W3cubDocs

/Ansible 2.10

fortinet.fortios.fortios_system_virtual_wan_link – Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection.

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_system_virtual_wan_link.

New in version 2.8: of fortinet.fortios

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_wan_link category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

Parameters

Parameter				Choices/Defaults	Comments
host string					FortiOS or FortiGate IP address.
https boolean				Choices: no yes ←	Indicates if the requests towards FortiGate must use HTTPS protocol.
password string				Default: ""	FortiOS or FortiGate password.
ssl_verify boolean added in 2.9 of fortinet.fortios				Choices: no yes ←	Ensures FortiGate certificate must be verified by a proper CA.
system_virtual_wan_link dictionary					Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
	fail_alert_interfaces list / elements=string				Physical interfaces that will be alerted.
		name string / required			Physical interface name. Source system.interface.name.
	fail_detect string			Choices: enable disable	Enable/disable SD-WAN Internet connection status checking (failure detection).
	health_check list / elements=string				SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it.
		addr_mode string		Choices: ipv4 ipv6	Address mode (IPv4 or IPv6).
		failtime integer			Number of failures before server is considered lost (1 - 10).
		http_get string			URL used to communicate with the server if the protocol if the protocol is HTTP.
		http_match string			Response string expected from the server if the protocol is HTTP.
		interval integer			Status check interval, or the time between attempting to connect to the server (1 - 3600 sec).
		members list / elements=string			Member sequence number list.
			seq_num integer		Member sequence number. Source system.virtual-wan-link.members.seq-num.
		name string / required			Status check or health check name.
		packet_size integer			Packet size of a twamp test session,
		password string			Twamp controller password in authentication mode
		port integer			Port number used to communicate with the server over the selected protocol.
		protocol string		Choices: ping tcp-echo udp-echo http twamp ping6	Protocol used to determine if the FortiGate can communicate with the server.
		recoverytime integer			Number of successful responses received before server is considered recovered (1 - 10).
		security_mode string		Choices: none authentication	Twamp controller security mode.
		server string			IP address or FQDN name of the server.
		sla list / elements=string			Service level agreement (SLA).
			id integer / required		SLA ID.
			jitter_threshold integer		Jitter for SLA to make decision in milliseconds. (0 - 10000000).
			latency_threshold integer		Latency for SLA to make decision in milliseconds. (0 - 10000000).
			link_cost_factor string	Choices: latency jitter packet-loss	Criteria on which to base link selection.
			packetloss_threshold integer		Packet loss for SLA to make decision in percentage. (0 - 100).
		threshold_alert_jitter integer			Alert threshold for jitter (ms).
		threshold_alert_latency integer			Alert threshold for latency (ms).
		threshold_alert_packetloss integer			Alert threshold for packet loss (percentage).
		threshold_warning_jitter integer			Warning threshold for jitter (ms).
		threshold_warning_latency integer			Warning threshold for latency (ms).
		threshold_warning_packetloss integer			Warning threshold for packet loss (percentage).
		update_cascade_interface string		Choices: enable disable	Enable/disable update cascade interface.
		update_static_route string		Choices: enable disable	Enable/disable updating the static route.
	load_balance_mode string			Choices: source-ip-based weight-based usage-based source-dest-ip-based measured-volume-based	Algorithm or mode to use for load balancing Internet traffic to SD-WAN members.
	members list / elements=string				Physical FortiGate interfaces added to the virtual-wan-link.
		gateway string			The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.
		gateway6 string			IPv6 gateway.
		ingress_spillover_threshold integer			Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.
		interface string			Interface name. Source system.interface.name.
		priority integer			Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules.
		seq_num integer			Sequence number(1-255).
		source string			Source IP address used in the health-check packet to the server.
		source6 string			Source IPv6 address used in the health-check packet to the server.
		spillover_threshold integer			Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.
		status string		Choices: disable enable	Enable/disable this interface in the SD-WAN.
		volume_ratio integer			Measured volume ratio (this value / sum of all values = percentage of link volume, 0 - 255).
		weight integer			Weight of this interface for weighted load balancing. (0 - 255) More traffic is directed to interfaces with higher weights.
	service list / elements=string				Create SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the SD-WAN.
		addr_mode string		Choices: ipv4 ipv6	Address mode (IPv4 or IPv6).
		bandwidth_weight integer			Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1.
		dscp_forward string		Choices: enable disable	Enable/disable forward traffic DSCP tag.
		dscp_forward_tag string			Forward traffic DSCP tag.
		dscp_reverse string		Choices: enable disable	Enable/disable reverse traffic DSCP tag.
		dscp_reverse_tag string			Reverse traffic DSCP tag.
		dst list / elements=string			Destination address name.
			name string / required		Address or address group name. Source firewall.address.name firewall.addrgrp.name.
		dst6 list / elements=string			Destination address6 name.
			name string / required		Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
		dst_negate string		Choices: enable disable	Enable/disable negation of destination address match.
		end_port integer			End destination port number.
		groups list / elements=string			User groups.
			name string / required		Group name. Source user.group.name.
		health_check string			Health check. Source system.virtual-wan-link.health-check.name.
		id integer / required			Priority rule ID (1 - 4000).
		input_device list / elements=string			Source interface name.
			name string / required		Interface name. Source system.interface.name.
		internet_service string		Choices: enable disable	Enable/disable use of Internet service for application-based load balancing.
		internet_service_ctrl list / elements=string			Control-based Internet Service ID list.
			id integer / required		Control-based Internet Service ID.
		internet_service_ctrl_group list / elements=string			Control-based Internet Service group list.
			name string / required		Control-based Internet Service group name. Source application.group.name.
		internet_service_custom list / elements=string			Custom Internet service name list.
			name string / required		Custom Internet service name. Source firewall.internet-service-custom.name.
		internet_service_custom_group list / elements=string			Custom Internet Service group list.
			name string / required		Custom Internet Service group name. Source firewall.internet-service-custom-group.name.
		internet_service_group list / elements=string			Internet Service group list.
			name string / required		Internet Service group name. Source firewall.internet-service-group.name.
		internet_service_id list / elements=string			Internet service ID list.
			id integer / required		Internet service ID. Source firewall.internet-service.id.
		jitter_weight integer			Coefficient of jitter in the formula of custom-profile-1.
		latency_weight integer			Coefficient of latency in the formula of custom-profile-1.
		link_cost_factor string		Choices: latency jitter packet-loss inbandwidth outbandwidth bibandwidth custom-profile-1	Link cost factor.
		link_cost_threshold integer			Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000).
		member integer			Member sequence number.
		mode string		Choices: auto manual priority sla	Control how the priority rule sets the priority of interfaces in the SD-WAN.
		name string			Priority rule name.
		packet_loss_weight integer			Coefficient of packet-loss in the formula of custom-profile-1.
		priority_members list / elements=string			Member sequence number list.
			seq_num integer		Member sequence number. Source system.virtual-wan-link.members.seq-num.
		protocol integer			Protocol number.
		quality_link integer			Quality grade.
		route_tag integer			IPv4 route map route-tag.
		sla list / elements=string			Service level agreement (SLA).
			health_check string		Virtual WAN Link health-check. Source system.virtual-wan-link.health-check.name.
			id integer		SLA ID.
		src list / elements=string			Source address name.
			name string / required		Address or address group name. Source firewall.address.name firewall.addrgrp.name.
		src6 list / elements=string			Source address6 name.
			name string / required		Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
		src_negate string		Choices: enable disable	Enable/disable negation of source address match.
		start_port integer			Start destination port number.
		status string		Choices: enable disable	Enable/disable SD-WAN service.
		tos string			Type of service bit pattern.
		tos_mask string			Type of service evaluated bits.
		users list / elements=string			User name.
			name string / required		User name. Source user.local.name.
	status string			Choices: disable enable	Enable/disable SD-WAN.
username string					FortiOS or FortiGate username.
vdom string				Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
    fortios_system_virtual_wan_link:
      vdom:  "{{ vdom }}"
      system_virtual_wan_link:
        fail_alert_interfaces:
         -
            name: "default_name_4 (source system.interface.name)"
        fail_detect: "enable"
        health_check:
         -
            addr_mode: "ipv4"
            failtime: "8"
            http_get: "<your_own_value>"
            http_match: "<your_own_value>"
            interval: "11"
            members:
             -
                seq_num: "13 (source system.virtual-wan-link.members.seq-num)"
            name: "default_name_14"
            packet_size: "15"
            password: "<your_own_value>"
            port: "17"
            protocol: "ping"
            recoverytime: "19"
            security_mode: "none"
            server: "192.168.100.40"
            sla:
             -
                id:  "23"
                jitter_threshold: "24"
                latency_threshold: "25"
                link_cost_factor: "latency"
                packetloss_threshold: "27"
            threshold_alert_jitter: "28"
            threshold_alert_latency: "29"
            threshold_alert_packetloss: "30"
            threshold_warning_jitter: "31"
            threshold_warning_latency: "32"
            threshold_warning_packetloss: "33"
            update_cascade_interface: "enable"
            update_static_route: "enable"
        load_balance_mode: "source-ip-based"
        members:
         -
            gateway: "<your_own_value>"
            gateway6: "<your_own_value>"
            ingress_spillover_threshold: "40"
            interface: "<your_own_value> (source system.interface.name)"
            priority: "42"
            seq_num: "43"
            source: "<your_own_value>"
            source6: "<your_own_value>"
            spillover_threshold: "46"
            status: "disable"
            volume_ratio: "48"
            weight: "49"
        service:
         -
            addr_mode: "ipv4"
            bandwidth_weight: "52"
            dscp_forward: "enable"
            dscp_forward_tag: "<your_own_value>"
            dscp_reverse: "enable"
            dscp_reverse_tag: "<your_own_value>"
            dst:
             -
                name: "default_name_58 (source firewall.address.name firewall.addrgrp.name)"
            dst_negate: "enable"
            dst6:
             -
                name: "default_name_61 (source firewall.address6.name firewall.addrgrp6.name)"
            end_port: "62"
            groups:
             -
                name: "default_name_64 (source user.group.name)"
            health_check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
            id:  "66"
            input_device:
             -
                name: "default_name_68 (source system.interface.name)"
            internet_service: "enable"
            internet_service_ctrl:
             -
                id:  "71"
            internet_service_ctrl_group:
             -
                name: "default_name_73 (source application.group.name)"
            internet_service_custom:
             -
                name: "default_name_75 (source firewall.internet-service-custom.name)"
            internet_service_custom_group:
             -
                name: "default_name_77 (source firewall.internet-service-custom-group.name)"
            internet_service_group:
             -
                name: "default_name_79 (source firewall.internet-service-group.name)"
            internet_service_id:
             -
                id:  "81 (source firewall.internet-service.id)"
            jitter_weight: "82"
            latency_weight: "83"
            link_cost_factor: "latency"
            link_cost_threshold: "85"
            member: "86"
            mode: "auto"
            name: "default_name_88"
            packet_loss_weight: "89"
            priority_members:
             -
                seq_num: "91 (source system.virtual-wan-link.members.seq-num)"
            protocol: "92"
            quality_link: "93"
            route_tag: "94"
            sla:
             -
                health_check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
                id:  "97"
            src:
             -
                name: "default_name_99 (source firewall.address.name firewall.addrgrp.name)"
            src_negate: "enable"
            src6:
             -
                name: "default_name_102 (source firewall.address6.name firewall.addrgrp6.name)"
            start_port: "103"
            status: "enable"
            tos: "<your_own_value>"
            tos_mask: "<your_own_value>"
            users:
             -
                name: "default_name_108 (source user.local.name)"
        status: "disable"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Authors

Link Zheng (@chillancezen)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Jie Xue (@JieX19)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_system_virtual_wan_link_module.html