New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
system_dhcp_server
-
|
Default: null
|
Configure DHCP servers.
|
||
auto-configuration
-
|
|
Enable/disable auto configuration.
|
||
conflicted-ip-timeout
-
|
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.
|
|||
ddns-auth
-
|
|
DDNS authentication mode.
|
||
ddns-key
-
|
DDNS update key (base 64 encoding).
|
|||
ddns-keyname
-
|
DDNS update key name.
|
|||
ddns-server-ip
-
|
DDNS server IP.
|
|||
ddns-ttl
-
|
TTL.
|
|||
ddns-update
-
|
|
Enable/disable DDNS update for DHCP.
|
||
ddns-update-override
-
|
|
Enable/disable DDNS update override for DHCP.
|
||
ddns-zone
-
|
Zone of your domain name (ex. DDNS.com).
|
|||
default-gateway
-
|
Default gateway IP address assigned by the DHCP server.
|
|||
dns-server1
-
|
DNS server 1.
|
|||
dns-server2
-
|
DNS server 2.
|
|||
dns-server3
-
|
DNS server 3.
|
|||
dns-service
-
|
|
Options for assigning DNS servers to DHCP clients.
|
||
domain
-
|
Domain name suffix for the IP addresses that the DHCP server assigns to clients.
|
|||
exclude-range
-
|
Exclude one or more ranges of IP addresses from being assigned to clients.
|
|||
end-ip
-
|
End of IP range.
|
|||
id
-
/ required
|
ID.
|
|||
start-ip
-
|
Start of IP range.
|
|||
filename
-
|
Name of the boot file on the TFTP server.
|
|||
forticlient-on-net-status
-
|
|
Enable/disable FortiClient-On-Net service for this DHCP server.
|
||
id
-
/ required
|
ID.
|
|||
interface
-
|
DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name.
|
|||
ip-mode
-
|
|
Method used to assign client IP.
|
||
ip-range
-
|
DHCP IP range configuration.
|
|||
end-ip
-
|
End of IP range.
|
|||
id
-
/ required
|
ID.
|
|||
start-ip
-
|
Start of IP range.
|
|||
ipsec-lease-hold
-
|
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry).
|
|||
lease-time
-
|
Lease time in seconds, 0 means unlimited.
|
|||
mac-acl-default-action
-
|
|
MAC access control default action (allow or block assigning IP settings).
|
||
netmask
-
|
Netmask assigned by the DHCP server.
|
|||
next-server
-
|
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
|
|||
ntp-server1
-
|
NTP server 1.
|
|||
ntp-server2
-
|
NTP server 2.
|
|||
ntp-server3
-
|
NTP server 3.
|
|||
ntp-service
-
|
|
Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
|
||
options
-
|
DHCP options.
|
|||
code
-
|
DHCP option code.
|
|||
id
-
/ required
|
ID.
|
|||
ip
-
|
DHCP option IPs.
|
|||
type
-
|
|
DHCP option type.
|
||
value
-
|
DHCP option value.
|
|||
reserved-address
-
|
Options for the DHCP server to assign IP settings to specific MAC addresses.
|
|||
action
-
|
|
Options for the DHCP server to configure the client with the reserved MAC address.
|
||
description
-
|
Description.
|
|||
id
-
/ required
|
ID.
|
|||
ip
-
|
IP address to be reserved for the MAC address.
|
|||
mac
-
|
MAC address of the client that will get the reserved IP address.
|
|||
server-type
-
|
|
DHCP server can be a normal DHCP server or an IPsec DHCP server.
|
||
state
-
|
|
Indicates whether to create or remove the object
|
||
status
-
|
|
Enable/disable this DHCP configuration.
|
||
tftp-server
-
|
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.
|
|||
tftp-server
-
/ required
|
TFTP server.
|
|||
timezone
-
|
|
Select the time zone to be assigned to DHCP clients.
|
||
timezone-option
-
|
|
Options for the DHCP server to set the client's time zone.
|
||
vci-match
-
|
|
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served.
|
||
vci-string
-
|
One or more VCI strings in quotes separated by spaces.
|
|||
vci-string
-
/ required
|
VCI strings.
|
|||
wifi-ac1
-
|
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
|
|||
wifi-ac2
-
|
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
|
|||
wifi-ac3
-
|
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
|
|||
wins-server1
-
|
WINS server 1.
|
|||
wins-server2
-
|
WINS server 2.
|
|||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure DHCP servers.
fortios_system_dhcp_server:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_dhcp_server:
state: "present"
auto-configuration: "disable"
conflicted-ip-timeout: "4"
ddns-auth: "disable"
ddns-key: "<your_own_value>"
ddns-keyname: "<your_own_value>"
ddns-server-ip: "<your_own_value>"
ddns-ttl: "9"
ddns-update: "disable"
ddns-update-override: "disable"
ddns-zone: "<your_own_value>"
default-gateway: "<your_own_value>"
dns-server1: "<your_own_value>"
dns-server2: "<your_own_value>"
dns-server3: "<your_own_value>"
dns-service: "local"
domain: "<your_own_value>"
exclude-range:
-
end-ip: "<your_own_value>"
id: "21"
start-ip: "<your_own_value>"
filename: "<your_own_value>"
forticlient-on-net-status: "disable"
id: "25"
interface: "<your_own_value> (source system.interface.name)"
ip-mode: "range"
ip-range:
-
end-ip: "<your_own_value>"
id: "30"
start-ip: "<your_own_value>"
ipsec-lease-hold: "32"
lease-time: "33"
mac-acl-default-action: "assign"
netmask: "<your_own_value>"
next-server: "<your_own_value>"
ntp-server1: "<your_own_value>"
ntp-server2: "<your_own_value>"
ntp-server3: "<your_own_value>"
ntp-service: "local"
options:
-
code: "42"
id: "43"
ip: "<your_own_value>"
type: "hex"
value: "<your_own_value>"
reserved-address:
-
action: "assign"
description: "<your_own_value>"
id: "50"
ip: "<your_own_value>"
mac: "<your_own_value>"
server-type: "regular"
status: "disable"
tftp-server:
-
tftp-server: "<your_own_value>"
timezone: "01"
timezone-option: "disable"
vci-match: "disable"
vci-string:
-
vci-string: "<your_own_value>"
wifi-ac1: "<your_own_value>"
wifi-ac2: "<your_own_value>"
wifi-ac3: "<your_own_value>"
wins-server1: "<your_own_value>"
wins-server2: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.