Note
This plugin is part of the fortinet.fortios collection (version 2.1.2).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_system_interface
.
New in version 2.10: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||||
---|---|---|---|---|---|---|
access_token string | Token-based authentication. Generated from GUI of Fortigate. | |||||
enable_log boolean |
| Enable/Disable logging for task. | ||||
state string / required |
| Indicates whether to create or remove the object. | ||||
system_interface dictionary | Configure interfaces. | |||||
ac_name string | PPPoE server name. | |||||
aggregate string | Aggregate interface. | |||||
algorithm string |
| Frame distribution algorithm. | ||||
alias string | Alias will be displayed with the interface name to make it easier to distinguish. | |||||
allowaccess list / elements=string |
| Permitted types of management access to this interface. | ||||
ap_discover string |
| Enable/disable automatic registration of unknown FortiAP devices. | ||||
arpforward string |
| Enable/disable ARP forwarding. | ||||
auth_type string |
| PPP authentication type to use. | ||||
auto_auth_extension_device string |
| Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. | ||||
bandwidth_measure_time integer | Bandwidth measure time | |||||
bfd string |
| Bidirectional Forwarding Detection (BFD) settings. | ||||
bfd_desired_min_tx integer | BFD desired minimal transmit interval. | |||||
bfd_detect_mult integer | BFD detection multiplier. | |||||
bfd_required_min_rx integer | BFD required minimal receive interval. | |||||
broadcast_forticlient_discovery string |
| Enable/disable broadcasting FortiClient discovery messages. | ||||
broadcast_forward string |
| Enable/disable broadcast forwarding. | ||||
captive_portal integer | Enable/disable captive portal. | |||||
cli_conn_status integer | CLI connection status. | |||||
client_options list / elements=string | DHCP client options. | |||||
code integer | DHCP client option code. | |||||
id integer / required | ID. | |||||
ip string | DHCP option IPs. | |||||
type string |
| DHCP client option type. | ||||
value string | DHCP client option value. | |||||
color integer | Color of icon on the GUI. | |||||
dedicated_to string |
| Configure interface for single purpose. | ||||
defaultgw string |
| Enable to get the gateway IP from the DHCP or PPPoE server. | ||||
description string | Description. | |||||
detected_peer_mtu integer | MTU of detected peer (0 - 4294967295). | |||||
detectprotocol list / elements=string |
| Protocols used to detect the server. | ||||
detectserver string | Gateway"s ping server for this IP. | |||||
device_access_list string | Device access list. | |||||
device_identification string |
| Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. | ||||
device_identification_active_scan string |
| Enable/disable active gathering of device identity information about the devices on the network connected to this interface. | ||||
device_netscan string |
| Enable/disable inclusion of devices detected on this interface in network vulnerability scans. | ||||
device_user_identification string |
| Enable/disable passive gathering of user identity information about users on this interface. | ||||
devindex integer | Device Index. | |||||
dhcp_client_identifier string | DHCP client identifier. | |||||
dhcp_relay_agent_option string |
| Enable/disable DHCP relay agent option. | ||||
dhcp_relay_interface string | Specify outgoing interface to reach server. Source system.interface.name. | |||||
dhcp_relay_interface_select_method string |
| Specify how to select outgoing interface to reach server. | ||||
dhcp_relay_ip string | DHCP relay IP address. | |||||
dhcp_relay_request_all_server string |
| Enable/disable sending of DHCP requests to all servers. | ||||
dhcp_relay_service string |
| Enable/disable allowing this interface to act as a DHCP relay. | ||||
dhcp_relay_type string |
| DHCP relay type (regular or IPsec). | ||||
dhcp_renew_time integer | DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. | |||||
disc_retry_timeout integer | Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. | |||||
disconnect_threshold integer | Time in milliseconds to wait before sending a notification that this interface is down or disconnected. | |||||
distance integer | Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. | |||||
dns_server_override string |
| Enable/disable use DNS acquired by DHCP or PPPoE. | ||||
drop_fragment string |
| Enable/disable drop fragment packets. | ||||
drop_overlapped_fragment string |
| Enable/disable drop overlapped fragment packets. | ||||
egress_cos string |
| Override outgoing CoS in user VLAN tag. | ||||
egress_queues dictionary | Configure queues of NP port on egress path. | |||||
cos0 string | CoS profile name for CoS 0. Source system.isf-queue-profile.name. | |||||
cos1 string | CoS profile name for CoS 1. Source system.isf-queue-profile.name. | |||||
cos2 string | CoS profile name for CoS 2. Source system.isf-queue-profile.name. | |||||
cos3 string | CoS profile name for CoS 3. Source system.isf-queue-profile.name. | |||||
cos4 string | CoS profile name for CoS 4. Source system.isf-queue-profile.name. | |||||
cos5 string | CoS profile name for CoS 5. Source system.isf-queue-profile.name. | |||||
cos6 string | CoS profile name for CoS 6. Source system.isf-queue-profile.name. | |||||
cos7 string | CoS profile name for CoS 7. Source system.isf-queue-profile.name. | |||||
egress_shaping_profile string | Outgoing traffic shaping profile. Source firewall.shaping-profile.profile-name. | |||||
endpoint_compliance string |
| Enable/disable endpoint compliance enforcement. | ||||
estimated_downstream_bandwidth integer | Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. | |||||
estimated_upstream_bandwidth integer | Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. | |||||
explicit_ftp_proxy string |
| Enable/disable the explicit FTP proxy on this interface. | ||||
explicit_web_proxy string |
| Enable/disable the explicit web proxy on this interface. | ||||
external string |
| Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet). | ||||
fail_action_on_extender string |
| Action on extender when interface fail . | ||||
fail_alert_interfaces list / elements=string | Names of the FortiGate interfaces from which the link failure alert is sent for this interface. | |||||
name string / required | Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name. | |||||
fail_alert_method string |
| Select link-failed-signal or link-down method to alert about a failed link. | ||||
fail_detect string |
| Enable/disable fail detection features for this interface. | ||||
fail_detect_option list / elements=string |
| Options for detecting that this interface has failed. | ||||
fortiheartbeat string |
| Enable/disable FortiHeartBeat (FortiTelemetry on GUI). | ||||
fortilink string |
| Enable FortiLink to dedicate this interface to manage other Fortinet devices. | ||||
fortilink_backup_link integer | fortilink split interface backup link. | |||||
fortilink_neighbor_detect string |
| Protocol for FortiGate neighbor discovery. | ||||
fortilink_split_interface string |
| Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members" command). | ||||
fortilink_stacking string |
| Enable/disable FortiLink switch-stacking on this interface. | ||||
forward_domain integer | Transparent mode forward domain. | |||||
gi_gk string |
| Enable/disable Gi Gatekeeper. | ||||
gwdetect string |
| Enable/disable detect gateway alive for first. | ||||
ha_priority integer | HA election priority for the PING server. | |||||
icmp_accept_redirect string |
| Enable/disable ICMP accept redirect. | ||||
icmp_send_redirect string |
| Enable/disable ICMP send redirect. | ||||
ident_accept string |
| Enable/disable authentication for this interface. | ||||
idle_timeout integer | PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. | |||||
inbandwidth integer | Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. | |||||
ingress_cos string |
| Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. | ||||
ingress_shaping_profile string | Incoming traffic shaping profile. Source firewall.shaping-profile.profile-name. | |||||
ingress_spillover_threshold integer | Ingress Spillover threshold (0 - 16776000 kbps). | |||||
interface string | Interface name. Source system.interface.name. | |||||
internal integer | Implicitly created. | |||||
ip string | Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. | |||||
ip_managed_by_fortiipam string |
| Enable/disable automatic IP address assignment of this interface by FortiIPAM. | ||||
ipmac string |
| Enable/disable IP/MAC binding. | ||||
ips_sniffer_mode string |
| Enable/disable the use of this interface as a one-armed sniffer. | ||||
ipunnumbered string | Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. | |||||
ipv6 dictionary | IPv6 of interface. | |||||
autoconf string |
| Enable/disable address auto config. | ||||
cli_conn6_status integer | CLI IPv6 connection status. | |||||
dhcp6_client_options list / elements=string |
| DHCPv6 client options. | ||||
dhcp6_information_request string |
| Enable/disable DHCPv6 information request. | ||||
dhcp6_prefix_delegation string |
| Enable/disable DHCPv6 prefix delegation. | ||||
dhcp6_prefix_hint string | DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. | |||||
dhcp6_prefix_hint_plt integer | DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. | |||||
dhcp6_prefix_hint_vlt integer | DHCPv6 prefix hint valid life time (sec). | |||||
dhcp6_relay_ip string | DHCPv6 relay IP address. | |||||
dhcp6_relay_service string |
| Enable/disable DHCPv6 relay. | ||||
dhcp6_relay_type string |
| DHCPv6 relay type. | ||||
icmp6_send_redirect string |
| Enable/disable sending of ICMPv6 redirects. | ||||
interface_identifier string | IPv6 interface identifier. | |||||
ip6_address string | Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx | |||||
ip6_allowaccess list / elements=string |
| Allow management access to the interface. | ||||
ip6_default_life integer | Default life (sec). | |||||
ip6_delegated_prefix_list list / elements=string | Advertised IPv6 delegated prefix list. | |||||
autonomous_flag string |
| Enable/disable the autonomous flag. | ||||
onlink_flag string |
| Enable/disable the onlink flag. | ||||
prefix_id integer | Prefix ID. | |||||
rdnss string | Recursive DNS server option. | |||||
rdnss_service string |
| Recursive DNS service option. | ||||
subnet string | Add subnet ID to routing prefix. | |||||
upstream_interface string | Name of the interface that provides delegated information. Source system.interface.name. | |||||
ip6_dns_server_override string |
| Enable/disable using the DNS server acquired by DHCP. | ||||
ip6_extra_addr list / elements=string | Extra IPv6 address prefixes of interface. | |||||
prefix string / required | IPv6 address prefix. | |||||
ip6_hop_limit integer | Hop limit (0 means unspecified). | |||||
ip6_link_mtu integer | IPv6 link MTU. | |||||
ip6_manage_flag string |
| Enable/disable the managed flag. | ||||
ip6_max_interval integer | IPv6 maximum interval (4 to 1800 sec). | |||||
ip6_min_interval integer | IPv6 minimum interval (3 to 1350 sec). | |||||
ip6_mode string |
| Addressing mode (static, DHCP, delegated). | ||||
ip6_other_flag string |
| Enable/disable the other IPv6 flag. | ||||
ip6_prefix_list list / elements=string | Advertised prefix list. | |||||
autonomous_flag string |
| Enable/disable the autonomous flag. | ||||
dnssl list / elements=string | DNS search list option. | |||||
domain string / required | Domain name. | |||||
onlink_flag string |
| Enable/disable the onlink flag. | ||||
preferred_life_time integer | Preferred life time (sec). | |||||
prefix string / required | IPv6 prefix. | |||||
rdnss string | Recursive DNS server option. | |||||
valid_life_time integer | Valid life time (sec). | |||||
ip6_prefix_mode string |
| Assigning a prefix from DHCP or RA. | ||||
ip6_reachable_time integer | IPv6 reachable time (milliseconds; 0 means unspecified). | |||||
ip6_retrans_time integer | IPv6 retransmit time (milliseconds; 0 means unspecified). | |||||
ip6_send_adv string |
| Enable/disable sending advertisements about the interface. | ||||
ip6_subnet string | Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx | |||||
ip6_upstream_interface string | Interface name providing delegated information. Source system.interface.name. | |||||
nd_cert string | Neighbor discovery certificate. Source certificate.local.name. | |||||
nd_cga_modifier string | Neighbor discovery CGA modifier. | |||||
nd_mode string |
| Neighbor discovery mode. | ||||
nd_security_level integer | Neighbor discovery security level (0 - 7; 0 = least secure). | |||||
nd_timestamp_delta integer | Neighbor discovery timestamp delta value (1 - 3600 sec; ). | |||||
nd_timestamp_fuzz integer | Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). | |||||
ra_send_mtu string |
| Enable/disable sending link MTU in RA packet. | ||||
unique_autoconf_addr string |
| Enable/disable unique auto config address. | ||||
vrip6_link_local string | Link-local IPv6 address of virtual router. | |||||
vrrp6 list / elements=string | IPv6 VRRP configuration. | |||||
accept_mode string |
| Enable/disable accept mode. | ||||
adv_interval integer | Advertisement interval (1 - 255 seconds). | |||||
preempt string |
| Enable/disable preempt mode. | ||||
priority integer | Priority of the virtual router (1 - 255). | |||||
start_time integer | Startup time (1 - 255 seconds). | |||||
status string |
| Enable/disable VRRP. | ||||
vrdst6 string | Monitor the route to this destination. | |||||
vrgrp integer | VRRP group ID (1 - 65535). | |||||
vrid integer / required | Virtual router identifier (1 - 255). | |||||
vrip6 string | IPv6 address of the virtual router. | |||||
vrrp_virtual_mac6 string |
| Enable/disable virtual MAC for VRRP. | ||||
l2forward string |
| Enable/disable l2 forwarding. | ||||
lacp_ha_slave string |
| LACP HA slave. | ||||
lacp_mode string |
| LACP mode. | ||||
lacp_speed string |
| How often the interface sends LACP messages. | ||||
lcp_echo_interval integer | Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. | |||||
lcp_max_echo_fails integer | Maximum missed LCP echo messages before disconnect. | |||||
link_up_delay integer | Number of milliseconds to wait before considering a link is up. | |||||
lldp_network_policy string | LLDP-MED network policy profile. Source system.lldp.network-policy.name. | |||||
lldp_reception string |
| Enable/disable Link Layer Discovery Protocol (LLDP) reception. | ||||
lldp_transmission string |
| Enable/disable Link Layer Discovery Protocol (LLDP) transmission. | ||||
macaddr string | Change the interface"s MAC address. | |||||
managed_device list / elements=string | Available when FortiLink is enabled, used for managed devices through FortiLink interface. | |||||
name string / required | Managed dev identifier. | |||||
managed_subnetwork_size string |
| Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit"s DHCP server settings. | ||||
management_ip string | High Availability in-band management IP address of this interface. | |||||
measured_downstream_bandwidth integer | Measured downstream bandwidth (kbps). | |||||
measured_upstream_bandwidth integer | Measured upstream bandwidth (kbps). | |||||
mediatype string |
| Select SFP media interface type | ||||
member list / elements=string | Physical interfaces that belong to the aggregate or redundant interface. | |||||
interface_name string | Physical interface name. Source system.interface.name. | |||||
min_links integer | Minimum number of aggregated ports that must be up. | |||||
min_links_down string |
| Action to take when less than the configured minimum number of links are active. | ||||
mode string |
| Addressing mode (static, DHCP, PPPoE). | ||||
monitor_bandwidth string |
| Enable monitoring bandwidth on this interface. | ||||
mtu integer | MTU value for this interface. | |||||
mtu_override string |
| Enable to set a custom MTU for this interface. | ||||
name string / required | Name. | |||||
ndiscforward string |
| Enable/disable NDISC forwarding. | ||||
netbios_forward string |
| Enable/disable NETBIOS forwarding. | ||||
netflow_sampler string |
| Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). | ||||
outbandwidth integer | Bandwidth limit for outgoing traffic (0 - 16776000 kbps). | |||||
padt_retry_timeout integer | PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. | |||||
password string | PPPoE account"s password. | |||||
ping_serv_status integer | PING server status. | |||||
polling_interval integer | sFlow polling interval (1 - 255 sec). | |||||
pppoe_unnumbered_negotiate string |
| Enable/disable PPPoE unnumbered negotiation. | ||||
pptp_auth_type string |
| PPTP authentication type. | ||||
pptp_client string |
| Enable/disable PPTP client. | ||||
pptp_password string | PPTP password. | |||||
pptp_server_ip string | PPTP server IP address. | |||||
pptp_timeout integer | Idle timer in minutes (0 for disabled). | |||||
pptp_user string | PPTP user name. | |||||
preserve_session_route string |
| Enable/disable preservation of session route when dirty. | ||||
priority integer | Priority of learned routes. | |||||
priority_override string |
| Enable/disable fail back to higher priority port once recovered. | ||||
proxy_captive_portal string |
| Enable/disable proxy captive portal on this interface. | ||||
redundant_interface string | Redundant interface. | |||||
remote_ip string | Remote IP address of tunnel. | |||||
replacemsg_override_group string | Replacement message override group. | |||||
ring_rx integer | RX ring size. | |||||
ring_tx integer | TX ring size. | |||||
role string |
| Interface role. | ||||
sample_direction string |
| Data that NetFlow collects (rx, tx, or both). | ||||
sample_rate integer | sFlow sample rate (10 - 99999). | |||||
scan_botnet_connections string |
| Enable monitoring or blocking connections to Botnet servers through this interface. | ||||
secondary_IP string |
| Enable/disable adding a secondary IP to this interface. | ||||
secondaryip list / elements=string | Second IP address of interface. | |||||
allowaccess list / elements=string |
| Management access settings for the secondary IP address. | ||||
detectprotocol list / elements=string |
| Protocols used to detect the server. | ||||
detectserver string | Gateway"s ping server for this IP. | |||||
gwdetect string |
| Enable/disable detect gateway alive for first. | ||||
ha_priority integer | HA election priority for the PING server. | |||||
id integer / required | ID. | |||||
ip string | Secondary IP address of the interface. | |||||
ping_serv_status integer | PING server status. | |||||
security_exempt_list string | Name of security-exempt-list. | |||||
security_external_logout string | URL of external authentication logout server. | |||||
security_external_web string | URL of external authentication web server. | |||||
security_groups list / elements=string | User groups that can authenticate with the captive portal. | |||||
name string / required | Names of user groups that can authenticate with the captive portal. Source user.group.name. | |||||
security_mac_auth_bypass string |
| Enable/disable MAC authentication bypass. | ||||
security_mode string |
| Turn on captive portal authentication for this interface. | ||||
security_redirect_url string | URL redirection after disclaimer/authentication. | |||||
service_name string | PPPoE service name. | |||||
sflow_sampler string |
| Enable/disable sFlow on this interface. | ||||
snmp_index integer | Permanent SNMP Index of the interface. | |||||
speed string |
| Interface speed. The default setting and the options available depend on the interface hardware. | ||||
spillover_threshold integer | Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. | |||||
src_check string |
| Enable/disable source IP check. | ||||
status string |
| Bring the interface up or shut the interface down. | ||||
stp string |
| Enable/disable STP. | ||||
stp_ha_secondary string |
| Control STP behaviour on HA secondary. | ||||
stp_ha_slave string |
| Control STP behaviour on HA slave. | ||||
stpforward string |
| Enable/disable STP forwarding. | ||||
stpforward_mode string |
| Configure STP forwarding mode. | ||||
subst string |
| Enable to always send packets from this interface to a destination MAC address. | ||||
substitute_dst_mac string | Destination MAC address that all packets are sent to from this interface. | |||||
swc_first_create integer | Initial create for switch-controller VLANs. | |||||
swc_vlan integer | Creation status for switch-controller VLANs. | |||||
switch string | Contained in switch. | |||||
switch_controller_access_vlan string |
| Block FortiSwitch port-to-port traffic. | ||||
switch_controller_arp_inspection string |
| Enable/disable FortiSwitch ARP inspection. | ||||
switch_controller_dhcp_snooping string |
| Switch controller DHCP snooping. | ||||
switch_controller_dhcp_snooping_option82 string |
| Switch controller DHCP snooping option82. | ||||
switch_controller_dhcp_snooping_verify_mac string |
| Switch controller DHCP snooping verify MAC. | ||||
switch_controller_dynamic string | Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name. | |||||
switch_controller_feature string |
| Interface"s purpose when assigning traffic (read only). | ||||
switch_controller_igmp_snooping string |
| Switch controller IGMP snooping. | ||||
switch_controller_igmp_snooping_fast_leave string |
| Switch controller IGMP snooping fast-leave. | ||||
switch_controller_igmp_snooping_proxy string |
| Switch controller IGMP snooping proxy. | ||||
switch_controller_iot_scanning string |
| Enable/disable managed FortiSwitch IoT scanning. | ||||
switch_controller_learning_limit integer | Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). | |||||
switch_controller_mgmt_vlan integer | VLAN to use for FortiLink management purposes. | |||||
switch_controller_nac string | Integrated NAC settings for managed FortiSwitch. Source switch-controller.nac-settings.name. | |||||
switch_controller_rspan_mode string |
| Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. | ||||
switch_controller_source_ip string |
| Source IP address used in FortiLink over L3 connections. | ||||
switch_controller_traffic_policy string | Switch controller traffic policy for the VLAN. Source switch-controller.traffic-policy.name. | |||||
tagging list / elements=string | Config object tagging. | |||||
category string | Tag category. Source system.object-tagging.category. | |||||
name string / required | Tagging entry name. | |||||
tags list / elements=string | Tags. | |||||
name string / required | Tag name. Source system.object-tagging.tags.name. | |||||
tcp_mss integer | TCP maximum segment size. 0 means do not change segment size. | |||||
trust_ip6_1 string | Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
trust_ip6_2 string | Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
trust_ip6_3 string | Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). | |||||
trust_ip_1 string | Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
trust_ip_2 string | Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
trust_ip_3 string | Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). | |||||
type string |
| Interface type. | ||||
username string | Username of the PPPoE account, provided by your ISP. | |||||
vdom string | Interface is in this virtual domain (VDOM). Source system.vdom.name. | |||||
vindex integer | Switch control interface VLAN ID. | |||||
vlan_protocol string |
| Ethernet protocol of VLAN. | ||||
vlanforward string |
| Enable/disable traffic forwarding between VLANs on this interface. | ||||
vlanid integer | VLAN ID (1 - 4094). | |||||
vrf integer | Virtual Routing Forwarding ID. | |||||
vrrp list / elements=string | VRRP configuration. | |||||
accept_mode string |
| Enable/disable accept mode. | ||||
adv_interval integer | Advertisement interval (1 - 255 seconds). | |||||
ignore_default_route string |
| Enable/disable ignoring of default route when checking destination. | ||||
preempt string |
| Enable/disable preempt mode. | ||||
priority integer | Priority of the virtual router (1 - 255). | |||||
proxy_arp list / elements=string | VRRP Proxy ARP configuration. | |||||
id integer / required | ID. | |||||
ip string | Set IP addresses of proxy ARP. | |||||
start_time integer | Startup time (1 - 255 seconds). | |||||
status string |
| Enable/disable this VRRP configuration. | ||||
version string |
| VRRP version. | ||||
vrdst string | Monitor the route to this destination. | |||||
vrdst_priority integer | Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). | |||||
vrgrp integer | VRRP group ID (1 - 65535). | |||||
vrid integer / required | Virtual router identifier (1 - 255). | |||||
vrip string | IP address of the virtual router. | |||||
vrrp_virtual_mac string |
| Enable/disable use of virtual MAC for VRRP. | ||||
wccp string |
| Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. | ||||
weight integer | Default weight for static routes (if route has no weight configured). | |||||
wins_ip string | WINS server IP. | |||||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure interfaces. fortios_system_interface: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" system_interface: ac_name: "<your_own_value>" aggregate: "<your_own_value>" algorithm: "L2" alias: "<your_own_value>" allowaccess: "ping" ap_discover: "enable" arpforward: "enable" auth_type: "auto" auto_auth_extension_device: "enable" bandwidth_measure_time: "12" bfd: "global" bfd_desired_min_tx: "14" bfd_detect_mult: "15" bfd_required_min_rx: "16" broadcast_forticlient_discovery: "enable" broadcast_forward: "enable" captive_portal: "19" cli_conn_status: "20" client_options: - code: "22" id: "23" ip: "<your_own_value>" type: "hex" value: "<your_own_value>" color: "27" dedicated_to: "none" defaultgw: "enable" description: "<your_own_value>" detected_peer_mtu: "31" detectprotocol: "ping" detectserver: "<your_own_value>" device_access_list: "<your_own_value>" device_identification: "enable" device_identification_active_scan: "enable" device_netscan: "disable" device_user_identification: "enable" devindex: "39" dhcp_client_identifier: "myId_40" dhcp_relay_agent_option: "enable" dhcp_relay_interface: "<your_own_value> (source system.interface.name)" dhcp_relay_interface_select_method: "auto" dhcp_relay_ip: "<your_own_value>" dhcp_relay_request_all_server: "disable" dhcp_relay_service: "disable" dhcp_relay_type: "regular" dhcp_renew_time: "48" disc_retry_timeout: "49" disconnect_threshold: "50" distance: "51" dns_server_override: "enable" drop_fragment: "enable" drop_overlapped_fragment: "enable" egress_cos: "disable" egress_queues: cos0: "<your_own_value> (source system.isf-queue-profile.name)" cos1: "<your_own_value> (source system.isf-queue-profile.name)" cos2: "<your_own_value> (source system.isf-queue-profile.name)" cos3: "<your_own_value> (source system.isf-queue-profile.name)" cos4: "<your_own_value> (source system.isf-queue-profile.name)" cos5: "<your_own_value> (source system.isf-queue-profile.name)" cos6: "<your_own_value> (source system.isf-queue-profile.name)" cos7: "<your_own_value> (source system.isf-queue-profile.name)" egress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)" endpoint_compliance: "enable" estimated_downstream_bandwidth: "67" estimated_upstream_bandwidth: "68" explicit_ftp_proxy: "enable" explicit_web_proxy: "enable" external: "enable" fail_action_on_extender: "soft-restart" fail_alert_interfaces: - name: "default_name_74 (source system.interface.name)" fail_alert_method: "link-failed-signal" fail_detect: "enable" fail_detect_option: "detectserver" fortiheartbeat: "enable" fortilink: "enable" fortilink_backup_link: "80" fortilink_neighbor_detect: "lldp" fortilink_split_interface: "enable" fortilink_stacking: "enable" forward_domain: "84" gi_gk: "enable" gwdetect: "enable" ha_priority: "87" icmp_accept_redirect: "enable" icmp_send_redirect: "enable" ident_accept: "enable" idle_timeout: "91" inbandwidth: "92" ingress_cos: "disable" ingress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)" ingress_spillover_threshold: "95" interface: "<your_own_value> (source system.interface.name)" internal: "97" ip: "<your_own_value>" ip_managed_by_fortiipam: "enable" ipmac: "enable" ips_sniffer_mode: "enable" ipunnumbered: "<your_own_value>" ipv6: autoconf: "enable" cli_conn6_status: "105" dhcp6_client_options: "rapid" dhcp6_information_request: "enable" dhcp6_prefix_delegation: "enable" dhcp6_prefix_hint: "<your_own_value>" dhcp6_prefix_hint_plt: "110" dhcp6_prefix_hint_vlt: "111" dhcp6_relay_ip: "<your_own_value>" dhcp6_relay_service: "disable" dhcp6_relay_type: "regular" icmp6_send_redirect: "enable" interface_identifier: "<your_own_value>" ip6_address: "<your_own_value>" ip6_allowaccess: "ping" ip6_default_life: "119" ip6_delegated_prefix_list: - autonomous_flag: "enable" onlink_flag: "enable" prefix_id: "123" rdnss: "<your_own_value>" rdnss_service: "delegated" subnet: "<your_own_value>" upstream_interface: "<your_own_value> (source system.interface.name)" ip6_dns_server_override: "enable" ip6_extra_addr: - prefix: "<your_own_value>" ip6_hop_limit: "131" ip6_link_mtu: "132" ip6_manage_flag: "enable" ip6_max_interval: "134" ip6_min_interval: "135" ip6_mode: "static" ip6_other_flag: "enable" ip6_prefix_list: - autonomous_flag: "enable" dnssl: - domain: "<your_own_value>" onlink_flag: "enable" preferred_life_time: "143" prefix: "<your_own_value>" rdnss: "<your_own_value>" valid_life_time: "146" ip6_prefix_mode: "dhcp6" ip6_reachable_time: "148" ip6_retrans_time: "149" ip6_send_adv: "enable" ip6_subnet: "<your_own_value>" ip6_upstream_interface: "<your_own_value> (source system.interface.name)" nd_cert: "<your_own_value> (source certificate.local.name)" nd_cga_modifier: "<your_own_value>" nd_mode: "basic" nd_security_level: "156" nd_timestamp_delta: "157" nd_timestamp_fuzz: "158" ra_send_mtu: "enable" unique_autoconf_addr: "enable" vrip6_link_local: "<your_own_value>" vrrp_virtual_mac6: "enable" vrrp6: - accept_mode: "enable" adv_interval: "165" preempt: "enable" priority: "167" start_time: "168" status: "enable" vrdst6: "<your_own_value>" vrgrp: "171" vrid: "172" vrip6: "<your_own_value>" l2forward: "enable" lacp_ha_slave: "enable" lacp_mode: "static" lacp_speed: "slow" lcp_echo_interval: "178" lcp_max_echo_fails: "179" link_up_delay: "180" lldp_network_policy: "<your_own_value> (source system.lldp.network-policy.name)" lldp_reception: "enable" lldp_transmission: "enable" macaddr: "<your_own_value>" managed_device: - name: "default_name_186" managed_subnetwork_size: "256" management_ip: "<your_own_value>" measured_downstream_bandwidth: "189" measured_upstream_bandwidth: "190" mediatype: "cfp2-sr10" member: - interface_name: "<your_own_value> (source system.interface.name)" min_links: "194" min_links_down: "operational" mode: "static" monitor_bandwidth: "enable" mtu: "198" mtu_override: "enable" name: "default_name_200" ndiscforward: "enable" netbios_forward: "disable" netflow_sampler: "disable" outbandwidth: "204" padt_retry_timeout: "205" password: "<your_own_value>" ping_serv_status: "207" polling_interval: "208" pppoe_unnumbered_negotiate: "enable" pptp_auth_type: "auto" pptp_client: "enable" pptp_password: "<your_own_value>" pptp_server_ip: "<your_own_value>" pptp_timeout: "214" pptp_user: "<your_own_value>" preserve_session_route: "enable" priority: "217" priority_override: "enable" proxy_captive_portal: "enable" redundant_interface: "<your_own_value>" remote_ip: "<your_own_value>" replacemsg_override_group: "<your_own_value>" ring_rx: "223" ring_tx: "224" role: "lan" sample_direction: "tx" sample_rate: "227" scan_botnet_connections: "disable" secondary_IP: "enable" secondaryip: - allowaccess: "ping" detectprotocol: "ping" detectserver: "<your_own_value>" gwdetect: "enable" ha_priority: "235" id: "236" ip: "<your_own_value>" ping_serv_status: "238" security_exempt_list: "<your_own_value>" security_external_logout: "<your_own_value>" security_external_web: "<your_own_value>" security_groups: - name: "default_name_243 (source user.group.name)" security_mac_auth_bypass: "enable" security_mode: "none" security_redirect_url: "<your_own_value>" service_name: "<your_own_value>" sflow_sampler: "enable" snmp_index: "249" speed: "auto" spillover_threshold: "251" src_check: "enable" status: "up" stp: "disable" stp_ha_secondary: "disable" stp_ha_slave: "disable" stpforward: "enable" stpforward_mode: "rpl-all-ext-id" subst: "enable" substitute_dst_mac: "<your_own_value>" swc_first_create: "261" swc_vlan: "262" switch: "<your_own_value>" switch_controller_access_vlan: "enable" switch_controller_arp_inspection: "enable" switch_controller_dhcp_snooping: "enable" switch_controller_dhcp_snooping_option82: "enable" switch_controller_dhcp_snooping_verify_mac: "enable" switch_controller_dynamic: "<your_own_value> (source switch-controller.fortilink-settings.name)" switch_controller_feature: "none" switch_controller_igmp_snooping: "enable" switch_controller_igmp_snooping_fast_leave: "enable" switch_controller_igmp_snooping_proxy: "enable" switch_controller_iot_scanning: "enable" switch_controller_learning_limit: "275" switch_controller_mgmt_vlan: "276" switch_controller_nac: "<your_own_value> (source switch-controller.nac-settings.name)" switch_controller_rspan_mode: "disable" switch_controller_source_ip: "outbound" switch_controller_traffic_policy: "<your_own_value> (source switch-controller.traffic-policy.name)" tagging: - category: "<your_own_value> (source system.object-tagging.category)" name: "default_name_283" tags: - name: "default_name_285 (source system.object-tagging.tags.name)" tcp_mss: "286" trust_ip_1: "<your_own_value>" trust_ip_2: "<your_own_value>" trust_ip_3: "<your_own_value>" trust_ip6_1: "<your_own_value>" trust_ip6_2: "<your_own_value>" trust_ip6_3: "<your_own_value>" type: "physical" username: "<your_own_value>" vdom: "<your_own_value> (source system.vdom.name)" vindex: "296" vlan_protocol: "8021q" vlanforward: "enable" vlanid: "299" vrf: "300" vrrp: - accept_mode: "enable" adv_interval: "303" ignore_default_route: "enable" preempt: "enable" priority: "306" proxy_arp: - id: "308" ip: "<your_own_value>" start_time: "310" status: "enable" version: "2" vrdst: "<your_own_value>" vrdst_priority: "314" vrgrp: "315" vrid: "316" vrip: "<your_own_value>" vrrp_virtual_mac: "enable" wccp: "enable" weight: "320" wins_ip: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_system_interface_module.html