New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||||
---|---|---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||||
system_admin
-
|
Default: null
|
Configure admin users.
|
||||
accprofile
-
|
Access profile for this administrator. Access profiles control administrator access to FortiGate features. Source system.accprofile.name.
|
|||||
accprofile-override
-
|
|
Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this administrator can access.
|
||||
allow-remove-admin-session
-
|
|
Enable/disable allow admin session to be removed by privileged admin users.
|
||||
comments
-
|
Comment.
|
|||||
email-to
-
|
This administrator's email address.
|
|||||
force-password-change
-
|
|
Enable/disable force password change on next login.
|
||||
fortitoken
-
|
This administrator's FortiToken serial number.
|
|||||
guest-auth
-
|
|
Enable/disable guest authentication.
|
||||
guest-lang
-
|
Guest management portal language. Source system.custom-language.name.
|
|||||
guest-usergroups
-
|
Select guest user groups.
|
|||||
name
-
/ required
|
Select guest user groups.
|
|||||
gui-dashboard
-
|
GUI dashboards.
|
|||||
columns
-
|
Number of columns.
|
|||||
id
-
/ required
|
Dashboard ID.
|
|||||
layout-type
-
|
|
Layout type.
|
||||
name
-
|
Dashboard name.
|
|||||
scope
-
|
|
Dashboard scope.
|
||||
widget
-
|
Dashboard widgets.
|
|||||
fabric-device
-
|
Fabric device to monitor.
|
|||||
filters
-
|
FortiView filters.
|
|||||
id
-
/ required
|
FortiView Filter ID.
|
|||||
key
-
|
Filter key.
|
|||||
value
-
|
Filter value.
|
|||||
height
-
|
Height.
|
|||||
id
-
/ required
|
Widget ID.
|
|||||
industry
-
|
|
Security Audit Rating industry.
|
||||
interface
-
|
Interface to monitor. Source system.interface.name.
|
|||||
region
-
|
|
Security Audit Rating region.
|
||||
report-by
-
|
|
Field to aggregate the data by.
|
||||
sort-by
-
|
Field to sort the data by.
|
|||||
timeframe
-
|
|
Timeframe period of reported data.
|
||||
title
-
|
Widget title.
|
|||||
type
-
|
|
Widget type.
|
||||
visualization
-
|
|
Visualization to use.
|
||||
width
-
|
Width.
|
|||||
x-pos
-
|
X position.
|
|||||
y-pos
-
|
Y position.
|
|||||
gui-global-menu-favorites
-
|
Favorite GUI menu IDs for the global VDOM.
|
|||||
id
-
/ required
|
Select menu ID.
|
|||||
gui-vdom-menu-favorites
-
|
Favorite GUI menu IDs for VDOMs.
|
|||||
id
-
/ required
|
Select menu ID.
|
|||||
hidden
-
|
Admin user hidden attribute.
|
|||||
history0
-
|
history0
|
|||||
history1
-
|
history1
|
|||||
ip6-trusthost1
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost10
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost2
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost3
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost4
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost5
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost6
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost7
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost8
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
ip6-trusthost9
-
|
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
|||||
login-time
-
|
Record user login time.
|
|||||
last-failed-login
-
|
Last failed login time.
|
|||||
last-login
-
|
Last successful login time.
|
|||||
usr-name
-
/ required
|
User name.
|
|||||
name
-
/ required
|
User name.
|
|||||
password
-
|
Admin user password.
|
|||||
password-expire
-
|
Password expire time.
|
|||||
peer-auth
-
|
|
Set to enable peer certificate authentication (for HTTPS admin access).
|
||||
peer-group
-
|
Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin access).
|
|||||
radius-vdom-override
-
|
|
Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access.
|
||||
remote-auth
-
|
|
Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server.
|
||||
remote-group
-
|
User group name used for remote auth.
|
|||||
schedule
-
|
Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions.
|
|||||
sms-custom-server
-
|
Custom SMS server to send SMS messages to. Source system.sms-server.name.
|
|||||
sms-phone
-
|
Phone number on which the administrator receives SMS messages.
|
|||||
sms-server
-
|
|
Send SMS messages using the FortiGuard SMS server or a custom server.
|
||||
ssh-certificate
-
|
Select the certificate to be used by the FortiGate for authentication with an SSH client. Source certificate.local.name.
|
|||||
ssh-public-key1
-
|
Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.
|
|||||
ssh-public-key2
-
|
Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.
|
|||||
ssh-public-key3
-
|
Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.
|
|||||
state
-
|
|
Indicates whether to create or remove the object
|
||||
trusthost1
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost10
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost2
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost3
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost4
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost5
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost6
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost7
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost8
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
trusthost9
-
|
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address.
|
|||||
two-factor
-
|
|
Enable/disable two-factor authentication.
|
||||
vdom
-
|
Virtual domain(s) that the administrator can access.
|
|||||
name
-
/ required
|
Virtual domain name. Source system.vdom.name.
|
|||||
wildcard
-
|
|
Enable/disable wildcard RADIUS authentication.
|
||||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure admin users.
fortios_system_admin:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_admin:
state: "present"
accprofile: "<your_own_value> (source system.accprofile.name)"
accprofile-override: "enable"
allow-remove-admin-session: "enable"
comments: "<your_own_value>"
email-to: "<your_own_value>"
force-password-change: "enable"
fortitoken: "<your_own_value>"
guest-auth: "disable"
guest-lang: "<your_own_value> (source system.custom-language.name)"
guest-usergroups:
-
name: "default_name_13"
gui-dashboard:
-
columns: "15"
id: "16"
layout-type: "responsive"
name: "default_name_18"
scope: "global"
widget:
-
fabric-device: "<your_own_value>"
filters:
-
id: "23"
key: "<your_own_value>"
value: "<your_own_value>"
height: "26"
id: "27"
industry: "default"
interface: "<your_own_value> (source system.interface.name)"
region: "default"
report-by: "source"
sort-by: "<your_own_value>"
timeframe: "realtime"
title: "<your_own_value>"
type: "sysinfo"
visualization: "table"
width: "37"
x-pos: "38"
y-pos: "39"
gui-global-menu-favorites:
-
id: "41"
gui-vdom-menu-favorites:
-
id: "43"
hidden: "44"
history0: "<your_own_value>"
history1: "<your_own_value>"
ip6-trusthost1: "<your_own_value>"
ip6-trusthost10: "<your_own_value>"
ip6-trusthost2: "<your_own_value>"
ip6-trusthost3: "<your_own_value>"
ip6-trusthost4: "<your_own_value>"
ip6-trusthost5: "<your_own_value>"
ip6-trusthost6: "<your_own_value>"
ip6-trusthost7: "<your_own_value>"
ip6-trusthost8: "<your_own_value>"
ip6-trusthost9: "<your_own_value>"
login-time:
-
last-failed-login: "<your_own_value>"
last-login: "<your_own_value>"
usr-name: "<your_own_value>"
name: "default_name_61"
password: "<your_own_value>"
password-expire: "<your_own_value>"
peer-auth: "enable"
peer-group: "<your_own_value>"
radius-vdom-override: "enable"
remote-auth: "enable"
remote-group: "<your_own_value>"
schedule: "<your_own_value>"
sms-custom-server: "<your_own_value> (source system.sms-server.name)"
sms-phone: "<your_own_value>"
sms-server: "fortiguard"
ssh-certificate: "<your_own_value> (source certificate.local.name)"
ssh-public-key1: "<your_own_value>"
ssh-public-key2: "<your_own_value>"
ssh-public-key3: "<your_own_value>"
trusthost1: "<your_own_value>"
trusthost10: "<your_own_value>"
trusthost2: "<your_own_value>"
trusthost3: "<your_own_value>"
trusthost4: "<your_own_value>"
trusthost5: "<your_own_value>"
trusthost6: "<your_own_value>"
trusthost7: "<your_own_value>"
trusthost8: "<your_own_value>"
trusthost9: "<your_own_value>"
two-factor: "disable"
vdom:
-
name: "default_name_89 (source system.vdom.name)"
wildcard: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.