Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global
.
New in version 2.10: of fortinet.fortimanager
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | ||
enable_log boolean |
| Enable/Disable logging for task | ||
proposed_method string |
| The overridden method for the underlying Json RPC request | ||
rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | |||
rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | |||
state string / required |
| the directive to create, update or delete an object | ||
system_global dictionary | the top level parameters set | |||
admin-lockout-duration integer | Default: 60 | Lockout duration(sec) for administration. | ||
admin-lockout-threshold integer | Default: 3 | Lockout threshold for administration. | ||
adom-mode string |
| ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. | ||
adom-rev-auto-delete string |
| Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. | ||
adom-rev-max-backup-revisions integer | Default: 5 | Maximum number of ADOM revisions to backup. | ||
adom-rev-max-days integer | Default: 30 | Number of days to keep old ADOM revisions. | ||
adom-rev-max-revisions integer | Default: 120 | Maximum number of ADOM revisions to keep. | ||
adom-select string |
| Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. | ||
adom-status string |
| ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. | ||
clone-name-option string |
| set the clone object names option. default - Add a prefix of Clone of to the clone name. keep - Keep the original name for user to edit. | ||
clt-cert-req string |
| Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. | ||
console-output string |
| Console output mode. standard - Standard output. more - More page output. | ||
country-flag string |
| Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. | ||
create-revision string |
| Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. | ||
daylightsavetime string |
| Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. | ||
default-disk-quota integer | Default: 1000 | Default disk quota for registered device (MB). | ||
detect-unregistered-log-device string |
| Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. | ||
device-view-mode string |
| Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. | ||
dh-params string |
| Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. | ||
disable-module list / elements=string |
| no description | ||
enc-algorithm string |
| SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. | ||
faz-status string |
| FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. | ||
fgfm-ca-cert string | set the extra fgfm CA certificates. | |||
fgfm-local-cert string | set the fgfm local certificate. | |||
fgfm-ssl-protocol string |
| set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). | ||
ha-member-auto-grouping string |
| Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. | ||
hitcount_concurrent integer | Default: 100 | The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). | ||
hitcount_interval integer | Default: 300 | The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). | ||
hostname string | Default: "FMG-VM64" | System hostname. | ||
import-ignore-addr-cmt string |
| Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. | ||
language string |
| System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese | ||
latitude string | fmg location latitude | |||
ldap-cache-timeout integer | Default: 86400 | LDAP browser cache timeout (seconds). | ||
ldapconntimeout integer | Default: 60000 | LDAP connection timeout (msec). | ||
lock-preempt string |
| Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. | ||
log-checksum string |
| Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log files MD5 hash value only. md5-auth - Record log files MD5 hash value and authentication code. | ||
log-forward-cache-size integer | Default: 0 | Log forwarding disk cache size (GB). | ||
longitude string | fmg location longitude | |||
max-log-forward integer | Default: 5 | Maximum number of log-forward and aggregation settings. | ||
max-running-reports integer | Default: 1 | Maximum number of reports generating at one time. | ||
mc-policy-disabled-adoms list / elements=string | no description | |||
adom-name string | Adom names. | |||
multiple-steps-upgrade-in-autolink string |
| Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. | ||
object-revision-db-max integer | Default: 100000 | Maximum revisions for a single database (10,000-1,000,000 default 100,000). | ||
object-revision-mandatory-note string |
| Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. | ||
object-revision-object-max integer | Default: 100 | Maximum revisions for a single object (10-1000 default 100). | ||
object-revision-status string |
| Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. | ||
oftp-ssl-protocol string |
| set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). | ||
partial-install string |
| Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. | ||
partial-install-force string |
| Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. | ||
partial-install-rev string |
| Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. | ||
per-policy-lock string |
| Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. | ||
perform-improve-by-ha string |
| Enable/Disable performance improvement by distributing tasks to HA slaves. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. | ||
policy-hit-count string |
| show policy hit count. disable - Disable policy hit count. enable - Enable policy hit count. | ||
policy-object-icon string |
| show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. | ||
policy-object-in-dual-pane string |
| show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. | ||
pre-login-banner string |
| Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. | ||
pre-login-banner-message string | Pre-login banner message. | |||
private-data-encryption string |
| Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. | ||
remoteauthtimeout integer | Default: 10 | Remote authentication (RADIUS/LDAP) timeout (sec). | ||
search-all-adoms string |
| Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. | ||
ssl-low-encryption string |
| SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. | ||
ssl-protocol list / elements=string |
| no description | ||
ssl-static-key-ciphers string |
| Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. | ||
task-list-size integer | Default: 2000 | Maximum number of completed tasks to keep. | ||
tftp string |
| Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP | ||
timezone string |
| Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic. 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi,Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+6:00) Sri Jayawardenapura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nukualofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. | ||
tunnel-mtu integer | Default: 1500 | Maximum transportation unit(68 - 9000). | ||
usg string |
| Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only | ||
vdom-mirror string |
| VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. | ||
webservice-proto list / elements=string |
| no description | ||
workflow-max-sessions integer | Default: 500 | Maximum number of workflow sessions per ADOM (minimum 100). | ||
workspace-mode string |
| Set workspace mode (ADOM Locking). disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. | ||
workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | |||
workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock |
Note
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Global range attributes. fmgr_system_global: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] system_global: admin-lockout-duration: <value of integer> admin-lockout-threshold: <value of integer> adom-mode: <value in [normal, advanced]> adom-rev-auto-delete: <value in [disable, by-revisions, by-days]> adom-rev-max-backup-revisions: <value of integer> adom-rev-max-days: <value of integer> adom-rev-max-revisions: <value of integer> adom-select: <value in [disable, enable]> adom-status: <value in [disable, enable]> clt-cert-req: <value in [disable, enable, optional]> console-output: <value in [standard, more]> country-flag: <value in [disable, enable]> create-revision: <value in [disable, enable]> daylightsavetime: <value in [disable, enable]> default-disk-quota: <value of integer> detect-unregistered-log-device: <value in [disable, enable]> device-view-mode: <value in [regular, tree]> dh-params: <value in [1024, 1536, 2048, ...]> disable-module: - fortiview-noc - none - fortirecorder - siem - soc - ai enc-algorithm: <value in [low, medium, high]> faz-status: <value in [disable, enable]> fgfm-local-cert: <value of string> fgfm-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]> ha-member-auto-grouping: <value in [disable, enable]> hitcount_concurrent: <value of integer> hitcount_interval: <value of integer> hostname: <value of string> import-ignore-addr-cmt: <value in [disable, enable]> language: <value in [english, simch, japanese, ...]> latitude: <value of string> ldap-cache-timeout: <value of integer> ldapconntimeout: <value of integer> lock-preempt: <value in [disable, enable]> log-checksum: <value in [none, md5, md5-auth]> log-forward-cache-size: <value of integer> longitude: <value of string> max-log-forward: <value of integer> max-running-reports: <value of integer> oftp-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]> partial-install: <value in [disable, enable]> partial-install-force: <value in [disable, enable]> partial-install-rev: <value in [disable, enable]> perform-improve-by-ha: <value in [disable, enable]> policy-hit-count: <value in [disable, enable]> policy-object-in-dual-pane: <value in [disable, enable]> pre-login-banner: <value in [disable, enable]> pre-login-banner-message: <value of string> remoteauthtimeout: <value of integer> search-all-adoms: <value in [disable, enable]> ssl-low-encryption: <value in [disable, enable]> ssl-protocol: - tlsv1.2 - tlsv1.1 - tlsv1.0 - sslv3 - tlsv1.3 ssl-static-key-ciphers: <value in [disable, enable]> task-list-size: <value of integer> tftp: <value in [disable, enable]> timezone: <value in [00, 01, 02, ...]> tunnel-mtu: <value of integer> usg: <value in [disable, enable]> vdom-mirror: <value in [disable, enable]> webservice-proto: - tlsv1.2 - tlsv1.1 - tlsv1.0 - sslv3 - sslv2 - tlsv1.3 workflow-max-sessions: <value of integer> workspace-mode: <value in [disabled, normal, workflow, ...]> clone-name-option: <value in [default, keep]> fgfm-ca-cert: <value of string> mc-policy-disabled-adoms: - adom-name: <value of string> policy-object-icon: <value in [disable, enable]> private-data-encryption: <value in [disable, enable]> per-policy-lock: <value in [disable, enable]> multiple-steps-upgrade-in-autolink: <value in [disable, enable]> object-revision-db-max: <value of integer> object-revision-mandatory-note: <value in [disable, enable]> object-revision-object-max: <value of integer> object-revision-status: <value in [disable, enable]>
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
request_url string | always | The full url requested Sample: /sys/login/user |
response_code integer | always | The status of api request |
response_message string | always | The descriptive message of the api response Sample: OK. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_system_global_module.html