| source: | fortios_system_ha.py |
|---|---|
| orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ha category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.14
Using member operation to add an element to an existing object.
| Supported Version Ranges | |
| fortios_system_ha | v6.0.0 -> latest |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- system_ha - Configure HA. type: dict
more...
Supported Version Ranges system_ha v6.0.0 -> latest - arps - Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time. type: int
more...
Supported Version Ranges arps v6.0.0 -> latest - arps_interval - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic. type: int
more...
Supported Version Ranges arps_interval v6.0.0 -> latest - authentication - Enable/disable heartbeat message authentication. type: str choices: enable, disable
more...
Supported Version Ranges authentication v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - cpu_threshold - Dynamic weighted load balancing CPU usage weight and high and low thresholds. type: str
more...
Supported Version Ranges cpu_threshold v6.0.0 -> latest - encryption - Enable/disable heartbeat message encryption. type: str choices: enable, disable
more...
Supported Version Ranges encryption v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - evpn_ttl - HA EVPN FDB TTL on primary box (5 - 3600 sec). type: int
more...
Supported Version Ranges evpn_ttl v7.4.0 -> latest - failover_hold_time - Time to wait before failover (0 - 300 sec), to avoid flip. type: int
more...
Supported Version Ranges failover_hold_time v7.0.0 -> latest - ftp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions. type: str
more...
Supported Version Ranges ftp_proxy_threshold v6.0.0 -> latest - gratuitous_arps - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. type: str choices: enable, disable
more...
Supported Version Ranges gratuitous_arps v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - group_id - HA group ID (0 - 1023; or 0 - 7 when there are more than 2 vclusters). Must be the same for all members. type: int
more...
Supported Version Ranges group_id v6.0.0 -> latest - group_name - Cluster group name. Must be the same for all members. type: str
more...
Supported Version Ranges group_name v6.0.0 -> latest - ha_direct - Enable/disable using ha-mgmt interface for syslog, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. type: str choices: enable, disable
more...
Supported Version Ranges ha_direct v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ha_eth_type - HA heartbeat packet Ethertype (4-digit hex). type: str
more...
Supported Version Ranges ha_eth_type v6.0.0 -> latest - ha_mgmt_interfaces - Reserve interfaces to manage individual cluster units. type: list member_path: ha_mgmt_interfaces:id
more...
Supported Version Ranges ha_mgmt_interfaces v6.0.0 -> latest - dst - Default route destination for reserved HA management interface. type: str
more...
Supported Version Ranges dst v6.0.0 -> latest - gateway - Default route gateway for reserved HA management interface. type: str
more...
Supported Version Ranges gateway v6.0.0 -> latest - gateway6 - Default IPv6 gateway for reserved HA management interface. type: str
more...
Supported Version Ranges gateway6 v6.0.0 -> latest - id - Table ID. see Notes. type: int required: true
more...
Supported Version Ranges id v6.0.0 -> latest - interface - Interface to reserve for HA management. Source system.interface.name. type: str
more...
Supported Version Ranges interface v6.0.0 -> latest - ha_mgmt_status - Enable to reserve interfaces to manage individual cluster units. type: str choices: enable, disable
more...
Supported Version Ranges ha_mgmt_status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ha_uptime_diff_margin - Normally you would only reduce this value for failover testing. type: int
more...
Supported Version Ranges ha_uptime_diff_margin v6.0.0 -> latest - hb_interval - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives. type: int
more...
Supported Version Ranges hb_interval v6.0.0 -> latest - hb_interval_in_milliseconds - Units of heartbeat interval time between sending heartbeat packets. Default is 100ms. type: str choices: 100ms, 10ms
more...
Supported Version Ranges hb_interval_in_milliseconds v7.0.0 -> latest[100ms] v6.0.0 -> latest[10ms] v6.0.0 -> latest - hb_lost_threshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives. type: int
more...
Supported Version Ranges hb_lost_threshold v6.0.0 -> latest - hbdev - Heartbeat interfaces. Must be the same for all members. type: list
- hc_eth_type - Transparent mode HA heartbeat packet Ethertype (4-digit hex). type: str
more...
Supported Version Ranges hc_eth_type v6.0.0 -> latest - hello_holddown - Time to wait before changing from hello to work state (5 - 300 sec). type: int
more...
Supported Version Ranges hello_holddown v6.0.0 -> latest - http_proxy_threshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions. type: str
more...
Supported Version Ranges http_proxy_threshold v6.0.0 -> latest - imap_proxy_threshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions. type: str
more...
Supported Version Ranges imap_proxy_threshold v6.0.0 -> latest - inter_cluster_session_sync - Enable/disable synchronization of sessions among HA clusters. type: str choices: enable, disable
more...
Supported Version Ranges inter_cluster_session_sync v6.0.0 -> v6.2.7[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - key - Key. type: str
more...
Supported Version Ranges key v6.0.0 -> latest - l2ep_eth_type - Telnet session HA heartbeat packet Ethertype (4-digit hex). type: str
more...
Supported Version Ranges l2ep_eth_type v6.0.0 -> latest - link_failed_signal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. type: str choices: enable, disable
more...
Supported Version Ranges link_failed_signal v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - load_balance_all - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. type: str choices: enable, disable
more...
Supported Version Ranges load_balance_all v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - logical_sn - Enable/disable usage of the logical serial number. type: str choices: enable, disable
more...
Supported Version Ranges logical_sn v6.2.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - memory_based_failover - Enable/disable memory based failover. type: str choices: enable, disable
more...
Supported Version Ranges memory_based_failover v7.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - memory_compatible_mode - Enable/disable memory compatible mode. type: str choices: enable, disable
more...
Supported Version Ranges memory_compatible_mode v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - memory_failover_flip_timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647). type: int
more...
Supported Version Ranges memory_failover_flip_timeout v7.0.0 -> latest - memory_failover_monitor_period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300). type: int
more...
Supported Version Ranges memory_failover_monitor_period v7.0.0 -> latest - memory_failover_sample_rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60). type: int
more...
Supported Version Ranges memory_failover_sample_rate v7.0.0 -> latest - memory_failover_threshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global). type: int
more...
Supported Version Ranges memory_failover_threshold v7.0.0 -> latest - memory_threshold - Dynamic weighted load balancing memory usage weight and high and low thresholds. type: str
more...
Supported Version Ranges memory_threshold v6.0.0 -> latest - mode - HA mode. Must be the same for all members. FGSP requires standalone. type: str choices: standalone, a-a, a-p
more...
Supported Version Ranges mode v6.0.0 -> latest[standalone] v6.0.0 -> latest[a-a] v6.0.0 -> latest[a-p] v6.0.0 -> latest - monitor - Interfaces to check for port monitoring (or link failure). Source system.interface.name. type: list
- multicast_ttl - HA multicast TTL on primary (5 - 3600 sec). type: int
more...
Supported Version Ranges multicast_ttl v6.0.0 -> latest - nntp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions. type: str
more...
Supported Version Ranges nntp_proxy_threshold v6.0.0 -> latest - override - Enable and increase the priority of the unit that should always be primary (master). type: str choices: enable, disable
more...
Supported Version Ranges override v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - override_wait_time - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. type: int
more...
Supported Version Ranges override_wait_time v6.0.0 -> latest - password - Cluster password. Must be the same for all members. type: str
more...
Supported Version Ranges password v6.0.0 -> latest - pingserver_failover_threshold - Remote IP monitoring failover threshold (0 - 50). type: int
more...
Supported Version Ranges pingserver_failover_threshold v6.0.0 -> latest - pingserver_flip_timeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover. type: int
more...
Supported Version Ranges pingserver_flip_timeout v6.0.0 -> latest - pingserver_monitor_interface - Interfaces to check for remote IP monitoring. Source system.interface.name. type: list
- pingserver_secondary_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
more...
Supported Version Ranges pingserver_secondary_force_reset v6.4.4 -> v7.0.12v7.2.1 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - pingserver_slave_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
more...
Supported Version Ranges pingserver_slave_force_reset v6.0.0 -> v6.4.1v7.2.0 -> v7.2.0[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - pop3_proxy_threshold - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions. type: str
more...
Supported Version Ranges pop3_proxy_threshold v6.0.0 -> latest - priority - Increase the priority to select the primary unit (0 - 255). type: int
more...
Supported Version Ranges priority v6.0.0 -> latest - route_hold - Time to wait between routing table updates to the cluster (0 - 3600 sec). type: int
more...
Supported Version Ranges route_hold v6.0.0 -> latest - route_ttl - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover. type: int
more...
Supported Version Ranges route_ttl v6.0.0 -> latest - route_wait - Time to wait before sending new routes to the cluster (0 - 3600 sec). type: int
more...
Supported Version Ranges route_wait v6.0.0 -> latest - schedule - Type of A-A load balancing. Use none if you have external load balancers. type: str choices: none, leastconnection, round-robin, weight-round-robin, random, ip, ipport, hub
more...
Supported Version Ranges schedule v6.0.0 -> latest[none] v6.0.0 -> latest[leastconnection] v6.0.0 -> latest[round-robin] v6.0.0 -> latest[weight-round-robin] v6.0.0 -> latest[random] v6.0.0 -> latest[ip] v6.0.0 -> latest[ipport] v6.0.0 -> latest[hub] v6.0.0 -> v7.2.0 - secondary_vcluster - Configure virtual cluster 2. type: dict
more...
Supported Version Ranges secondary_vcluster v6.0.0 -> v7.0.12 - monitor - Interfaces to check for port monitoring (or link failure). Source system.interface.name. type: list
- override - Enable and increase the priority of the unit that should always be primary. type: str choices: enable, disable
more...
Supported Version Ranges override v6.0.0 -> v7.0.12[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - override_wait_time - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. type: int
more...
Supported Version Ranges override_wait_time v6.0.0 -> v7.0.12 - pingserver_failover_threshold - Remote IP monitoring failover threshold (0 - 50). type: int
more...
Supported Version Ranges pingserver_failover_threshold v6.0.0 -> v7.0.12 - pingserver_monitor_interface - Interfaces to check for remote IP monitoring. Source system.interface.name. type: list
- pingserver_secondary_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
more...
Supported Version Ranges pingserver_secondary_force_reset v6.4.4 -> v7.0.12[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - pingserver_slave_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
more...
Supported Version Ranges pingserver_slave_force_reset v6.0.0 -> v6.4.1[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - priority - Increase the priority to select the primary unit (0 - 255). type: int
more...
Supported Version Ranges priority v6.0.0 -> v7.0.12 - vcluster_id - Cluster ID. type: int
more...
Supported Version Ranges vcluster_id v6.0.0 -> v7.0.5 - vdom - VDOMs in virtual cluster 2. type: str
more...
Supported Version Ranges vdom v6.0.0 -> v7.0.12 - session_pickup - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. type: str choices: enable, disable
more...
Supported Version Ranges session_pickup v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - session_pickup_connectionless - Enable/disable UDP and ICMP session sync. type: str choices: enable, disable
more...
Supported Version Ranges session_pickup_connectionless v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - session_pickup_delay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. type: str choices: enable, disable
more...
Supported Version Ranges session_pickup_delay v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - session_pickup_expectation - Enable/disable session helper expectation session sync for FGSP. type: str choices: enable, disable
more...
Supported Version Ranges session_pickup_expectation v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - session_pickup_nat - Enable/disable NAT session sync for FGSP. type: str choices: enable, disable
more...
Supported Version Ranges session_pickup_nat v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - session_sync_dev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly. Source system.interface.name. type: list
- smtp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions. type: str
more...
Supported Version Ranges smtp_proxy_threshold v6.0.0 -> latest - ssd_failover - Enable/disable automatic HA failover on SSD disk failure. type: str choices: enable, disable
more...
Supported Version Ranges ssd_failover v6.2.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - standalone_config_sync - Enable/disable FGSP configuration synchronization. type: str choices: enable, disable
more...
Supported Version Ranges standalone_config_sync v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - standalone_mgmt_vdom - Enable/disable standalone management VDOM. type: str choices: enable, disable
more...
Supported Version Ranges standalone_mgmt_vdom v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - sync_config - Enable/disable configuration synchronization. type: str choices: enable, disable
more...
Supported Version Ranges sync_config v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - sync_packet_balance - Enable/disable HA packet distribution to multiple CPUs. type: str choices: enable, disable
more...
Supported Version Ranges sync_packet_balance v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - unicast_gateway - Default route gateway for unicast interface. type: str
more...
Supported Version Ranges unicast_gateway - unicast_hb - Enable/disable unicast heartbeat. type: str choices: enable, disable
more...
Supported Version Ranges unicast_hb [enable] v7.0.0 -> v7.0.12v7.2.1 -> v7.2.2v7.4.0 -> latest[disable] v7.0.0 -> v7.0.12v7.2.1 -> v7.2.2v7.4.0 -> latest - unicast_hb_netmask - Unicast heartbeat netmask. type: str
more...
Supported Version Ranges unicast_hb_netmask - unicast_hb_peerip - Unicast heartbeat peer IP. type: str
more...
Supported Version Ranges unicast_hb_peerip - unicast_peers - Number of unicast peers. type: list member_path: unicast_peers:id
more...
Supported Version Ranges unicast_peers - id - Table ID. see Notes. type: int required: true
more...
Supported Version Ranges id v7.0.0 -> v7.0.12v7.2.1 -> v7.2.2v7.4.0 -> latest - peer_ip - Unicast peer IP. type: str
more...
Supported Version Ranges peer_ip v7.0.0 -> v7.0.12v7.2.1 -> v7.2.2v7.4.0 -> latest - unicast_status - Enable/disable unicast connection. type: str choices: enable, disable
more...
Supported Version Ranges unicast_status [enable] v7.0.0 -> v7.0.12v7.2.1 -> v7.2.2v7.4.0 -> latest[disable] v7.0.0 -> v7.0.12v7.2.1 -> v7.2.2v7.4.0 -> latest - uninterruptible_primary_wait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (15 - 300). type: int
more...
Supported Version Ranges uninterruptible_primary_wait v7.0.2 -> latest - uninterruptible_upgrade - Enable to upgrade a cluster without blocking network traffic. type: str choices: enable, disable
more...
Supported Version Ranges uninterruptible_upgrade v6.0.0 -> v7.4.0[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - upgrade_mode - The mode to upgrade a cluster. type: str choices: simultaneous, uninterruptible, local-only, secondary-only
more...
Supported Version Ranges upgrade_mode v7.4.1 -> latest[simultaneous] v6.0.0 -> latest[uninterruptible] v6.0.0 -> latest[local-only] v6.0.0 -> latest[secondary-only] v6.0.0 -> latest - vcluster - Virtual cluster table. type: list member_path: vcluster:vcluster_id
more...
Supported Version Ranges vcluster v7.2.0 -> latest - monitor - Interfaces to check for port monitoring (or link failure). Source system.interface.name. type: list
- override - Enable and increase the priority of the unit that should always be primary (master). type: str choices: enable, disable
more...
Supported Version Ranges override v7.2.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - override_wait_time - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. type: int
more...
Supported Version Ranges override_wait_time v7.2.0 -> latest - pingserver_failover_threshold - Remote IP monitoring failover threshold (0 - 50). type: int
more...
Supported Version Ranges pingserver_failover_threshold v7.2.0 -> latest - pingserver_monitor_interface - Interfaces to check for remote IP monitoring. Source system.interface.name. type: list
- pingserver_secondary_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
more...
Supported Version Ranges pingserver_secondary_force_reset v7.2.1 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - pingserver_slave_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
more...
Supported Version Ranges pingserver_slave_force_reset v7.2.0 -> v7.2.0[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - priority - Increase the priority to select the primary unit (0 - 255). type: int
more...
Supported Version Ranges priority v7.2.0 -> latest - vcluster_id - ID. see Notes. type: int required: true
more...
Supported Version Ranges vcluster_id v7.2.0 -> latest - vdom - Virtual domain(s) in the virtual cluster. type: list member_path: vcluster:vcluster_id/vdom:name
more...
Supported Version Ranges vdom v7.2.0 -> latest - name - Virtual domain name. Source system.vdom.name. type: str required: true
more...
Supported Version Ranges name v7.2.0 -> latest - vcluster_id - Cluster ID. type: int
more...
Supported Version Ranges vcluster_id v6.0.0 -> v7.0.5 - vcluster_status - Enable/disable virtual cluster for virtual clustering. type: str choices: enable, disable
more...
Supported Version Ranges vcluster_status v7.2.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - vcluster2 - Enable/disable virtual cluster 2 for virtual clustering. type: str choices: enable, disable
more...
Supported Version Ranges vcluster2 v6.0.0 -> v7.0.12[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - vdom - VDOMs in virtual cluster 1. type: str
more...
Supported Version Ranges vdom v6.0.0 -> v7.0.12 - weight - Weight-round-robin weight for each cluster unit. Syntax . type: str
more...
Supported Version Ranges weight v6.0.0 -> latest
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- name: Configure HA.
fortinet.fortios.fortios_system_ha:
vdom: "{{ vdom }}"
system_ha:
arps: "5"
arps_interval: "8"
authentication: "enable"
cpu_threshold: "<your_own_value>"
encryption: "enable"
evpn_ttl: "60"
failover_hold_time: "0"
ftp_proxy_threshold: "<your_own_value>"
gratuitous_arps: "enable"
group_id: "0"
group_name: "<your_own_value>"
ha_direct: "enable"
ha_eth_type: "<your_own_value>"
ha_mgmt_interfaces:
-
dst: "<your_own_value>"
gateway: "<your_own_value>"
gateway6: "<your_own_value>"
id: "20"
interface: "<your_own_value> (source system.interface.name)"
ha_mgmt_status: "enable"
ha_uptime_diff_margin: "300"
hb_interval: "2"
hb_interval_in_milliseconds: "100ms"
hb_lost_threshold: "20"
hbdev: "<your_own_value>"
hc_eth_type: "<your_own_value>"
hello_holddown: "20"
http_proxy_threshold: "<your_own_value>"
imap_proxy_threshold: "<your_own_value>"
inter_cluster_session_sync: "enable"
key: "<your_own_value>"
l2ep_eth_type: "<your_own_value>"
link_failed_signal: "enable"
load_balance_all: "enable"
logical_sn: "enable"
memory_based_failover: "enable"
memory_compatible_mode: "enable"
memory_failover_flip_timeout: "6"
memory_failover_monitor_period: "60"
memory_failover_sample_rate: "1"
memory_failover_threshold: "0"
memory_threshold: "<your_own_value>"
mode: "standalone"
monitor: "<your_own_value> (source system.interface.name)"
multicast_ttl: "600"
nntp_proxy_threshold: "<your_own_value>"
override: "enable"
override_wait_time: "0"
password: "<your_own_value>"
pingserver_failover_threshold: "0"
pingserver_flip_timeout: "60"
pingserver_monitor_interface: "<your_own_value> (source system.interface.name)"
pingserver_secondary_force_reset: "enable"
pingserver_slave_force_reset: "enable"
pop3_proxy_threshold: "<your_own_value>"
priority: "128"
route_hold: "10"
route_ttl: "10"
route_wait: "0"
schedule: "none"
secondary_vcluster:
monitor: "<your_own_value> (source system.interface.name)"
override: "enable"
override_wait_time: "0"
pingserver_failover_threshold: "0"
pingserver_monitor_interface: "<your_own_value> (source system.interface.name)"
pingserver_secondary_force_reset: "enable"
pingserver_slave_force_reset: "enable"
priority: "128"
vcluster_id: "1"
vdom: "<your_own_value>"
session_pickup: "enable"
session_pickup_connectionless: "enable"
session_pickup_delay: "enable"
session_pickup_expectation: "enable"
session_pickup_nat: "enable"
session_sync_dev: "<your_own_value> (source system.interface.name)"
smtp_proxy_threshold: "<your_own_value>"
ssd_failover: "enable"
standalone_config_sync: "enable"
standalone_mgmt_vdom: "enable"
sync_config: "enable"
sync_packet_balance: "enable"
unicast_gateway: "<your_own_value>"
unicast_hb: "enable"
unicast_hb_netmask: "<your_own_value>"
unicast_hb_peerip: "<your_own_value>"
unicast_peers:
-
id: "91"
peer_ip: "<your_own_value>"
unicast_status: "enable"
uninterruptible_primary_wait: "30"
uninterruptible_upgrade: "enable"
upgrade_mode: "simultaneous"
vcluster:
-
monitor: "<your_own_value> (source system.interface.name)"
override: "enable"
override_wait_time: "0"
pingserver_failover_threshold: "0"
pingserver_monitor_interface: "<your_own_value> (source system.interface.name)"
pingserver_secondary_force_reset: "enable"
pingserver_slave_force_reset: "enable"
priority: "128"
vcluster_id: "<you_own_value>"
vdom:
-
name: "default_name_108 (source system.vdom.name)"
vcluster_id: "0"
vcluster_status: "enable"
vcluster2: "enable"
vdom: "<your_own_value>"
weight: "<your_own_value>"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.