-mobile.user.fortitoken - Import a list of tokens from FortiGuard to the FortiGate unit.
- code - Activation code on redemption certificate. type: string required: True
- import-seed.user.fortitoken - Import a FortiToken seed file.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import-trial.user.fortitoken - Import trial mobile FortiTokens.
- import.vpn-certificate.ca - Import CA certificate.
- import_method - Method of importing CA certificate.[file|scep] type: string required: True
- scep_url - SCEP server URL. Required for import via SCEP type: string required: False
- scep_ca_id - SCEP server CA identifier for import via SCEP. type: string required: False
- scope - Scope of CA certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.vpn-certificate.crl - Import certificate revocation lists (CRL) from file content.
- scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.vpn-certificate.local - Import local certificate.
- type - Type of certificate.[local|pkcs12|regular] type: string required: True
- certname - Certificate name for pkcs12 and regular certificate types. type: string required: False
- password - Optional password for pkcs12 and regular certificate types. type: string required: False
- key_file_content - Key content encoded in BASE64 for regular certificate type. type: string required: False
- scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- acme_domain - A valid domain that resolves to an IP whose TCP port 443 reaches this FortiGate. type: string required: False
- acme_email - Contact email address that is required by some CAs such as LetsEncrypt. type: string required: False
- acme_ca_url - URL for the ACME CA server. type: string required: False
- acme_rsa_key_size - Length of the RSA private key for the generated cert. type: int required: False
- acme_renew_window - Certificate renewal window in days. type: int required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.vpn-certificate.remote - Import remote certificate.
- scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- import.web-ui.language - Import localization language file to this FortiGate.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- keep-alive.wifi.spectrum - Extend duration of an existing spectrum analysis for a specific FortiAP.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- duration - Duration in seconds. type: int required: True
- kill.system.process - Kill a running process.
- pid - The process ID. type: int required: True
- signal - Signal to use when killing the process [9 (SIGKILL) | 11 (SIGSEGV) | 15 (SIGTERM)]. Defaults to 15. type: int required: False
- led-blink.wifi.managed_ap - Turn a managed FortiAP's LED blinking on or off.
- serials - FortiAP IDs to turn LED blink on/off. type: array required: True
- blink - True to turn on blinking, false to turn off. type: boolean required: True
- duration - Time to blink, in seconds. 0 or omit for indefinite. type: int required: False
- login.registration.forticare - Login to FortiCare.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- reseller_name - Reseller name. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
- login.registration.forticloud - Login to FortiCloud.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- send_logs - Send logs to FortiCloud. type: boolean required: False
- domain - FortiCloud domain. type: string required: False
- logout.registration.forticloud - Logout from FortiCloud.
- manual-update.system.fortiguard - Manually update entitlements.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- migrate.registration.forticloud - Migrate standalone FortiGate Cloud account to FortiCloud.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- poe-reset.switch-controller.managed-switch - Reset PoE on a given FortiSwitch's port.
- mkey - Name of managed FortiSwitch. type: string required: True
- port - Name of port to reset PoE on. type: string required: True
- port-stats-reset.switch-controller.managed-switch - Reset port statistics for a given FortiSwitch.
- mkey - FortiSwitch ID. type: string required: True
- ports - Name of ports to reset statistics on. type: array required: False
- provision-user.vpn.ssl - Provision SSL-VPN users with target applications. The provisioning message (email or SMS) is sent with no confirmation of success.
- host - The hostname/IP address of the VPN server. type: string required: True
- port - The port of the VPN server. type: int required: True
- vpn_name - The name of the VPN configuration. type: string required: True
- method - Method to send [email|sms]. If not set, email will be the default. type: string required: False
- email_list - The email address that the VPN configuration message should be sent to. Required if "method" is "email". type: string required: False
- phone_user_list - The user that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
- phone_number_list - The phone number that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
- sms_method - The method to be used for sending the SMS [fortiguard|custom]. Default is "fortiguard". type: string required: False
- sms_server - The SMS server to be used for sending SMS messages, required if "custom" SMS method is chosen. type: string required: False
- provision.user.fortitoken - Provision a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to provision. If omitted, all tokens will be used. type: array required: False
- pse-config.switch-controller.recommendation - Execute switch recommendation for pse-config to prevent PSE-PSE scenarios.
- fortilink - FortiLink interface name. type: string required: True
- purdue-level.user.device - Update the Purdue level of device from device store.
- mac - Main MAC address of the device. type: string required: True
- ip - IP address of the device. type: string required: False
- level - Purdue level of the device [1|1.5|2|2.5|3|3.5|4|5|5.5]. type: string required: True
- push.switch-controller.fsw-firmware - Push FortiSwitch firmware to the given device.
- switch_id - The target device's switch ID. type: string required: True
- image_id - FortiSwitch image ID. type: string required: True
- push.wifi.firmware - Push FortiAP firmware to the given device.
- serial - The target device's serial. type: string required: True
- image_id - FortiAP image ID. type: string required: True
- quarantine.endpoint-control.registration - Quarantine endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to quarantine. type: string required: False
- mac - Single MAC to quarantine. type: string required: False
- read-info.system.certificate - Get certificate information from a certificate string.
- value - PEM formatted certificate. type: string required: True
- reboot.system.os - Immediately reboot this device.
- event_log_message - Message to be logged in event log. type: string required: False
- refresh-server.user.fsso - Refresh remote agent group list for all fsso agents.
- refresh.azure.application-list - Update the Azure application list data or get the status of an update.
- last_update_time - Timestamp of a previous update request. If this is not provided then it will refresh the Azure application list data. type: int required: False
- refresh.system.external-resource - Fetch the external resource file and refresh status for the specified external resource.
- mkey - The name of the external resource to query. type: string required: True
- check_status_only - Set to true to return only the refresh status. type: boolean required: False
- last_connection_time - The timestamp of last connection to the resource; used for checking refresh status. type: int required: False
- refresh.user.fortitoken - Refresh a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to refresh. If omitted, all tokens will be used. type: array required: False
- register-appliance.system.csf - Register appliance to Security Fabric.
- type - Appliance type (Example: 'faz'). type: string required: True
- mgmt_ip - Management IP or FQDN. type: string required: True
- mgmt_port - Management port. type: int required: False
- mgmt_url_parameters - Array of URL parameters. Each item is a key/value pair. If provided, the URL parameters will be included in the management IP URL. type: array required: False
- serial - Serial number. type: string required: True
- hostname - Host name. type: string required: False
- register-device.registration.forticloud - Register a device to FortiCloud through FortiGate. Currently FortiSwitch and FortiAP are supported.
- serial - Device serial number type: string required: True
- email - FortiCloud email. type: string required: True
- password - Password. type: string required: True
- reseller - Reseller. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- country - Country. type: string required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
- remove.user.device - Remove single or multiple user devices specified by host MAC addresses.
- macs - An array of host MAC addresses to be removed. type: array required: False
- reset.extender-controller.extender - Reset a specific FortiExtender unit.
- id - FortiExtender ID to reset. type: string required: True
- reset.firewall.central-snat-map - Reset traffic statistics for all firewall central SNAT policies.
- reset.firewall.consolidated-policy - Reset traffic statistics for all consolidated policies.
- reset.firewall.dnat - Reset hit count statistics for all firewall virtual IPs/servers.
- reset.firewall.multicast-policy - Reset traffic statistics for all IPv4 firewall multicast policies.
- reset.firewall.multicast-policy6 - Reset traffic statistics for all IPv6 firewall multicast policies.
- reset.firewall.per-ip-shaper - Reset statistics for all configured firewall per-IP traffic shapers.
- reset.firewall.policy - Reset traffic statistics for all firewall policies.
- reset.firewall.policy6 - Reset traffic statistics for all IPv6 policies.
- reset.firewall.shaper - Reset statistics for all configured traffic shapers.
- reset.log.stats - Reset logging statistics for all log devices.
- reset.system.modem - Reset statistics for internal/external configured modem.
- reset.wanopt.history - Reset WAN opt. statistics.
- reset.wanopt.peer_stats - Reset WAN opt peer statistics.
- reset.wanopt.webcache - Reset webcache statistics.
- reset.webcache.stats - Reset all webcache statistics.
- reset.webfilter.category-quota - Reset webfilter quota for user or IP.
- profile - Webfilter profile to reset. type: string required: False
- user - User or IP to reset with. type: string required: False
- reset.wifi.euclid - Reset presence analytics statistics.
- restart.switch-controller.managed-switch - Restart a given FortiSwitch.
- mkey - Name of managed FortiSwitch. type: string required: True
- restart.system.sniffer - Restart specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- restart.wifi.managed_ap - Restart a given FortiAP.
- wtpname - FortiAP name. type: string required: False
- restore.system.config - Restore system configuration from uploaded file or from USB.
- source - Configuration file data source [upload | usb | revision]. type: string required: True
- usb_filename - When using 'usb' source: the filename to restore from the connected USB device. type: string required: False
- config_id - When using 'revision' source: valid ID of configuration stored on disk to revert to. type: int required: False
- password - Password to decrypt configuration data. type: string required: False
- scope - Specify global or VDOM only restore [global | vdom]. type: string required: True
- vdom - If 'vdom' scope specified, the name of the VDOM to restore configuration. type: string required: False
- confirm_password_mask - True to upload password mask config file. type: boolean required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- revoke.system.dhcp - Revoke IPv4 DHCP leases.
- ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
- revoke.system.dhcp6 - Revoke IPv6 DHCP leases.
- ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
- run.system.compliance - Immediately run compliance checks for the selected VDOM.
- run.system.config-script - Run remote config scripts.
- remote_script - Name of remote config script to run. type: string required: True
- save.system.config - Explicitly save all configuration.
- save.system.config-revision - Create a new config revision checkpoint.
- comments - Optional revision comments type: string required: False
- scan.wifi.network - When FortiWiFi is in client mode, start a scan for local WiFi networks.
- send-activation.user.fortitoken - Send a FortiToken activation code to a user via SMS or Email.
- token - FortiToken serial number. The token must be assigned to a user/admin. type: string required: True
- method - Method to send activation code [email|sms]. If not set, SMS will be attempted first, then email. type: string required: False
- email - Override email address. type: string required: False
- sms_phone - Override SMS phone number. SMS provider must be set in the assigned user/admin. type: string required: False
- set-tier-plus.switch-controller.mclag-icl - Setup a tier 2/3 MC-LAG link between a pair of FortiSwitches.
- fortilink - FortiLink interface name. type: string required: True
- parent_peer1 - FortiSwitch ID for MC-LAG parent peer 1. type: string required: True
- parent_peer2 - FortiSwitch ID for MC-LAG parent peer 2. type: string required: True
- peer1 - FortiSwitch ID for MC-LAG peer 1. type: string required: True
- peer2 - FortiSwitch ID for MC-LAG peer 2. type: string required: True
- isl_port_group - ISL port group name. type: string required: True
- set-tier1.switch-controller.mclag-icl - Setup a tier-1 MC-LAG link between a pair of FortiSwitches.
- fortilink - FortiLink interface name. type: string required: True
- peer1 - FortiSwitch ID for MC-LAG peer 1. type: string required: True
- peer2 - FortiSwitch ID for MC-LAG peer 2. type: string required: True
- set.system.time - Sets current system time stamp.
- year - Specifies the year for setting/updating time manually. type: int required: True
- month - Specifies the month (0 - 11) for setting/updating time manually. type: int required: True
- day - Specifies the day for setting/updating time manually. type: int required: True
- hour - Specifies the hour (0 - 23) for setting/updating time manually. type: int required: True
- minute - Specifies the minute (0 - 59) for setting/updating time manually. type: int required: True
- second - Specifies the second (0 - 59) for setting/updating time manually. type: int required: True
- set_status.wifi.managed_ap - Update administrative state for a given FortiAP (enable or disable authorization).
- wtpname - FortiAP name. type: string required: False
- admin - New FortiAP administrative state [enable|disable|discovered]. type: string required: False
- set_status.wifi.rogue_ap - Mark detected APs as rogue APs.
- bssid - List of rogue AP MAC addresses. type: array required: False
- ssid - Corresponding list of rogue AP SSIDs. type: array required: False
- status - Status to assign matching APs [unclassified|rogue|accepted|suppressed]. type: string required: False
- shutdown.system.os - Immediately shutdown this device.
- event_log_message - Message to be logged in event log. type: string required: False
- sms.user.guest - Sent guest login details via SMS.
- group - Guest group name. type: string required: True
- guest - Guest user IDs. type: array required: True
- soft-reset-neighbor.router.bgp - BGP Neighbor soft reset.
- ip - IP address of neighbor to perform soft reset on. type: string required: True
- speed-test-trigger.system.interface - Run a speed-test on the given interface.
- mkey - Name of the interface. type: string required: True
- start.forticonverter.download - Start download from FortiConverter for processed config.
- ticket_id - Service ticket ID. type: string required: True
- extension - File extension [pdf|conf]. type: string required: True
- start.network.debug-flow - Start debug flow packet capture.
- num_packets - Number of packets. type: int required: True
- ipv6 - Whether we are debugging IPv6 traffic. type: boolean required: True
- negate - Inverse IPv4 or IPv6 filter. type: boolean required: False
- addr_from - IPv4 or IPv6 address start of range. type: string required: False
- addr_to - IPv4 or IPv6 address end of range. type: string required: False
- daddr_from - Destination IPv4 or IPv6 address start of range. type: string required: False
- daddr_to - Destination IPv4 or IPv6 address end of range. type: string required: False
- saddr_from - Source IPv4 or IPv6 address start of range. type: string required: False
- saddr_to - Source IPv4 or IPv6 address end of range. type: string required: False
- port_from - Port from. type: int required: False
- port_to - Port to. type: int required: False
- dport_from - Destination port from. type: int required: False
- dport_to - Destination port to. type: int required: False
- sport_from - Source port from. type: int required: False
- sport_to - Source port to. type: int required: False
- proto - Protocol number. type: int required: False
- start.system.fsck - Set file system check flag so that it will be executed on next device reboot.
- start.system.sniffer - Start specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- start.system.usb-log - Start backup of logs from current VDOM to USB drive.
- start.wifi.spectrum - Start spectrum analysis for a specific FortiAP for a duration of time.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- channels - Channels. type: array required: True
- duration - Duration in seconds. type: int required: True
- start.wifi.vlan-probe - Start a VLAN probe.
- ap_interface - FortiAP interface to send the probe on. type: int required: True
- wtp - FortiAP ID. type: string required: True
- start_vlan_id - The starting VLAN ID for the probe. type: int required: True
- end_vlan_id - The ending VLAN ID for the probe. type: int required: True
- retries - Number of times to retry a probe for a particular VLAN. type: int required: True
- timeout - Timeout duration (in seconds) to wait for a VLAN probe response. type: int required: True
- stop.network.debug-flow - Stop debug flow packet capture.
- stop.system.sniffer - Stop specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
- stop.system.usb-log - Stop backup of logs to USB drive.
- stop.wifi.spectrum - Stop spectrum analysis for a specific FortiAP.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- stop.wifi.vlan-probe - Stop a VLAN probe.
- ap_interface - FortiAP interface to send the probe on. type: int required: True
- wtp - FortiAP ID. type: string required: True
- submit.forticonverter.intf-mapping - Submit physical interface mapping to FortiConverter.
- intf_mapping - Interface mapping from source to target. type: object required: True
- ticket_id - Service ticket ID. type: string required: True
- submit.forticonverter.mgmt-intf - Submit management interface details to FortiConverter.
- intf_details - Management interface details. type: object required: True
- ticket_id - Service ticket ID. type: string required: True
- submit.forticonverter.notes - Submit contact details and conversion notes to FortiConverter.
- ticket_id - Service ticket ID. type: string required: True
- contact_name - Contact name. type: string required: True
- contact_email - Contact email. type: string required: True
- contact_phone - Contact phone. type: string required: True
- notes - Conversion notes. type: string required: False
- submit.forticonverter.ticket - Submit FortiConverter ticket.
- ticket_id - Service ticket ID. type: string required: True
- system.change-password - Save admin and guest-admin passwords.
- mkey - User ID for password change. type: string required: False
- old_password - Old password. type: string required: False
- new_password - New password. type: string required: True
- system.disconnect-admins - Disconnects logged in administrators.
- id - Admin ID type: int required: False
- method - Login method used to connect admin to FortiGate. type: string required: False
- admins - List of objects with admin id and method. type: array required: True
- system.password-policy-conform - Check whether password conforms to the password policy.
- mkey - User ID for password change. type: string required: False
- apply_to - Password Policy ID. type: string required: False
- password - Password. type: string required: False
- old_password - Old password. type: string required: False
- test-availability.system.fortiguard - Test availability of FortiGuard services.
- protocol - Protocol to check. [https | udp | http] type: string required: True
- port - Port to check. type: int required: True
- service - Service to check. [emailfilter | webfilter] type: string required: True
- test-connect.user.radius - Test the connectivity of the given RADIUS server and, optionally, the validity of a username & password.
- mkey - Name of FortiGate's RADIUS object whose settings to test. type: string required: False
- ordinal - If 'mkey' is provided, the server-secret pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
- server - Host name or IP of a RADIUS server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
- secret - Secret password for the RADIUS server. If 'mkey' is provided, this overrides the 'secret' value in the object. type: string required: False
- auth_type - Authentication protocol to use [auto|ms_chap_v2|ms_chap|chap|pap]. If 'mkey' is provided, this overrides the 'auth-type' value in the object. type: string required: False
- user - User name whose access to check. type: string required: False
- password - User's password. type: string required: False
- test.system.automation-stitch - Triggers an automation stitch for testing purposes.
- mkey - ID of automation stitch to trigger. type: string required: True
- log - Message to store in the log buffer when triggering an event. For example, "logid=\"32102\" eventtime=1528840790000000000 logdesc=\"Sample description\" msg=\"Sample message\"". This parameter is required for the 'event-log' event type. For the test to run, the 'logid' argument value must match the trigger-defined value. If 'logid' is not provided, the test will use the trigger-defined value. type: string required: False
- test.user.tacacs-plus - Test the connectivity of the given TACACS+ server.
- mkey - Name of FortiGate's TACACS+ object whose settings to test. type: string required: False
- ordinal - If 'mkey' is provided, the server-key pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
- server - Host name of IP of a TACACS+ server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
- secret - Secret key for the TACACS+ server. If 'mkey' is provided, this overrides the 'key' value in the object. type: string required: False
- port - Port number of the TACACS+ server. If 'mkey' is provided, this overrides the 'port' value in the object. Defaults to 49. type: int required: False
- source_ip - Source IP for communications to TACACS+ server. If 'mkey' is provided, this overrides the 'source-ip' value in the object. type: string required: False
- toggle-vdom-mode.system.admin - Toggles VDOM mode on/off. Enables or disables VDOM mode if it is disabled or enabled respectively.
- transfer.registration.forticare - Transfer to a new FortiCare account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- old_email - Old account email. type: string required: True
- old_password - Old account password. type: string required: True
- trial.user.fortitoken-cloud - Activate FortiToken Cloud trial.
- trigger.system.security-rating - Run a Security Rating report.
- report_type - Security Rating report to run, run all reports when unspecified. type: string required: False
- report_types - Multiple Security Rating reports to run, run all reports when unspecified. type: array required: False
- tunnel_down.vpn.ipsec - Bring down a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- p2name - IPsec phase2 name. type: string required: True
- p2serial - IPsec phase2 serial. type: int required: False
- tunnel_reset_stats.vpn.ipsec - Reset statistics for a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- tunnel_up.vpn.ipsec - Bring up a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- p2name - IPsec phase2 name. type: string required: True
- p2serial - IPsec phase2 serial. type: int required: False
- unblock.endpoint-control.registration - Unblock endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to unblock. type: string required: False
- mac - Single MAC to unblock. type: string required: False
- unquarantine.endpoint-control.registration - Unquarantine endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to unquarantine. type: string required: False
- mac - Single MAC to unquarantine. type: string required: False
- unverify-cert.endpoint-control.ems - Unverify EMS server certificate for a specific EMS.
- ems_id - EMS server ID (as defined in CLI table endpoint-control.fctems). type: int required: True
- scope - Scope from which to retrieve EMS certificate status [vdom*|global]. type: string required: False
- update-comments.system.config-revision - Updates comments for a system configuration file.
- config_id - Configuration id. type: int required: False
- comments - Configuration comments. type: string required: False
- update-global-label.firewall.policy - Update the global-label of group starting with the provided leading policy ID.
- policyid - Leading policy ID of the group to update. type: string required: True
- current-label - The current global-label of the group. If not provided, will assume the current group's label is empty string. type: string required: False
- new-label - The new global-label of the group. If not provided, the current group's label will be deleted type: string required: False
- update-global-label.firewall.security-policy - Update the global-label of group starting with the provided leading policy ID.
- policyid - Leading policy ID of the group to update. type: string required: True
- current-label - The current global-label of the group. If not provided, will assume the current group's label is empty string. type: string required: False
- new-label - The new global-label of the group. If not provided, the current group's label will be deleted type: string required: False
- update.forticonverter.eligibility - Force an immediate request to update eligibility and ticket info.
- update.forticonverter.intf-list - Force an immediate request to update source interface list.
- update.forticonverter.sn-list - Force an immediate request to update source device serials.
- update.forticonverter.submitted-info - Force an immediate request to update all submitted info.
- update.switch-controller.isl-lockdown - Enable/disable ISL lockdown.
- fortilink - FortiLink interface name. type: string required: True
- status - To enable or disable lockdown. [enable|disable] type: string required: True
- update.switch-controller.managed-switch - Update administrative state for a given FortiSwitch (enable or disable authorization).
- mkey - FortiSwitch name. type: string required: False
- admin - New FortiSwitch administrative state [enable|disable|discovered]. type: string required: False
- update.system.fortiguard - Immediately update status for FortiGuard services.
- update.system.ha-peer - Update configuration of peer in HA cluster.
- serial_no - Serial number of the HA member. type: string required: True
- vcluster_id - Virtual cluster number. type: int required: False
- priority - Priority to assign to HA member. type: int required: False
- hostname - Name to assign the HA member. type: string required: False
- update.system.modem - Update supported modem list from FortiGuard.
- update.system.sdn-connector - Update an SDN connector's connection status.
- mkey - SDN connector name. type: string required: True
- update.web-ui.custom-language - Update custom language file to this Fortigate.
- mkey - Name of custom language entry. type: string required: True
- lang_name - New name of custom language entry. type: string required: False
- lang_comments - Comments of custom language entry. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.extender-controller.extender - Upgrade FortiExtender.
- id - FortiExtender ID to upgrade. type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.license.database - Upgrade or downgrade UTM engine or signature package (IPS/AntiVirus/Application Control/Industrial database/Security Rating/Internet Service Database) using uploaded file.
- db_name - Security service database name [ips|appctrl|industrial_db|antivirus|security_rating|isdb|iotddb] type: string required: True
- confirm_not_signed - Confirm whether unsigned pkg files may be uploaded. type: boolean required: False
- confirm_not_ga_certified - Confirm whether non GA-certified pkg files may be uploaded. type: boolean required: False
- file_id - File id of existing pkg file from a previous upload. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.system.firmware - Upgrade firmware image on this device using uploaded file.
- source - Firmware file data source [upload|usb|fortiguard]. type: string required: True
- filename - Name of file on USB disk to upgrade to, or ID from FortiGuard available firmware. type: string required: False
- format_partition - Set to true to format boot partition before upgrade. type: boolean required: False
- ignore_invalid_signature - Set to true to allow upgrade of firmware images with invalid signatures. type: boolean required: False
- file_id - File ID of the uploaded firmware image to allow upgrade of firmware images with invalid signatures. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upgrade.system.lte-modem - Upgrade LTE modem firmware image on this device using uploaded files.
- upload.forticonverter.config - Upload config from target FortiGate to FortiConverter.
- ticket_id - Service ticket ID. type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.switch-controller.fsw-firmware - Upload FortiSwitch firmware to the management FortiGate and then push to target FortiSwitches.
- switch_ids - The target device's switch ID. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.system.config-script - Upload and run a new configuration script file.
- filename - Name of configuration script file. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.system.hscalefw-license - Update Hyperscale firewall license for hardware acceleration using license key.
- license_key - License key. Format:0000-0000-0000-0000-0000-0000-00. type: string required: True
- upload.system.lte-modem - Upload the modem firmware upgrade files.
- filename - Firmware file being uploaded. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.system.vmlicense - Update VM license using uploaded file. Reboots immediately if successful.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.webproxy.pacfile - Upload webproxy PAC file.
- filename - Name of PAC file. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.wifi.firmware - Upload FortiAP firmware to the management FortiGate and then push to target FortiAPs.
- serials - The target device's serial. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- upload.wifi.region-image - Saves a floorplan/region image to an existing region.
- region_name - Region name to save image to. type: string required: True
- image_type - MIME type of the image (png|jpeg|gif). type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
- user.password-policy-conform - Check if password adheres to local user password policy.
- username - User name. type: string required: False
- password - Password. type: string required: True
- utm.rating-lookup - Lookup FortiGuard rating for a specific URL.
- url - List of URLs to query. type: array required: False
- lang - Language for the rating response. type: string required: False
- validate-gcp-key.system.sdn-connector - Validate a string representing a private key from GCP in PEM format.
- private-key - Private key in PEM format. type: string required: True
- verify-cert.endpoint-control.ems - Verify EMS server certificate for a specific EMS.
- ems_id - EMS server ID (as defined in CLI table endpoint-control.fctems). type: int required: True
- scope - Scope from which to verify EMS [vdom*|global]. type: string required: False
- fingerprint - EMS server certificate fingerprint to check with. type: string required: True
- wake-on-lan.system.interface - Send wake on lan packet to device.
- mkey - Name of the interface that will send out the packet. type: string required: True
- mac - MAC of device to wake up. type: string required: True
- protocol_option - protocol [wol | udp]. Default is udp type: string required: False
- port - Port used by UDP WoL packets (0, 7, or 9). Port 9 will be used by default. type: int required: False
- address - Broadcast IP address used by UDP WoL packets. type: string required: False
- secureon_password - Password of the destination host if SecureOn is enabled. type: string required: False
- webhook.system.automation-stitch - Triggers an incoming webhook for an automation stitch.
- mkey - The incoming webhook name to trigger. type: string required: True
- abort.user.query - Abort a running user device unified query.
- params - the parameter for each action, see definition in above list.type: dict
Notes
Note
Backup API varies across versions. For FOS 7.0.1 and earlier, utilize system_config_backup in fortios_monitor_fact. For FOS 7.0.2 and later, utilize backup.system.config in fortios_monitor.
Different
selector
may have different parameters, users are expected to look them up in the dropdown list above..For some selectors, no
params
are allowed to appear.Not all parameters are required for a selector.
This module is exclusivly for FortiOS monitor API.
The result of API request is stored in
results
.
Examples
- hosts: fortigates
connection: httpapi
collections:
- fortinet.fortios
vars:
vdom: "root"
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Activate FortiToken
fortios_monitor:
vdom: "root"
access_token: "<fortios_access_token>"
selector: 'activate.user.fortitoken'
params:
tokens: '<token string>'
- name: Reboot This Device
fortios_monitor:
vdom: "root"
access_token: "<fortios_access_token>"
selector: 'reboot.system.os'
params:
event_log_message: 'Reboot Request From Ansible'
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
- name - Name of the table used to fulfill the request returned: always type: str sample: firmware
- path - Path of the table used to fulfill the request returned: always type: str sample: system
- results - Object list retrieved from device. returned: always type: list
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- ansible_facts - The list of fact subsets collected from the device returned: always type: dict
Status
This module is not guaranteed to have a backwards compatible interface.