Note
This module is part of the fortinet.fortios collection (version 2.4.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortios. You need further requirements to be able to use this module, see Requirements for details.
To use it in a playbook, specify: fortinet.fortios.fortios_system_sdn_connector.
New in fortinet.fortios 2.0.0
The below requirements are needed on the host that executes this module.
Parameter | Comments |
|---|---|
access_token string | Token-based authentication. Generated from GUI of Fortigate. |
enable_log boolean | Enable/Disable logging for task. Choices:
|
member_path string | Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
member_state string | Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
state string / required | Indicates whether to create or remove the object. Choices:
|
system_sdn_connector dictionary | Configure connection to SDN Connector. |
|
access_key string |
AWS / ACS access key ID. |
|
alt_resource_ip string |
Enable/disable AWS alternative resource IP. Choices:
|
|
api_key string |
IBM cloud API key or service ID API key. |
|
azure_region string |
Azure server region. Choices:
|
|
client_id string |
Azure client ID (application ID). |
|
client_secret string |
Azure client secret (application key). |
|
compartment_id string |
Compartment ID. |
|
compartment_list list / elements=dictionary |
Configure OCI compartment list. |
|
compartment_id string / required |
OCI compartment ID. |
|
compute_generation integer |
Compute generation for IBM cloud infrastructure. |
|
domain string |
Domain name. |
|
external_account_list list / elements=dictionary |
Configure AWS external account list. |
|
external_id string |
AWS external ID. |
|
region_list list / elements=dictionary |
AWS region name list. |
|
region string / required |
AWS region name. |
|
role_arn string / required |
AWS role ARN to assume. |
|
external_ip list / elements=dictionary |
Configure GCP external IP. |
|
name string / required |
External IP name. |
|
forwarding_rule list / elements=dictionary |
Configure GCP forwarding rule. |
|
rule_name string / required |
Forwarding rule name. |
|
target string |
Target instance name. |
|
gcp_project string |
GCP project name. |
|
gcp_project_list list / elements=dictionary |
Configure GCP project list. |
|
gcp_zone_list list / elements=dictionary |
Configure GCP zone list. |
|
name string / required |
GCP zone name. |
|
id string / required |
GCP project ID. |
|
group_name string |
Full path group name of computers. |
|
ha_status string |
Enable/disable use for FortiGate HA service. Choices:
|
|
ibm_region string |
IBM cloud region name. Choices:
|
|
ibm_region_gen1 string |
IBM cloud compute generation 1 region name. Choices:
|
|
ibm_region_gen2 string |
IBM cloud compute generation 2 region name. Choices:
|
|
key_passwd string |
Private key password. |
|
login_endpoint string |
Azure Stack login endpoint. |
|
message_server_port integer |
HTTP port number of the SAP message server. |
|
name string / required |
SDN connector name. |
|
nic list / elements=dictionary |
Configure Azure network interface. |
|
ip list / elements=dictionary |
Configure IP configuration. |
|
name string / required |
IP configuration name. |
|
private_ip string |
Private IP address. |
|
public_ip string |
Public IP name. |
|
resource_group string |
Resource group of Azure public IP. |
|
name string / required |
Network interface name. |
|
peer_nic string |
Peer network interface name. |
|
oci_cert string |
OCI certificate. Source certificate.local.name. |
|
oci_fingerprint string |
OCI pubkey fingerprint. |
|
oci_region string |
OCI server region. Choices:
|
|
oci_region_list list / elements=dictionary |
Configure OCI region list. |
|
region string / required |
OCI region. |
|
oci_region_type string |
OCI region type. Choices:
|
|
password string |
Password of the remote SDN connector as login credentials. |
|
private_key string |
Private key of GCP service account. |
|
proxy string |
SDN proxy. Source system.sdn-proxy.name. |
|
region string |
AWS / ACS region name. |
|
resource_group string |
Azure resource group. |
|
resource_url string |
Azure Stack resource URL. |
|
route list / elements=dictionary |
Configure GCP route. |
|
name string / required |
Route name. |
|
route_table list / elements=dictionary |
Configure Azure route table. |
|
name string / required |
Route table name. |
|
resource_group string |
Resource group of Azure route table. |
|
route list / elements=dictionary |
Configure Azure route. |
|
name string / required |
Route name. |
|
next_hop string |
Next hop address. |
|
subscription_id string |
Subscription ID of Azure route table. |
|
secret_key string |
AWS / ACS secret access key. |
|
secret_token string |
Secret token of Kubernetes service account. |
|
server string |
Server address of the remote SDN connector. |
|
server_ca_cert string |
Trust only those servers whose certificate is directly/indirectly signed by this certificate. Source certificate.remote.name certificate .ca.name. |
|
server_cert string |
Trust servers that contain this certificate only. Source certificate.remote.name. |
|
server_list list / elements=dictionary |
Server address list of the remote SDN connector. |
|
ip string / required |
IPv4 address. |
|
server_port integer |
Port number of the remote SDN connector. |
|
service_account string |
GCP service account email. |
|
status string |
Enable/disable connection to the remote SDN connector. Choices:
|
|
subscription_id string |
Azure subscription ID. |
|
tenant_id string |
Tenant ID (directory ID). |
|
type string |
Type of SDN connector. Choices:
|
|
update_interval integer |
Dynamic object update interval (30 - 3600 sec). |
|
use_metadata_iam string |
Enable/disable use of IAM role from metadata to call API. Choices:
|
|
user_id string |
User ID. |
|
username string |
Username of the remote SDN connector as login credentials. |
|
vcenter_password string |
vCenter server password for NSX quarantine. |
|
vcenter_server string |
vCenter server address for NSX quarantine. |
|
vcenter_username string |
vCenter server username for NSX quarantine. |
|
verify_certificate string |
Enable/disable server certificate verification. Choices:
|
|
vpc_id string |
AWS VPC ID. |
vdom string | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: |
Note
- name: Configure connection to SDN Connector.
fortinet.fortios.fortios_system_sdn_connector:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_sdn_connector:
access_key: "<your_own_value>"
alt_resource_ip: "disable"
api_key: "<your_own_value>"
azure_region: "global"
client_id: "<your_own_value>"
client_secret: "<your_own_value>"
compartment_id: "<your_own_value>"
compartment_list:
-
compartment_id: "<your_own_value>"
compute_generation: "2"
domain: "<your_own_value>"
external_account_list:
-
external_id: "<your_own_value>"
region_list:
-
region: "<your_own_value>"
role_arn: "<your_own_value>"
external_ip:
-
name: "default_name_20"
forwarding_rule:
-
rule_name: "<your_own_value>"
target: "<your_own_value>"
gcp_project: "<your_own_value>"
gcp_project_list:
-
gcp_zone_list:
-
name: "default_name_27"
id: "28"
group_name: "<your_own_value>"
ha_status: "disable"
ibm_region: "dallas"
ibm_region_gen1: "us-south"
ibm_region_gen2: "us-south"
key_passwd: "<your_own_value>"
login_endpoint: "<your_own_value>"
message_server_port: "0"
name: "default_name_37"
nic:
-
ip:
-
name: "default_name_40"
private_ip: "<your_own_value>"
public_ip: "<your_own_value>"
resource_group: "<your_own_value>"
name: "default_name_44"
peer_nic: "<your_own_value>"
oci_cert: "<your_own_value> (source certificate.local.name)"
oci_fingerprint: "<your_own_value>"
oci_region: "phoenix"
oci_region_list:
-
region: "<your_own_value>"
oci_region_type: "commercial"
password: "<your_own_value>"
private_key: "<your_own_value>"
proxy: "<your_own_value> (source system.sdn-proxy.name)"
region: "<your_own_value>"
resource_group: "<your_own_value>"
resource_url: "<your_own_value>"
route:
-
name: "default_name_59"
route_table:
-
name: "default_name_61"
resource_group: "<your_own_value>"
route:
-
name: "default_name_64"
next_hop: "<your_own_value>"
subscription_id: "<your_own_value>"
secret_key: "<your_own_value>"
secret_token: "<your_own_value>"
server: "192.168.100.40"
server_ca_cert: "<your_own_value> (source certificate.remote.name certificate.ca.name)"
server_cert: "<your_own_value> (source certificate.remote.name)"
server_list:
-
ip: "<your_own_value>"
server_port: "0"
service_account: "<your_own_value>"
status: "disable"
subscription_id: "<your_own_value>"
tenant_id: "<your_own_value>"
type: "aci"
update_interval: "60"
use_metadata_iam: "disable"
user_id: "<your_own_value>"
username: "<your_own_value>"
vcenter_password: "<your_own_value>"
vcenter_server: "<your_own_value>"
vcenter_username: "<your_own_value>"
verify_certificate: "disable"
vpc_id: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
Key | Description |
|---|---|
build string | Build number of the fortigate image Returned: always Sample: |
http_method string | Last method used to provision the content into FortiGate Returned: always Sample: |
http_status string | Last result given by FortiGate on last operation applied Returned: always Sample: |
mkey string | Master key (id) used in the last call to FortiGate Returned: success Sample: |
name string | Name of the table used to fulfill the request Returned: always Sample: |
path string | Path of the table used to fulfill the request Returned: always Sample: |
revision string | Internal revision number Returned: always Sample: |
serial string | Serial number of the unit Returned: always Sample: |
status string | Indication of the operation’s result Returned: always Sample: |
vdom string | Virtual domain used Returned: always Sample: |
version string | Version of the FortiGate Returned: always Sample: |
© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_system_sdn_connector_module.html