fortinet.fortimanager.fmgr_system_global – Global range attributes.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
|
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
||
| state
string / required
|
|
the directive to create, update or delete an object
|
|
| system_global
dictionary
|
the top level parameters set
|
||
| admin-lockout-duration
integer
|
Default:
60
|
Lockout duration(sec) for administration.
|
|
| admin-lockout-threshold
integer
|
Default:
3
|
Lockout threshold for administration.
|
|
| adom-mode
string
|
|
ADOM mode.
normal - Normal ADOM mode.
advanced - Advanced ADOM mode.
|
|
| adom-rev-auto-delete
string
|
|
Auto delete features for old ADOM revisions.
disable - Disable auto delete function for ADOM revision.
by-revisions - Auto delete ADOM revisions by maximum number of revisions.
by-days - Auto delete ADOM revisions by maximum days.
|
|
| adom-rev-max-backup-revisions
integer
|
Default:
5
|
Maximum number of ADOM revisions to backup.
|
|
| adom-rev-max-days
integer
|
Default:
30
|
Number of days to keep old ADOM revisions.
|
|
| adom-rev-max-revisions
integer
|
Default:
120
|
Maximum number of ADOM revisions to keep.
|
|
| adom-select
string
|
|
Enable/disable select ADOM after login.
disable - Disable select ADOM after login.
enable - Enable select ADOM after login.
|
|
| adom-status
string
|
|
ADOM status.
disable - Disable ADOM mode.
enable - Enable ADOM mode.
|
|
| clt-cert-req
string
|
|
Require client certificate for GUI login.
disable - Disable setting.
enable - Require client certificate for GUI login.
optional - Optional client certificate for GUI login.
|
|
| console-output
string
|
|
Console output mode.
standard - Standard output.
more - More page output.
|
|
| country-flag
string
|
|
Country flag Status.
disable - Disable country flag icon beside ip address.
enable - Enable country flag icon beside ip address.
|
|
| create-revision
string
|
|
Enable/disable create revision by default.
disable - Disable create revision by default.
enable - Enable create revision by default.
|
|
| daylightsavetime
string
|
|
Enable/disable daylight saving time.
disable - Disable setting.
enable - Enable setting.
|
|
| default-disk-quota
integer
|
Default:
1000
|
Default disk quota for registered device (MB).
|
|
| detect-unregistered-log-device
string
|
|
Detect unregistered logging device from log message.
disable - Disable attribute function.
enable - Enable attribute function.
|
|
| device-view-mode
string
|
|
Set devices/groups view mode.
regular - Regular view mode.
tree - Tree view mode.
|
|
| dh-params
string
|
|
Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits).
1024 - 1024 bits.
1536 - 1536 bits.
2048 - 2048 bits.
3072 - 3072 bits.
4096 - 4096 bits.
6144 - 6144 bits.
8192 - 8192 bits.
|
|
| disable-module
list / elements=string
|
|
no description
|
|
| enc-algorithm
string
|
|
SSL communication encryption algorithms.
low - SSL communication using all available encryption algorithms.
medium - SSL communication using high and medium encryption algorithms.
high - SSL communication using high encryption algorithms.
|
|
| faz-status
string
|
|
FAZ status.
disable - Disable FAZ feature.
enable - Enable FAZ feature.
|
|
| fgfm-local-cert
string
|
set the fgfm local certificate.
|
||
| fgfm-ssl-protocol
string
|
|
set the lowest SSL protocols for fgfmsd.
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
|
|
| ha-member-auto-grouping
string
|
|
Enable/disable automatically group HA members feature
disable - Disable automatically grouping HA members feature.
enable - Enable automatically grouping HA members only when group name is unique in your network.
|
|
| hitcount_concurrent
integer
|
Default:
100
|
The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100).
|
|
| hitcount_interval
integer
|
Default:
300
|
The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300).
|
|
| hostname
string
|
Default:
"FMG-VM64"
|
System hostname.
|
|
| import-ignore-addr-cmt
string
|
|
Enable/Disable import ignore of address comments.
disable - Disable import ignore of address comments.
enable - Enable import ignore of address comments.
|
|
| language
string
|
|
System global language.
english - English
simch - Simplified Chinese
japanese - Japanese
korean - Korean
spanish - Spanish
trach - Traditional Chinese
|
|
| latitude
string
|
fmg location latitude
|
||
| ldap-cache-timeout
integer
|
Default:
86400
|
LDAP browser cache timeout (seconds).
|
|
| ldapconntimeout
integer
|
Default:
60000
|
LDAP connection timeout (msec).
|
|
| lock-preempt
string
|
|
Enable/disable ADOM lock override.
disable - Disable lock preempt.
enable - Enable lock preempt.
|
|
| log-checksum
string
|
|
Record log file hash value, timestamp, and authentication code at transmission or rolling.
none - No record log file checksum.
md5 - Record log files MD5 hash value only.
md5-auth - Record log files MD5 hash value and authentication code.
|
|
| log-forward-cache-size
integer
|
Default:
0
|
Log forwarding disk cache size (GB).
|
|
| longitude
string
|
fmg location longitude
|
||
| max-log-forward
integer
|
Default:
5
|
Maximum number of log-forward and aggregation settings.
|
|
| max-running-reports
integer
|
Default:
1
|
Maximum number of reports generating at one time.
|
|
| oftp-ssl-protocol
string
|
|
set the lowest SSL protocols for oftpd.
sslv3 - set SSLv3 as the lowest version.
tlsv1.0 - set TLSv1.0 as the lowest version.
tlsv1.1 - set TLSv1.1 as the lowest version.
tlsv1.2 - set TLSv1.2 as the lowest version (default).
|
|
| partial-install
string
|
|
Enable/Disable partial install (install some objects).
disable - Disable partial install function.
enable - Enable partial install function.
|
|
| partial-install-force
string
|
|
Enable/Disable partial install when devdb is modified.
disable - Disable partial install when devdb is modified.
enable - Enable partial install when devdb is modified.
|
|
| partial-install-rev
string
|
|
Enable/Disable auto creating adom revision for partial install.
disable - Disable partial install revision.
enable - Enable partial install revision.
|
|
| perform-improve-by-ha
string
|
|
Enable/Disable performance improvement by distributing tasks to HA slaves.
disable - Disable performance improvement by HA.
enable - Enable performance improvement by HA.
|
|
| policy-hit-count
string
|
|
show policy hit count.
disable - Disable policy hit count.
enable - Enable policy hit count.
|
|
| policy-object-in-dual-pane
string
|
|
show policies and objects in dual pane.
disable - Disable polices and objects in dual pane.
enable - Enable polices and objects in dual pane.
|
|
| pre-login-banner
string
|
|
Enable/disable pre-login banner.
disable - Disable pre-login banner.
enable - Enable pre-login banner.
|
|
| pre-login-banner-message
string
|
Pre-login banner message.
|
||
| remoteauthtimeout
integer
|
Default:
10
|
Remote authentication (RADIUS/LDAP) timeout (sec).
|
|
| search-all-adoms
string
|
|
Enable/Disable Search all ADOMs for where-used query.
disable - Disable search all ADOMs for where-used queries.
enable - Enable search all ADOMs for where-used queries.
|
|
| ssl-low-encryption
string
|
|
SSL low-grade encryption.
disable - Disable SSL low-grade encryption.
enable - Enable SSL low-grade encryption.
|
|
| ssl-protocol
list / elements=string
|
|
no description
|
|
| ssl-static-key-ciphers
string
|
|
Enable/disable SSL static key ciphers.
disable - Disable setting.
enable - Enable setting.
|
|
| task-list-size
integer
|
Default:
2000
|
Maximum number of completed tasks to keep.
|
|
| tftp
string
|
|
Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode)
disable - Disable TFTP
enable - Enable TFTP
|
|
| timezone
string
|
|
Time zone.
00 - (GMT-12:00) Eniwetak, Kwajalein.
01 - (GMT-11:00) Midway Island, Samoa.
02 - (GMT-10:00) Hawaii.
03 - (GMT-9:00) Alaska.
04 - (GMT-8:00) Pacific Time (US & Canada).
05 - (GMT-7:00) Arizona.
06 - (GMT-7:00) Mountain Time (US & Canada).
07 - (GMT-6:00) Central America.
08 - (GMT-6:00) Central Time (US & Canada).
09 - (GMT-6:00) Mexico City.
10 - (GMT-6:00) Saskatchewan.
11 - (GMT-5:00) Bogota, Lima, Quito.
12 - (GMT-5:00) Eastern Time (US & Canada).
13 - (GMT-5:00) Indiana (East).
14 - (GMT-4:00) Atlantic Time (Canada).
15 - (GMT-4:00) La Paz.
16 - (GMT-4:00) Santiago.
17 - (GMT-3:30) Newfoundland.
18 - (GMT-3:00) Brasilia.
19 - (GMT-3:00) Buenos Aires, Georgetown.
20 - (GMT-3:00) Nuuk (Greenland).
21 - (GMT-2:00) Mid-Atlantic.
22 - (GMT-1:00) Azores.
23 - (GMT-1:00) Cape Verde Is.
24 - (GMT) Monrovia.
25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London.
26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague.
28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris.
29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb.
30 - (GMT+1:00) West Central Africa.
31 - (GMT+2:00) Athens, Sofia, Vilnius.
32 - (GMT+2:00) Bucharest.
33 - (GMT+2:00) Cairo.
34 - (GMT+2:00) Harare, Pretoria.
35 - (GMT+2:00) Helsinki, Riga,Tallinn.
36 - (GMT+2:00) Jerusalem.
37 - (GMT+3:00) Baghdad.
38 - (GMT+3:00) Kuwait, Riyadh.
39 - (GMT+3:00) St.Petersburg, Volgograd.
40 - (GMT+3:00) Nairobi.
41 - (GMT+3:30) Tehran.
42 - (GMT+4:00) Abu Dhabi, Muscat.
43 - (GMT+4:00) Baku.
44 - (GMT+4:30) Kabul.
45 - (GMT+5:00) Ekaterinburg.
46 - (GMT+5:00) Islamabad, Karachi,Tashkent.
47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi.
48 - (GMT+5:45) Kathmandu.
49 - (GMT+6:00) Almaty, Novosibirsk.
50 - (GMT+6:00) Astana, Dhaka.
51 - (GMT+6:00) Sri Jayawardenapura.
52 - (GMT+6:30) Rangoon.
53 - (GMT+7:00) Bangkok, Hanoi, Jakarta.
54 - (GMT+7:00) Krasnoyarsk.
55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi.
56 - (GMT+8:00) Irkutsk, Ulaanbaatar.
57 - (GMT+8:00) Kuala Lumpur, Singapore.
58 - (GMT+8:00) Perth.
59 - (GMT+8:00) Taipei.
60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul.
61 - (GMT+9:00) Yakutsk.
62 - (GMT+9:30) Adelaide.
63 - (GMT+9:30) Darwin.
64 - (GMT+10:00) Brisbane.
65 - (GMT+10:00) Canberra, Melbourne, Sydney.
66 - (GMT+10:00) Guam, Port Moresby.
67 - (GMT+10:00) Hobart.
68 - (GMT+10:00) Vladivostok.
69 - (GMT+11:00) Magadan.
70 - (GMT+11:00) Solomon Is., New Caledonia.
71 - (GMT+12:00) Auckland, Wellington.
72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is.
73 - (GMT+13:00) Nukualofa.
74 - (GMT-4:30) Caracas.
75 - (GMT+1:00) Namibia.
76 - (GMT-5:00) Brazil-Acre.
77 - (GMT-4:00) Brazil-West.
78 - (GMT-3:00) Brazil-East.
79 - (GMT-2:00) Brazil-DeNoronha.
80 - (GMT+14:00) Kiritimati.
81 - (GMT-7:00) Baja California Sur, Chihuahua.
82 - (GMT+12:45) Chatham Islands.
83 - (GMT+3:00) Minsk.
84 - (GMT+13:00) Samoa.
85 - (GMT+3:00) Istanbul.
86 - (GMT-4:00) Paraguay.
87 - (GMT) Casablanca.
88 - (GMT+3:00) Moscow.
89 - (GMT) Greenwich Mean Time.
|
|
| tunnel-mtu
integer
|
Default:
1500
|
Maximum transportation unit(68 - 9000).
|
|
| usg
string
|
|
Enable/disable Fortiguard server restriction.
disable - Contact any Fortiguard server
enable - Contact Fortiguard server in USA only
|
|
| vdom-mirror
string
|
|
VDOM mirror.
disable - Disable VDOM mirror function.
enable - Enable VDOM mirror function.
|
|
| webservice-proto
list / elements=string
|
|
no description
|
|
| workflow-max-sessions
integer
|
Default:
500
|
Maximum number of workflow sessions per ADOM (minimum 100).
|
|
| workspace-mode
string
|
|
Set workspace mode (ADOM Locking).
disabled - Workspace disabled.
normal - Workspace lock mode.
workflow - Workspace workflow mode.
|
|
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
|
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Global range attributes.
fmgr_system_global:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
system_global:
admin-lockout-duration: <value of integer>
admin-lockout-threshold: <value of integer>
adom-mode: <value in [normal, advanced]>
adom-rev-auto-delete: <value in [disable, by-revisions, by-days]>
adom-rev-max-backup-revisions: <value of integer>
adom-rev-max-days: <value of integer>
adom-rev-max-revisions: <value of integer>
adom-select: <value in [disable, enable]>
adom-status: <value in [disable, enable]>
clt-cert-req: <value in [disable, enable, optional]>
console-output: <value in [standard, more]>
country-flag: <value in [disable, enable]>
create-revision: <value in [disable, enable]>
daylightsavetime: <value in [disable, enable]>
default-disk-quota: <value of integer>
detect-unregistered-log-device: <value in [disable, enable]>
device-view-mode: <value in [regular, tree]>
dh-params: <value in [1024, 1536, 2048, ...]>
disable-module:
- fortiview-noc
enc-algorithm: <value in [low, medium, high]>
faz-status: <value in [disable, enable]>
fgfm-local-cert: <value of string>
fgfm-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
ha-member-auto-grouping: <value in [disable, enable]>
hitcount_concurrent: <value of integer>
hitcount_interval: <value of integer>
hostname: <value of string>
import-ignore-addr-cmt: <value in [disable, enable]>
language: <value in [english, simch, japanese, ...]>
latitude: <value of string>
ldap-cache-timeout: <value of integer>
ldapconntimeout: <value of integer>
lock-preempt: <value in [disable, enable]>
log-checksum: <value in [none, md5, md5-auth]>
log-forward-cache-size: <value of integer>
longitude: <value of string>
max-log-forward: <value of integer>
max-running-reports: <value of integer>
oftp-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...]>
partial-install: <value in [disable, enable]>
partial-install-force: <value in [disable, enable]>
partial-install-rev: <value in [disable, enable]>
perform-improve-by-ha: <value in [disable, enable]>
policy-hit-count: <value in [disable, enable]>
policy-object-in-dual-pane: <value in [disable, enable]>
pre-login-banner: <value in [disable, enable]>
pre-login-banner-message: <value of string>
remoteauthtimeout: <value of integer>
search-all-adoms: <value in [disable, enable]>
ssl-low-encryption: <value in [disable, enable]>
ssl-protocol:
- tlsv1.2
- tlsv1.1
- tlsv1.0
- sslv3
ssl-static-key-ciphers: <value in [disable, enable]>
task-list-size: <value of integer>
tftp: <value in [disable, enable]>
timezone: <value in [00, 01, 02, ...]>
tunnel-mtu: <value of integer>
usg: <value in [disable, enable]>
vdom-mirror: <value in [disable, enable]>
webservice-proto:
- tlsv1.2
- tlsv1.1
- tlsv1.0
- sslv3
- sslv2
workflow-max-sessions: <value of integer>
workspace-mode: <value in [disabled, normal, workflow]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_system_global_module.html