fortinet.fortios.fortios_system_interface – Configure interfaces in Fortinet’s FortiOS and FortiGate.
Note
This plugin is part of the fortinet.fortios collection (version 2.1.2).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_system_interface.
New in version 2.10: of fortinet.fortios
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
| access_token
string
|
Token-based authentication. Generated from GUI of Fortigate.
|
|||||
| enable_log
boolean
|
|
Enable/Disable logging for task.
|
||||
| state
string / required
|
|
Indicates whether to create or remove the object.
|
||||
| system_interface
dictionary
|
Configure interfaces.
|
|||||
| ac_name
string
|
PPPoE server name.
|
|||||
| aggregate
string
|
Aggregate interface.
|
|||||
| algorithm
string
|
|
Frame distribution algorithm.
|
||||
| alias
string
|
Alias will be displayed with the interface name to make it easier to distinguish.
|
|||||
| allowaccess
list / elements=string
|
|
Permitted types of management access to this interface.
|
||||
| ap_discover
string
|
|
Enable/disable automatic registration of unknown FortiAP devices.
|
||||
| arpforward
string
|
|
Enable/disable ARP forwarding.
|
||||
| auth_type
string
|
|
PPP authentication type to use.
|
||||
| auto_auth_extension_device
string
|
|
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface.
|
||||
| bandwidth_measure_time
integer
|
Bandwidth measure time
|
|||||
| bfd
string
|
|
Bidirectional Forwarding Detection (BFD) settings.
|
||||
| bfd_desired_min_tx
integer
|
BFD desired minimal transmit interval.
|
|||||
| bfd_detect_mult
integer
|
BFD detection multiplier.
|
|||||
| bfd_required_min_rx
integer
|
BFD required minimal receive interval.
|
|||||
| broadcast_forticlient_discovery
string
|
|
Enable/disable broadcasting FortiClient discovery messages.
|
||||
| broadcast_forward
string
|
|
Enable/disable broadcast forwarding.
|
||||
| captive_portal
integer
|
Enable/disable captive portal.
|
|||||
| cli_conn_status
integer
|
CLI connection status.
|
|||||
| client_options
list / elements=string
|
DHCP client options.
|
|||||
| code
integer
|
DHCP client option code.
|
|||||
| id
integer / required
|
ID.
|
|||||
| ip
string
|
DHCP option IPs.
|
|||||
| type
string
|
|
DHCP client option type.
|
||||
| value
string
|
DHCP client option value.
|
|||||
| color
integer
|
Color of icon on the GUI.
|
|||||
| dedicated_to
string
|
|
Configure interface for single purpose.
|
||||
| defaultgw
string
|
|
Enable to get the gateway IP from the DHCP or PPPoE server.
|
||||
| description
string
|
Description.
|
|||||
| detected_peer_mtu
integer
|
MTU of detected peer (0 - 4294967295).
|
|||||
| detectprotocol
list / elements=string
|
|
Protocols used to detect the server.
|
||||
| detectserver
string
|
Gateway"s ping server for this IP.
|
|||||
| device_access_list
string
|
Device access list.
|
|||||
| device_identification
string
|
|
Enable/disable passively gathering of device identity information about the devices on the network connected to this interface.
|
||||
| device_identification_active_scan
string
|
|
Enable/disable active gathering of device identity information about the devices on the network connected to this interface.
|
||||
| device_netscan
string
|
|
Enable/disable inclusion of devices detected on this interface in network vulnerability scans.
|
||||
| device_user_identification
string
|
|
Enable/disable passive gathering of user identity information about users on this interface.
|
||||
| devindex
integer
|
Device Index.
|
|||||
| dhcp_client_identifier
string
|
DHCP client identifier.
|
|||||
| dhcp_relay_agent_option
string
|
|
Enable/disable DHCP relay agent option.
|
||||
| dhcp_relay_interface
string
|
Specify outgoing interface to reach server. Source system.interface.name.
|
|||||
| dhcp_relay_interface_select_method
string
|
|
Specify how to select outgoing interface to reach server.
|
||||
| dhcp_relay_ip
string
|
DHCP relay IP address.
|
|||||
| dhcp_relay_request_all_server
string
|
|
Enable/disable sending of DHCP requests to all servers.
|
||||
| dhcp_relay_service
string
|
|
Enable/disable allowing this interface to act as a DHCP relay.
|
||||
| dhcp_relay_type
string
|
|
DHCP relay type (regular or IPsec).
|
||||
| dhcp_renew_time
integer
|
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
|
|||||
| disc_retry_timeout
integer
|
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
|
|||||
| disconnect_threshold
integer
|
Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
|
|||||
| distance
integer
|
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
|
|||||
| dns_server_override
string
|
|
Enable/disable use DNS acquired by DHCP or PPPoE.
|
||||
| drop_fragment
string
|
|
Enable/disable drop fragment packets.
|
||||
| drop_overlapped_fragment
string
|
|
Enable/disable drop overlapped fragment packets.
|
||||
| egress_cos
string
|
|
Override outgoing CoS in user VLAN tag.
|
||||
| egress_queues
dictionary
|
Configure queues of NP port on egress path.
|
|||||
| cos0
string
|
CoS profile name for CoS 0. Source system.isf-queue-profile.name.
|
|||||
| cos1
string
|
CoS profile name for CoS 1. Source system.isf-queue-profile.name.
|
|||||
| cos2
string
|
CoS profile name for CoS 2. Source system.isf-queue-profile.name.
|
|||||
| cos3
string
|
CoS profile name for CoS 3. Source system.isf-queue-profile.name.
|
|||||
| cos4
string
|
CoS profile name for CoS 4. Source system.isf-queue-profile.name.
|
|||||
| cos5
string
|
CoS profile name for CoS 5. Source system.isf-queue-profile.name.
|
|||||
| cos6
string
|
CoS profile name for CoS 6. Source system.isf-queue-profile.name.
|
|||||
| cos7
string
|
CoS profile name for CoS 7. Source system.isf-queue-profile.name.
|
|||||
| egress_shaping_profile
string
|
Outgoing traffic shaping profile. Source firewall.shaping-profile.profile-name.
|
|||||
| endpoint_compliance
string
|
|
Enable/disable endpoint compliance enforcement.
|
||||
| estimated_downstream_bandwidth
integer
|
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
|
|||||
| estimated_upstream_bandwidth
integer
|
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
|
|||||
| explicit_ftp_proxy
string
|
|
Enable/disable the explicit FTP proxy on this interface.
|
||||
| explicit_web_proxy
string
|
|
Enable/disable the explicit web proxy on this interface.
|
||||
| external
string
|
|
Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet).
|
||||
| fail_action_on_extender
string
|
|
Action on extender when interface fail .
|
||||
| fail_alert_interfaces
list / elements=string
|
Names of the FortiGate interfaces from which the link failure alert is sent for this interface.
|
|||||
| name
string / required
|
Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name.
|
|||||
| fail_alert_method
string
|
|
Select link-failed-signal or link-down method to alert about a failed link.
|
||||
| fail_detect
string
|
|
Enable/disable fail detection features for this interface.
|
||||
| fail_detect_option
list / elements=string
|
|
Options for detecting that this interface has failed.
|
||||
| fortiheartbeat
string
|
|
Enable/disable FortiHeartBeat (FortiTelemetry on GUI).
|
||||
| fortilink
string
|
|
Enable FortiLink to dedicate this interface to manage other Fortinet devices.
|
||||
| fortilink_backup_link
integer
|
fortilink split interface backup link.
|
|||||
| fortilink_neighbor_detect
string
|
|
Protocol for FortiGate neighbor discovery.
|
||||
| fortilink_split_interface
string
|
|
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members" command).
|
||||
| fortilink_stacking
string
|
|
Enable/disable FortiLink switch-stacking on this interface.
|
||||
| forward_domain
integer
|
Transparent mode forward domain.
|
|||||
| gi_gk
string
|
|
Enable/disable Gi Gatekeeper.
|
||||
| gwdetect
string
|
|
Enable/disable detect gateway alive for first.
|
||||
| ha_priority
integer
|
HA election priority for the PING server.
|
|||||
| icmp_accept_redirect
string
|
|
Enable/disable ICMP accept redirect.
|
||||
| icmp_send_redirect
string
|
|
Enable/disable ICMP send redirect.
|
||||
| ident_accept
string
|
|
Enable/disable authentication for this interface.
|
||||
| idle_timeout
integer
|
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
|
|||||
| inbandwidth
integer
|
Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited.
|
|||||
| ingress_cos
string
|
|
Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface.
|
||||
| ingress_shaping_profile
string
|
Incoming traffic shaping profile. Source firewall.shaping-profile.profile-name.
|
|||||
| ingress_spillover_threshold
integer
|
Ingress Spillover threshold (0 - 16776000 kbps).
|
|||||
| interface
string
|
Interface name. Source system.interface.name.
|
|||||
| internal
integer
|
Implicitly created.
|
|||||
| ip
string
|
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
|
|||||
| ip_managed_by_fortiipam
string
|
|
Enable/disable automatic IP address assignment of this interface by FortiIPAM.
|
||||
| ipmac
string
|
|
Enable/disable IP/MAC binding.
|
||||
| ips_sniffer_mode
string
|
|
Enable/disable the use of this interface as a one-armed sniffer.
|
||||
| ipunnumbered
string
|
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
|
|||||
| ipv6
dictionary
|
IPv6 of interface.
|
|||||
| autoconf
string
|
|
Enable/disable address auto config.
|
||||
| cli_conn6_status
integer
|
CLI IPv6 connection status.
|
|||||
| dhcp6_client_options
list / elements=string
|
|
DHCPv6 client options.
|
||||
| dhcp6_information_request
string
|
|
Enable/disable DHCPv6 information request.
|
||||
| dhcp6_prefix_delegation
string
|
|
Enable/disable DHCPv6 prefix delegation.
|
||||
| dhcp6_prefix_hint
string
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
|
|||||
| dhcp6_prefix_hint_plt
integer
|
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
|
|||||
| dhcp6_prefix_hint_vlt
integer
|
DHCPv6 prefix hint valid life time (sec).
|
|||||
| dhcp6_relay_ip
string
|
DHCPv6 relay IP address.
|
|||||
| dhcp6_relay_service
string
|
|
Enable/disable DHCPv6 relay.
|
||||
| dhcp6_relay_type
string
|
|
DHCPv6 relay type.
|
||||
| icmp6_send_redirect
string
|
|
Enable/disable sending of ICMPv6 redirects.
|
||||
| interface_identifier
string
|
IPv6 interface identifier.
|
|||||
| ip6_address
string
|
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
|
|||||
| ip6_allowaccess
list / elements=string
|
|
Allow management access to the interface.
|
||||
| ip6_default_life
integer
|
Default life (sec).
|
|||||
| ip6_delegated_prefix_list
list / elements=string
|
Advertised IPv6 delegated prefix list.
|
|||||
| autonomous_flag
string
|
|
Enable/disable the autonomous flag.
|
||||
| onlink_flag
string
|
|
Enable/disable the onlink flag.
|
||||
| prefix_id
integer
|
Prefix ID.
|
|||||
| rdnss
string
|
Recursive DNS server option.
|
|||||
| rdnss_service
string
|
|
Recursive DNS service option.
|
||||
| subnet
string
|
Add subnet ID to routing prefix.
|
|||||
| upstream_interface
string
|
Name of the interface that provides delegated information. Source system.interface.name.
|
|||||
| ip6_dns_server_override
string
|
|
Enable/disable using the DNS server acquired by DHCP.
|
||||
| ip6_extra_addr
list / elements=string
|
Extra IPv6 address prefixes of interface.
|
|||||
| prefix
string / required
|
IPv6 address prefix.
|
|||||
| ip6_hop_limit
integer
|
Hop limit (0 means unspecified).
|
|||||
| ip6_link_mtu
integer
|
IPv6 link MTU.
|
|||||
| ip6_manage_flag
string
|
|
Enable/disable the managed flag.
|
||||
| ip6_max_interval
integer
|
IPv6 maximum interval (4 to 1800 sec).
|
|||||
| ip6_min_interval
integer
|
IPv6 minimum interval (3 to 1350 sec).
|
|||||
| ip6_mode
string
|
|
Addressing mode (static, DHCP, delegated).
|
||||
| ip6_other_flag
string
|
|
Enable/disable the other IPv6 flag.
|
||||
| ip6_prefix_list
list / elements=string
|
Advertised prefix list.
|
|||||
| autonomous_flag
string
|
|
Enable/disable the autonomous flag.
|
||||
| dnssl
list / elements=string
|
DNS search list option.
|
|||||
| domain
string / required
|
Domain name.
|
|||||
| onlink_flag
string
|
|
Enable/disable the onlink flag.
|
||||
| preferred_life_time
integer
|
Preferred life time (sec).
|
|||||
| prefix
string / required
|
IPv6 prefix.
|
|||||
| rdnss
string
|
Recursive DNS server option.
|
|||||
| valid_life_time
integer
|
Valid life time (sec).
|
|||||
| ip6_prefix_mode
string
|
|
Assigning a prefix from DHCP or RA.
|
||||
| ip6_reachable_time
integer
|
IPv6 reachable time (milliseconds; 0 means unspecified).
|
|||||
| ip6_retrans_time
integer
|
IPv6 retransmit time (milliseconds; 0 means unspecified).
|
|||||
| ip6_send_adv
string
|
|
Enable/disable sending advertisements about the interface.
|
||||
| ip6_subnet
string
|
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
|
|||||
| ip6_upstream_interface
string
|
Interface name providing delegated information. Source system.interface.name.
|
|||||
| nd_cert
string
|
Neighbor discovery certificate. Source certificate.local.name.
|
|||||
| nd_cga_modifier
string
|
Neighbor discovery CGA modifier.
|
|||||
| nd_mode
string
|
|
Neighbor discovery mode.
|
||||
| nd_security_level
integer
|
Neighbor discovery security level (0 - 7; 0 = least secure).
|
|||||
| nd_timestamp_delta
integer
|
Neighbor discovery timestamp delta value (1 - 3600 sec; ).
|
|||||
| nd_timestamp_fuzz
integer
|
Neighbor discovery timestamp fuzz factor (1 - 60 sec; ).
|
|||||
| ra_send_mtu
string
|
|
Enable/disable sending link MTU in RA packet.
|
||||
| unique_autoconf_addr
string
|
|
Enable/disable unique auto config address.
|
||||
| vrip6_link_local
string
|
Link-local IPv6 address of virtual router.
|
|||||
| vrrp6
list / elements=string
|
IPv6 VRRP configuration.
|
|||||
| accept_mode
string
|
|
Enable/disable accept mode.
|
||||
| adv_interval
integer
|
Advertisement interval (1 - 255 seconds).
|
|||||
| preempt
string
|
|
Enable/disable preempt mode.
|
||||
| priority
integer
|
Priority of the virtual router (1 - 255).
|
|||||
| start_time
integer
|
Startup time (1 - 255 seconds).
|
|||||
| status
string
|
|
Enable/disable VRRP.
|
||||
| vrdst6
string
|
Monitor the route to this destination.
|
|||||
| vrgrp
integer
|
VRRP group ID (1 - 65535).
|
|||||
| vrid
integer / required
|
Virtual router identifier (1 - 255).
|
|||||
| vrip6
string
|
IPv6 address of the virtual router.
|
|||||
| vrrp_virtual_mac6
string
|
|
Enable/disable virtual MAC for VRRP.
|
||||
| l2forward
string
|
|
Enable/disable l2 forwarding.
|
||||
| lacp_ha_slave
string
|
|
LACP HA slave.
|
||||
| lacp_mode
string
|
|
LACP mode.
|
||||
| lacp_speed
string
|
|
How often the interface sends LACP messages.
|
||||
| lcp_echo_interval
integer
|
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
|
|||||
| lcp_max_echo_fails
integer
|
Maximum missed LCP echo messages before disconnect.
|
|||||
| link_up_delay
integer
|
Number of milliseconds to wait before considering a link is up.
|
|||||
| lldp_network_policy
string
|
LLDP-MED network policy profile. Source system.lldp.network-policy.name.
|
|||||
| lldp_reception
string
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) reception.
|
||||
| lldp_transmission
string
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
|
||||
| macaddr
string
|
Change the interface"s MAC address.
|
|||||
| managed_device
list / elements=string
|
Available when FortiLink is enabled, used for managed devices through FortiLink interface.
|
|||||
| name
string / required
|
Managed dev identifier.
|
|||||
| managed_subnetwork_size
string
|
|
Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit"s DHCP server settings.
|
||||
| management_ip
string
|
High Availability in-band management IP address of this interface.
|
|||||
| measured_downstream_bandwidth
integer
|
Measured downstream bandwidth (kbps).
|
|||||
| measured_upstream_bandwidth
integer
|
Measured upstream bandwidth (kbps).
|
|||||
| mediatype
string
|
|
Select SFP media interface type
|
||||
| member
list / elements=string
|
Physical interfaces that belong to the aggregate or redundant interface.
|
|||||
| interface_name
string
|
Physical interface name. Source system.interface.name.
|
|||||
| min_links
integer
|
Minimum number of aggregated ports that must be up.
|
|||||
| min_links_down
string
|
|
Action to take when less than the configured minimum number of links are active.
|
||||
| mode
string
|
|
Addressing mode (static, DHCP, PPPoE).
|
||||
| monitor_bandwidth
string
|
|
Enable monitoring bandwidth on this interface.
|
||||
| mtu
integer
|
MTU value for this interface.
|
|||||
| mtu_override
string
|
|
Enable to set a custom MTU for this interface.
|
||||
| name
string / required
|
Name.
|
|||||
| ndiscforward
string
|
|
Enable/disable NDISC forwarding.
|
||||
| netbios_forward
string
|
|
Enable/disable NETBIOS forwarding.
|
||||
| netflow_sampler
string
|
|
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both).
|
||||
| outbandwidth
integer
|
Bandwidth limit for outgoing traffic (0 - 16776000 kbps).
|
|||||
| padt_retry_timeout
integer
|
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
|
|||||
| password
string
|
PPPoE account"s password.
|
|||||
| ping_serv_status
integer
|
PING server status.
|
|||||
| polling_interval
integer
|
sFlow polling interval (1 - 255 sec).
|
|||||
| pppoe_unnumbered_negotiate
string
|
|
Enable/disable PPPoE unnumbered negotiation.
|
||||
| pptp_auth_type
string
|
|
PPTP authentication type.
|
||||
| pptp_client
string
|
|
Enable/disable PPTP client.
|
||||
| pptp_password
string
|
PPTP password.
|
|||||
| pptp_server_ip
string
|
PPTP server IP address.
|
|||||
| pptp_timeout
integer
|
Idle timer in minutes (0 for disabled).
|
|||||
| pptp_user
string
|
PPTP user name.
|
|||||
| preserve_session_route
string
|
|
Enable/disable preservation of session route when dirty.
|
||||
| priority
integer
|
Priority of learned routes.
|
|||||
| priority_override
string
|
|
Enable/disable fail back to higher priority port once recovered.
|
||||
| proxy_captive_portal
string
|
|
Enable/disable proxy captive portal on this interface.
|
||||
| redundant_interface
string
|
Redundant interface.
|
|||||
| remote_ip
string
|
Remote IP address of tunnel.
|
|||||
| replacemsg_override_group
string
|
Replacement message override group.
|
|||||
| ring_rx
integer
|
RX ring size.
|
|||||
| ring_tx
integer
|
TX ring size.
|
|||||
| role
string
|
|
Interface role.
|
||||
| sample_direction
string
|
|
Data that NetFlow collects (rx, tx, or both).
|
||||
| sample_rate
integer
|
sFlow sample rate (10 - 99999).
|
|||||
| scan_botnet_connections
string
|
|
Enable monitoring or blocking connections to Botnet servers through this interface.
|
||||
| secondary_IP
string
|
|
Enable/disable adding a secondary IP to this interface.
|
||||
| secondaryip
list / elements=string
|
Second IP address of interface.
|
|||||
| allowaccess
list / elements=string
|
|
Management access settings for the secondary IP address.
|
||||
| detectprotocol
list / elements=string
|
|
Protocols used to detect the server.
|
||||
| detectserver
string
|
Gateway"s ping server for this IP.
|
|||||
| gwdetect
string
|
|
Enable/disable detect gateway alive for first.
|
||||
| ha_priority
integer
|
HA election priority for the PING server.
|
|||||
| id
integer / required
|
ID.
|
|||||
| ip
string
|
Secondary IP address of the interface.
|
|||||
| ping_serv_status
integer
|
PING server status.
|
|||||
| security_exempt_list
string
|
Name of security-exempt-list.
|
|||||
| security_external_logout
string
|
URL of external authentication logout server.
|
|||||
| security_external_web
string
|
URL of external authentication web server.
|
|||||
| security_groups
list / elements=string
|
User groups that can authenticate with the captive portal.
|
|||||
| name
string / required
|
Names of user groups that can authenticate with the captive portal. Source user.group.name.
|
|||||
| security_mac_auth_bypass
string
|
|
Enable/disable MAC authentication bypass.
|
||||
| security_mode
string
|
|
Turn on captive portal authentication for this interface.
|
||||
| security_redirect_url
string
|
URL redirection after disclaimer/authentication.
|
|||||
| service_name
string
|
PPPoE service name.
|
|||||
| sflow_sampler
string
|
|
Enable/disable sFlow on this interface.
|
||||
| snmp_index
integer
|
Permanent SNMP Index of the interface.
|
|||||
| speed
string
|
|
Interface speed. The default setting and the options available depend on the interface hardware.
|
||||
| spillover_threshold
integer
|
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
|
|||||
| src_check
string
|
|
Enable/disable source IP check.
|
||||
| status
string
|
|
Bring the interface up or shut the interface down.
|
||||
| stp
string
|
|
Enable/disable STP.
|
||||
| stp_ha_secondary
string
|
|
Control STP behaviour on HA secondary.
|
||||
| stp_ha_slave
string
|
|
Control STP behaviour on HA slave.
|
||||
| stpforward
string
|
|
Enable/disable STP forwarding.
|
||||
| stpforward_mode
string
|
|
Configure STP forwarding mode.
|
||||
| subst
string
|
|
Enable to always send packets from this interface to a destination MAC address.
|
||||
| substitute_dst_mac
string
|
Destination MAC address that all packets are sent to from this interface.
|
|||||
| swc_first_create
integer
|
Initial create for switch-controller VLANs.
|
|||||
| swc_vlan
integer
|
Creation status for switch-controller VLANs.
|
|||||
| switch
string
|
Contained in switch.
|
|||||
| switch_controller_access_vlan
string
|
|
Block FortiSwitch port-to-port traffic.
|
||||
| switch_controller_arp_inspection
string
|
|
Enable/disable FortiSwitch ARP inspection.
|
||||
| switch_controller_dhcp_snooping
string
|
|
Switch controller DHCP snooping.
|
||||
| switch_controller_dhcp_snooping_option82
string
|
|
Switch controller DHCP snooping option82.
|
||||
| switch_controller_dhcp_snooping_verify_mac
string
|
|
Switch controller DHCP snooping verify MAC.
|
||||
| switch_controller_dynamic
string
|
Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name.
|
|||||
| switch_controller_feature
string
|
|
Interface"s purpose when assigning traffic (read only).
|
||||
| switch_controller_igmp_snooping
string
|
|
Switch controller IGMP snooping.
|
||||
| switch_controller_igmp_snooping_fast_leave
string
|
|
Switch controller IGMP snooping fast-leave.
|
||||
| switch_controller_igmp_snooping_proxy
string
|
|
Switch controller IGMP snooping proxy.
|
||||
| switch_controller_iot_scanning
string
|
|
Enable/disable managed FortiSwitch IoT scanning.
|
||||
| switch_controller_learning_limit
integer
|
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
|
|||||
| switch_controller_mgmt_vlan
integer
|
VLAN to use for FortiLink management purposes.
|
|||||
| switch_controller_nac
string
|
Integrated NAC settings for managed FortiSwitch. Source switch-controller.nac-settings.name.
|
|||||
| switch_controller_rspan_mode
string
|
|
Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface.
|
||||
| switch_controller_source_ip
string
|
|
Source IP address used in FortiLink over L3 connections.
|
||||
| switch_controller_traffic_policy
string
|
Switch controller traffic policy for the VLAN. Source switch-controller.traffic-policy.name.
|
|||||
| tagging
list / elements=string
|
Config object tagging.
|
|||||
| category
string
|
Tag category. Source system.object-tagging.category.
|
|||||
| name
string / required
|
Tagging entry name.
|
|||||
| tags
list / elements=string
|
Tags.
|
|||||
| name
string / required
|
Tag name. Source system.object-tagging.tags.name.
|
|||||
| tcp_mss
integer
|
TCP maximum segment size. 0 means do not change segment size.
|
|||||
| trust_ip6_1
string
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
|
|||||
| trust_ip6_2
string
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
|
|||||
| trust_ip6_3
string
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
|
|||||
| trust_ip_1
string
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
|
|||||
| trust_ip_2
string
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
|
|||||
| trust_ip_3
string
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
|
|||||
| type
string
|
|
Interface type.
|
||||
| username
string
|
Username of the PPPoE account, provided by your ISP.
|
|||||
| vdom
string
|
Interface is in this virtual domain (VDOM). Source system.vdom.name.
|
|||||
| vindex
integer
|
Switch control interface VLAN ID.
|
|||||
| vlan_protocol
string
|
|
Ethernet protocol of VLAN.
|
||||
| vlanforward
string
|
|
Enable/disable traffic forwarding between VLANs on this interface.
|
||||
| vlanid
integer
|
VLAN ID (1 - 4094).
|
|||||
| vrf
integer
|
Virtual Routing Forwarding ID.
|
|||||
| vrrp
list / elements=string
|
VRRP configuration.
|
|||||
| accept_mode
string
|
|
Enable/disable accept mode.
|
||||
| adv_interval
integer
|
Advertisement interval (1 - 255 seconds).
|
|||||
| ignore_default_route
string
|
|
Enable/disable ignoring of default route when checking destination.
|
||||
| preempt
string
|
|
Enable/disable preempt mode.
|
||||
| priority
integer
|
Priority of the virtual router (1 - 255).
|
|||||
| proxy_arp
list / elements=string
|
VRRP Proxy ARP configuration.
|
|||||
| id
integer / required
|
ID.
|
|||||
| ip
string
|
Set IP addresses of proxy ARP.
|
|||||
| start_time
integer
|
Startup time (1 - 255 seconds).
|
|||||
| status
string
|
|
Enable/disable this VRRP configuration.
|
||||
| version
string
|
|
VRRP version.
|
||||
| vrdst
string
|
Monitor the route to this destination.
|
|||||
| vrdst_priority
integer
|
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
|
|||||
| vrgrp
integer
|
VRRP group ID (1 - 65535).
|
|||||
| vrid
integer / required
|
Virtual router identifier (1 - 255).
|
|||||
| vrip
string
|
IP address of the virtual router.
|
|||||
| vrrp_virtual_mac
string
|
|
Enable/disable use of virtual MAC for VRRP.
|
||||
| wccp
string
|
|
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.
|
||||
| weight
integer
|
Default weight for static routes (if route has no weight configured).
|
|||||
| wins_ip
string
|
WINS server IP.
|
|||||
| vdom
string
|
Default:
"root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||||
Notes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure interfaces.
fortios_system_interface:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_interface:
ac_name: "<your_own_value>"
aggregate: "<your_own_value>"
algorithm: "L2"
alias: "<your_own_value>"
allowaccess: "ping"
ap_discover: "enable"
arpforward: "enable"
auth_type: "auto"
auto_auth_extension_device: "enable"
bandwidth_measure_time: "12"
bfd: "global"
bfd_desired_min_tx: "14"
bfd_detect_mult: "15"
bfd_required_min_rx: "16"
broadcast_forticlient_discovery: "enable"
broadcast_forward: "enable"
captive_portal: "19"
cli_conn_status: "20"
client_options:
-
code: "22"
id: "23"
ip: "<your_own_value>"
type: "hex"
value: "<your_own_value>"
color: "27"
dedicated_to: "none"
defaultgw: "enable"
description: "<your_own_value>"
detected_peer_mtu: "31"
detectprotocol: "ping"
detectserver: "<your_own_value>"
device_access_list: "<your_own_value>"
device_identification: "enable"
device_identification_active_scan: "enable"
device_netscan: "disable"
device_user_identification: "enable"
devindex: "39"
dhcp_client_identifier: "myId_40"
dhcp_relay_agent_option: "enable"
dhcp_relay_interface: "<your_own_value> (source system.interface.name)"
dhcp_relay_interface_select_method: "auto"
dhcp_relay_ip: "<your_own_value>"
dhcp_relay_request_all_server: "disable"
dhcp_relay_service: "disable"
dhcp_relay_type: "regular"
dhcp_renew_time: "48"
disc_retry_timeout: "49"
disconnect_threshold: "50"
distance: "51"
dns_server_override: "enable"
drop_fragment: "enable"
drop_overlapped_fragment: "enable"
egress_cos: "disable"
egress_queues:
cos0: "<your_own_value> (source system.isf-queue-profile.name)"
cos1: "<your_own_value> (source system.isf-queue-profile.name)"
cos2: "<your_own_value> (source system.isf-queue-profile.name)"
cos3: "<your_own_value> (source system.isf-queue-profile.name)"
cos4: "<your_own_value> (source system.isf-queue-profile.name)"
cos5: "<your_own_value> (source system.isf-queue-profile.name)"
cos6: "<your_own_value> (source system.isf-queue-profile.name)"
cos7: "<your_own_value> (source system.isf-queue-profile.name)"
egress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)"
endpoint_compliance: "enable"
estimated_downstream_bandwidth: "67"
estimated_upstream_bandwidth: "68"
explicit_ftp_proxy: "enable"
explicit_web_proxy: "enable"
external: "enable"
fail_action_on_extender: "soft-restart"
fail_alert_interfaces:
-
name: "default_name_74 (source system.interface.name)"
fail_alert_method: "link-failed-signal"
fail_detect: "enable"
fail_detect_option: "detectserver"
fortiheartbeat: "enable"
fortilink: "enable"
fortilink_backup_link: "80"
fortilink_neighbor_detect: "lldp"
fortilink_split_interface: "enable"
fortilink_stacking: "enable"
forward_domain: "84"
gi_gk: "enable"
gwdetect: "enable"
ha_priority: "87"
icmp_accept_redirect: "enable"
icmp_send_redirect: "enable"
ident_accept: "enable"
idle_timeout: "91"
inbandwidth: "92"
ingress_cos: "disable"
ingress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)"
ingress_spillover_threshold: "95"
interface: "<your_own_value> (source system.interface.name)"
internal: "97"
ip: "<your_own_value>"
ip_managed_by_fortiipam: "enable"
ipmac: "enable"
ips_sniffer_mode: "enable"
ipunnumbered: "<your_own_value>"
ipv6:
autoconf: "enable"
cli_conn6_status: "105"
dhcp6_client_options: "rapid"
dhcp6_information_request: "enable"
dhcp6_prefix_delegation: "enable"
dhcp6_prefix_hint: "<your_own_value>"
dhcp6_prefix_hint_plt: "110"
dhcp6_prefix_hint_vlt: "111"
dhcp6_relay_ip: "<your_own_value>"
dhcp6_relay_service: "disable"
dhcp6_relay_type: "regular"
icmp6_send_redirect: "enable"
interface_identifier: "<your_own_value>"
ip6_address: "<your_own_value>"
ip6_allowaccess: "ping"
ip6_default_life: "119"
ip6_delegated_prefix_list:
-
autonomous_flag: "enable"
onlink_flag: "enable"
prefix_id: "123"
rdnss: "<your_own_value>"
rdnss_service: "delegated"
subnet: "<your_own_value>"
upstream_interface: "<your_own_value> (source system.interface.name)"
ip6_dns_server_override: "enable"
ip6_extra_addr:
-
prefix: "<your_own_value>"
ip6_hop_limit: "131"
ip6_link_mtu: "132"
ip6_manage_flag: "enable"
ip6_max_interval: "134"
ip6_min_interval: "135"
ip6_mode: "static"
ip6_other_flag: "enable"
ip6_prefix_list:
-
autonomous_flag: "enable"
dnssl:
-
domain: "<your_own_value>"
onlink_flag: "enable"
preferred_life_time: "143"
prefix: "<your_own_value>"
rdnss: "<your_own_value>"
valid_life_time: "146"
ip6_prefix_mode: "dhcp6"
ip6_reachable_time: "148"
ip6_retrans_time: "149"
ip6_send_adv: "enable"
ip6_subnet: "<your_own_value>"
ip6_upstream_interface: "<your_own_value> (source system.interface.name)"
nd_cert: "<your_own_value> (source certificate.local.name)"
nd_cga_modifier: "<your_own_value>"
nd_mode: "basic"
nd_security_level: "156"
nd_timestamp_delta: "157"
nd_timestamp_fuzz: "158"
ra_send_mtu: "enable"
unique_autoconf_addr: "enable"
vrip6_link_local: "<your_own_value>"
vrrp_virtual_mac6: "enable"
vrrp6:
-
accept_mode: "enable"
adv_interval: "165"
preempt: "enable"
priority: "167"
start_time: "168"
status: "enable"
vrdst6: "<your_own_value>"
vrgrp: "171"
vrid: "172"
vrip6: "<your_own_value>"
l2forward: "enable"
lacp_ha_slave: "enable"
lacp_mode: "static"
lacp_speed: "slow"
lcp_echo_interval: "178"
lcp_max_echo_fails: "179"
link_up_delay: "180"
lldp_network_policy: "<your_own_value> (source system.lldp.network-policy.name)"
lldp_reception: "enable"
lldp_transmission: "enable"
macaddr: "<your_own_value>"
managed_device:
-
name: "default_name_186"
managed_subnetwork_size: "256"
management_ip: "<your_own_value>"
measured_downstream_bandwidth: "189"
measured_upstream_bandwidth: "190"
mediatype: "cfp2-sr10"
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
min_links: "194"
min_links_down: "operational"
mode: "static"
monitor_bandwidth: "enable"
mtu: "198"
mtu_override: "enable"
name: "default_name_200"
ndiscforward: "enable"
netbios_forward: "disable"
netflow_sampler: "disable"
outbandwidth: "204"
padt_retry_timeout: "205"
password: "<your_own_value>"
ping_serv_status: "207"
polling_interval: "208"
pppoe_unnumbered_negotiate: "enable"
pptp_auth_type: "auto"
pptp_client: "enable"
pptp_password: "<your_own_value>"
pptp_server_ip: "<your_own_value>"
pptp_timeout: "214"
pptp_user: "<your_own_value>"
preserve_session_route: "enable"
priority: "217"
priority_override: "enable"
proxy_captive_portal: "enable"
redundant_interface: "<your_own_value>"
remote_ip: "<your_own_value>"
replacemsg_override_group: "<your_own_value>"
ring_rx: "223"
ring_tx: "224"
role: "lan"
sample_direction: "tx"
sample_rate: "227"
scan_botnet_connections: "disable"
secondary_IP: "enable"
secondaryip:
-
allowaccess: "ping"
detectprotocol: "ping"
detectserver: "<your_own_value>"
gwdetect: "enable"
ha_priority: "235"
id: "236"
ip: "<your_own_value>"
ping_serv_status: "238"
security_exempt_list: "<your_own_value>"
security_external_logout: "<your_own_value>"
security_external_web: "<your_own_value>"
security_groups:
-
name: "default_name_243 (source user.group.name)"
security_mac_auth_bypass: "enable"
security_mode: "none"
security_redirect_url: "<your_own_value>"
service_name: "<your_own_value>"
sflow_sampler: "enable"
snmp_index: "249"
speed: "auto"
spillover_threshold: "251"
src_check: "enable"
status: "up"
stp: "disable"
stp_ha_secondary: "disable"
stp_ha_slave: "disable"
stpforward: "enable"
stpforward_mode: "rpl-all-ext-id"
subst: "enable"
substitute_dst_mac: "<your_own_value>"
swc_first_create: "261"
swc_vlan: "262"
switch: "<your_own_value>"
switch_controller_access_vlan: "enable"
switch_controller_arp_inspection: "enable"
switch_controller_dhcp_snooping: "enable"
switch_controller_dhcp_snooping_option82: "enable"
switch_controller_dhcp_snooping_verify_mac: "enable"
switch_controller_dynamic: "<your_own_value> (source switch-controller.fortilink-settings.name)"
switch_controller_feature: "none"
switch_controller_igmp_snooping: "enable"
switch_controller_igmp_snooping_fast_leave: "enable"
switch_controller_igmp_snooping_proxy: "enable"
switch_controller_iot_scanning: "enable"
switch_controller_learning_limit: "275"
switch_controller_mgmt_vlan: "276"
switch_controller_nac: "<your_own_value> (source switch-controller.nac-settings.name)"
switch_controller_rspan_mode: "disable"
switch_controller_source_ip: "outbound"
switch_controller_traffic_policy: "<your_own_value> (source switch-controller.traffic-policy.name)"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_283"
tags:
-
name: "default_name_285 (source system.object-tagging.tags.name)"
tcp_mss: "286"
trust_ip_1: "<your_own_value>"
trust_ip_2: "<your_own_value>"
trust_ip_3: "<your_own_value>"
trust_ip6_1: "<your_own_value>"
trust_ip6_2: "<your_own_value>"
trust_ip6_3: "<your_own_value>"
type: "physical"
username: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vindex: "296"
vlan_protocol: "8021q"
vlanforward: "enable"
vlanid: "299"
vrf: "300"
vrrp:
-
accept_mode: "enable"
adv_interval: "303"
ignore_default_route: "enable"
preempt: "enable"
priority: "306"
proxy_arp:
-
id: "308"
ip: "<your_own_value>"
start_time: "310"
status: "enable"
version: "2"
vrdst: "<your_own_value>"
vrdst_priority: "314"
vrgrp: "315"
vrid: "316"
vrip: "<your_own_value>"
vrrp_virtual_mac: "enable"
wccp: "enable"
weight: "320"
wins_ip: "<your_own_value>"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
| http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
| http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
| mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
| name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
| path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
| revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
| serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
| status
string
|
always |
Indication of the operation's result
Sample:
success
|
| vdom
string
|
always |
Virtual domain used
Sample:
root
|
| version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_system_interface_module.html