Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global.
New in version 2.10: of fortinet.fortimanager
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | ||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | ||
| state string / required |
| the directive to create, update or delete an object | |
| system_global dictionary | the top level parameters set | ||
| admin-lockout-duration integer | Default: 60 | Lockout duration(sec) for administration. | |
| admin-lockout-threshold integer | Default: 3 | Lockout threshold for administration. | |
| adom-mode string |
| ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. | |
| adom-rev-auto-delete string |
| Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. | |
| adom-rev-max-backup-revisions integer | Default: 5 | Maximum number of ADOM revisions to backup. | |
| adom-rev-max-days integer | Default: 30 | Number of days to keep old ADOM revisions. | |
| adom-rev-max-revisions integer | Default: 120 | Maximum number of ADOM revisions to keep. | |
| adom-select string |
| Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. | |
| adom-status string |
| ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. | |
| clt-cert-req string |
| Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. | |
| console-output string |
| Console output mode. standard - Standard output. more - More page output. | |
| country-flag string |
| Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. | |
| create-revision string |
| Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. | |
| daylightsavetime string |
| Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. | |
| default-disk-quota integer | Default: 1000 | Default disk quota for registered device (MB). | |
| detect-unregistered-log-device string |
| Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. | |
| device-view-mode string |
| Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. | |
| dh-params string |
| Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. | |
| disable-module list / elements=string |
| no description | |
| enc-algorithm string |
| SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. | |
| faz-status string |
| FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. | |
| fgfm-local-cert string | set the fgfm local certificate. | ||
| fgfm-ssl-protocol string |
| set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). | |
| ha-member-auto-grouping string |
| Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. | |
| hitcount_concurrent integer | Default: 100 | The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). | |
| hitcount_interval integer | Default: 300 | The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). | |
| hostname string | Default: "FMG-VM64" | System hostname. | |
| import-ignore-addr-cmt string |
| Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. | |
| language string |
| System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese | |
| latitude string | fmg location latitude | ||
| ldap-cache-timeout integer | Default: 86400 | LDAP browser cache timeout (seconds). | |
| ldapconntimeout integer | Default: 60000 | LDAP connection timeout (msec). | |
| lock-preempt string |
| Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. | |
| log-checksum string |
| Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log files MD5 hash value only. md5-auth - Record log files MD5 hash value and authentication code. | |
| log-forward-cache-size integer | Default: 0 | Log forwarding disk cache size (GB). | |
| longitude string | fmg location longitude | ||
| max-log-forward integer | Default: 5 | Maximum number of log-forward and aggregation settings. | |
| max-running-reports integer | Default: 1 | Maximum number of reports generating at one time. | |
| oftp-ssl-protocol string |
| set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). | |
| partial-install string |
| Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. | |
| partial-install-force string |
| Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. | |
| partial-install-rev string |
| Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. | |
| perform-improve-by-ha string |
| Enable/Disable performance improvement by distributing tasks to HA slaves. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. | |
| policy-hit-count string |
| show policy hit count. disable - Disable policy hit count. enable - Enable policy hit count. | |
| policy-object-in-dual-pane string |
| show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. | |
| pre-login-banner string |
| Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. | |
| pre-login-banner-message string | Pre-login banner message. | ||
| remoteauthtimeout integer | Default: 10 | Remote authentication (RADIUS/LDAP) timeout (sec). | |
| search-all-adoms string |
| Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. | |
| ssl-low-encryption string |
| SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. | |
| ssl-protocol list / elements=string |
| no description | |
| ssl-static-key-ciphers string |
| Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. | |
| task-list-size integer | Default: 2000 | Maximum number of completed tasks to keep. | |
| tftp string |
| Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP | |
| timezone string |
| Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic. 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi,Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+6:00) Sri Jayawardenapura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nukualofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. | |
| tunnel-mtu integer | Default: 1500 | Maximum transportation unit(68 - 9000). | |
| usg string |
| Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only | |
| vdom-mirror string |
| VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. | |
| webservice-proto list / elements=string |
| no description | |
| workflow-max-sessions integer | Default: 500 | Maximum number of workflow sessions per ADOM (minimum 100). | |
| workspace-mode string |
| Set workspace mode (ADOM Locking). disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. | |
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | |
Note
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Global range attributes.
fmgr_system_global:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
system_global:
admin-lockout-duration: <value of integer>
admin-lockout-threshold: <value of integer>
adom-mode: <value in [normal, advanced]>
adom-rev-auto-delete: <value in [disable, by-revisions, by-days]>
adom-rev-max-backup-revisions: <value of integer>
adom-rev-max-days: <value of integer>
adom-rev-max-revisions: <value of integer>
adom-select: <value in [disable, enable]>
adom-status: <value in [disable, enable]>
clt-cert-req: <value in [disable, enable, optional]>
console-output: <value in [standard, more]>
country-flag: <value in [disable, enable]>
create-revision: <value in [disable, enable]>
daylightsavetime: <value in [disable, enable]>
default-disk-quota: <value of integer>
detect-unregistered-log-device: <value in [disable, enable]>
device-view-mode: <value in [regular, tree]>
dh-params: <value in [1024, 1536, 2048, ...]>
disable-module:
- fortiview-noc
enc-algorithm: <value in [low, medium, high]>
faz-status: <value in [disable, enable]>
fgfm-local-cert: <value of string>
fgfm-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
ha-member-auto-grouping: <value in [disable, enable]>
hitcount_concurrent: <value of integer>
hitcount_interval: <value of integer>
hostname: <value of string>
import-ignore-addr-cmt: <value in [disable, enable]>
language: <value in [english, simch, japanese, ...]>
latitude: <value of string>
ldap-cache-timeout: <value of integer>
ldapconntimeout: <value of integer>
lock-preempt: <value in [disable, enable]>
log-checksum: <value in [none, md5, md5-auth]>
log-forward-cache-size: <value of integer>
longitude: <value of string>
max-log-forward: <value of integer>
max-running-reports: <value of integer>
oftp-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
partial-install: <value in [disable, enable]>
partial-install-force: <value in [disable, enable]>
partial-install-rev: <value in [disable, enable]>
perform-improve-by-ha: <value in [disable, enable]>
policy-hit-count: <value in [disable, enable]>
policy-object-in-dual-pane: <value in [disable, enable]>
pre-login-banner: <value in [disable, enable]>
pre-login-banner-message: <value of string>
remoteauthtimeout: <value of integer>
search-all-adoms: <value in [disable, enable]>
ssl-low-encryption: <value in [disable, enable]>
ssl-protocol:
- tlsv1.2
- tlsv1.1
- tlsv1.0
- sslv3
ssl-static-key-ciphers: <value in [disable, enable]>
task-list-size: <value of integer>
tftp: <value in [disable, enable]>
timezone: <value in [00, 01, 02, ...]>
tunnel-mtu: <value of integer>
usg: <value in [disable, enable]>
vdom-mirror: <value in [disable, enable]>
webservice-proto:
- tlsv1.2
- tlsv1.1
- tlsv1.0
- sslv3
- sslv2
workflow-max-sessions: <value of integer>
workspace-mode: <value in [disabled, normal, workflow]>
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_system_global_module.html