New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|||
system_virtual_wan_link
-
|
Default: null
|
Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
|
|||
fail-alert-interfaces
-
|
Physical interfaces that will be alerted.
|
||||
name
-
/ required
|
Physical interface name. Source system.interface.name.
|
||||
fail-detect
-
|
|
Enable/disable SD-WAN Internet connection status checking (failure detection).
|
|||
health-check
-
|
SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it.
|
||||
addr-mode
-
|
|
Address mode (IPv4 or IPv6).
|
|||
failtime
-
|
Number of failures before server is considered lost (1 - 10, default = 5).
|
||||
http-get
-
|
URL used to communicate with the server if the protocol if the protocol is HTTP.
|
||||
http-match
-
|
Response string expected from the server if the protocol is HTTP.
|
||||
interval
-
|
Status check interval, or the time between attempting to connect to the server (1 - 3600 sec, default = 5).
|
||||
members
-
|
Member sequence number list.
|
||||
seq-num
-
/ required
|
Member sequence number. Source system.virtual-wan-link.members.seq-num.
|
||||
name
-
/ required
|
Status check or health check name.
|
||||
packet-size
-
|
Packet size of a twamp test session,
|
||||
password
-
|
Twamp controller password in authentication mode
|
||||
port
-
|
Port number used to communicate with the server over the selected protocol.
|
||||
protocol
-
|
|
Protocol used to determine if the FortiGate can communicate with the server.
|
|||
recoverytime
-
|
Number of successful responses received before server is considered recovered (1 - 10, default = 5).
|
||||
security-mode
-
|
|
Twamp controller security mode.
|
|||
server
-
|
IP address or FQDN name of the server.
|
||||
sla
-
|
Service level agreement (SLA).
|
||||
id
-
/ required
|
SLA ID.
|
||||
jitter-threshold
-
|
Jitter for SLA to make decision in milliseconds. (0 - 10000000, default = 5).
|
||||
latency-threshold
-
|
Latency for SLA to make decision in milliseconds. (0 - 10000000, default = 5).
|
||||
link-cost-factor
-
|
|
Criteria on which to base link selection.
|
|||
packetloss-threshold
-
|
Packet loss for SLA to make decision in percentage. (0 - 100, default = 0).
|
||||
threshold-alert-jitter
-
|
Alert threshold for jitter (ms, default = 0).
|
||||
threshold-alert-latency
-
|
Alert threshold for latency (ms, default = 0).
|
||||
threshold-alert-packetloss
-
|
Alert threshold for packet loss (percentage, default = 0).
|
||||
threshold-warning-jitter
-
|
Warning threshold for jitter (ms, default = 0).
|
||||
threshold-warning-latency
-
|
Warning threshold for latency (ms, default = 0).
|
||||
threshold-warning-packetloss
-
|
Warning threshold for packet loss (percentage, default = 0).
|
||||
update-cascade-interface
-
|
|
Enable/disable update cascade interface.
|
|||
update-static-route
-
|
|
Enable/disable updating the static route.
|
|||
load-balance-mode
-
|
|
Algorithm or mode to use for load balancing Internet traffic to SD-WAN members.
|
|||
members
-
|
Physical FortiGate interfaces added to the virtual-wan-link.
|
||||
comment
-
|
Comments.
|
||||
gateway
-
|
The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.
|
||||
gateway6
-
|
IPv6 gateway.
|
||||
ingress-spillover-threshold
-
|
Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.
|
||||
interface
-
|
Interface name. Source system.interface.name.
|
||||
priority
-
|
Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules.
|
||||
seq-num
-
/ required
|
Sequence number(1-255).
|
||||
source
-
|
Source IP address used in the health-check packet to the server.
|
||||
source6
-
|
Source IPv6 address used in the health-check packet to the server.
|
||||
spillover-threshold
-
|
Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.
|
||||
status
-
|
|
Enable/disable this interface in the SD-WAN.
|
|||
volume-ratio
-
|
Measured volume ratio (this value / sum of all values = percentage of link volume, 0 - 255).
|
||||
weight
-
|
Weight of this interface for weighted load balancing. (0 - 255) More traffic is directed to interfaces with higher weights.
|
||||
service
-
|
Create SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the SD-WAN.
|
||||
addr-mode
-
|
|
Address mode (IPv4 or IPv6).
|
|||
bandwidth-weight
-
|
Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1.
|
||||
dscp-forward
-
|
|
Enable/disable forward traffic DSCP tag.
|
|||
dscp-forward-tag
-
|
Forward traffic DSCP tag.
|
||||
dscp-reverse
-
|
|
Enable/disable reverse traffic DSCP tag.
|
|||
dscp-reverse-tag
-
|
Reverse traffic DSCP tag.
|
||||
dst
-
|
Destination address name.
|
||||
name
-
/ required
|
Address or address group name. Source firewall.address.name firewall.addrgrp.name.
|
||||
dst-negate
-
|
|
Enable/disable negation of destination address match.
|
|||
dst6
-
|
Destination address6 name.
|
||||
name
-
/ required
|
Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
|
||||
end-port
-
|
End destination port number.
|
||||
gateway
-
|
|
Enable/disable SD-WAN service gateway.
|
|||
groups
-
|
User groups.
|
||||
name
-
/ required
|
Group name. Source user.group.name.
|
||||
health-check
-
|
Health check. Source system.virtual-wan-link.health-check.name.
|
||||
hold-down-time
-
|
Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000, default = 0).
|
||||
id
-
/ required
|
Priority rule ID (1 - 4000).
|
||||
input-device
-
|
Source interface name.
|
||||
name
-
/ required
|
Interface name. Source system.interface.name.
|
||||
internet-service
-
|
|
Enable/disable use of Internet service for application-based load balancing.
|
|||
internet-service-ctrl
-
|
Control-based Internet Service ID list.
|
||||
id
-
/ required
|
Control-based Internet Service ID.
|
||||
internet-service-ctrl-group
-
|
Control-based Internet Service group list.
|
||||
name
-
/ required
|
Control-based Internet Service group name. Source application.group.name.
|
||||
internet-service-custom
-
|
Custom Internet service name list.
|
||||
name
-
/ required
|
Custom Internet service name. Source firewall.internet-service-custom.name.
|
||||
internet-service-custom-group
-
|
Custom Internet Service group list.
|
||||
name
-
/ required
|
Custom Internet Service group name. Source firewall.internet-service-custom-group.name.
|
||||
internet-service-group
-
|
Internet Service group list.
|
||||
name
-
/ required
|
Internet Service group name. Source firewall.internet-service-group.name.
|
||||
internet-service-id
-
|
Internet service ID list.
|
||||
id
-
/ required
|
Internet service ID. Source firewall.internet-service.id.
|
||||
jitter-weight
-
|
Coefficient of jitter in the formula of custom-profile-1.
|
||||
latency-weight
-
|
Coefficient of latency in the formula of custom-profile-1.
|
||||
link-cost-factor
-
|
|
Link cost factor.
|
|||
link-cost-threshold
-
|
Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10).
|
||||
member
-
|
Member sequence number.
|
||||
mode
-
|
|
Control how the priority rule sets the priority of interfaces in the SD-WAN.
|
|||
name
-
|
Priority rule name.
|
||||
packet-loss-weight
-
|
Coefficient of packet-loss in the formula of custom-profile-1.
|
||||
priority-members
-
|
Member sequence number list.
|
||||
seq-num
-
/ required
|
Member sequence number. Source system.virtual-wan-link.members.seq-num.
|
||||
protocol
-
|
Protocol number.
|
||||
quality-link
-
|
Quality grade.
|
||||
route-tag
-
|
IPv4 route map route-tag.
|
||||
sla
-
|
Service level agreement (SLA).
|
||||
health-check
-
/ required
|
Virtual WAN Link health-check. Source system.virtual-wan-link.health-check.name.
|
||||
id
-
|
SLA ID.
|
||||
src
-
|
Source address name.
|
||||
name
-
/ required
|
Address or address group name. Source firewall.address.name firewall.addrgrp.name.
|
||||
src-negate
-
|
|
Enable/disable negation of source address match.
|
|||
src6
-
|
Source address6 name.
|
||||
name
-
/ required
|
Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name.
|
||||
start-port
-
|
Start destination port number.
|
||||
status
-
|
|
Enable/disable SD-WAN service.
|
|||
tos
-
|
Type of service bit pattern.
|
||||
tos-mask
-
|
Type of service evaluated bits.
|
||||
users
-
|
User name.
|
||||
name
-
/ required
|
User name. Source user.local.name.
|
||||
status
-
|
|
Enable/disable SD-WAN.
|
|||
username
-
/ required
|
FortiOS or FortiGate username.
|
||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
fortios_system_virtual_wan_link:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_virtual_wan_link:
fail-alert-interfaces:
-
name: "default_name_4 (source system.interface.name)"
fail-detect: "enable"
health-check:
-
addr-mode: "ipv4"
failtime: "8"
http-get: "<your_own_value>"
http-match: "<your_own_value>"
interval: "11"
members:
-
seq-num: "13 (source system.virtual-wan-link.members.seq-num)"
name: "default_name_14"
packet-size: "15"
password: "<your_own_value>"
port: "17"
protocol: "ping"
recoverytime: "19"
security-mode: "none"
server: "192.168.100.40"
sla:
-
id: "23"
jitter-threshold: "24"
latency-threshold: "25"
link-cost-factor: "latency"
packetloss-threshold: "27"
threshold-alert-jitter: "28"
threshold-alert-latency: "29"
threshold-alert-packetloss: "30"
threshold-warning-jitter: "31"
threshold-warning-latency: "32"
threshold-warning-packetloss: "33"
update-cascade-interface: "enable"
update-static-route: "enable"
load-balance-mode: "source-ip-based"
members:
-
comment: "Comments."
gateway: "<your_own_value>"
gateway6: "<your_own_value>"
ingress-spillover-threshold: "41"
interface: "<your_own_value> (source system.interface.name)"
priority: "43"
seq-num: "44"
source: "<your_own_value>"
source6: "<your_own_value>"
spillover-threshold: "47"
status: "disable"
volume-ratio: "49"
weight: "50"
service:
-
addr-mode: "ipv4"
bandwidth-weight: "53"
dscp-forward: "enable"
dscp-forward-tag: "<your_own_value>"
dscp-reverse: "enable"
dscp-reverse-tag: "<your_own_value>"
dst:
-
name: "default_name_59 (source firewall.address.name firewall.addrgrp.name)"
dst-negate: "enable"
dst6:
-
name: "default_name_62 (source firewall.address6.name firewall.addrgrp6.name)"
end-port: "63"
gateway: "enable"
groups:
-
name: "default_name_66 (source user.group.name)"
health-check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
hold-down-time: "68"
id: "69"
input-device:
-
name: "default_name_71 (source system.interface.name)"
internet-service: "enable"
internet-service-ctrl:
-
id: "74"
internet-service-ctrl-group:
-
name: "default_name_76 (source application.group.name)"
internet-service-custom:
-
name: "default_name_78 (source firewall.internet-service-custom.name)"
internet-service-custom-group:
-
name: "default_name_80 (source firewall.internet-service-custom-group.name)"
internet-service-group:
-
name: "default_name_82 (source firewall.internet-service-group.name)"
internet-service-id:
-
id: "84 (source firewall.internet-service.id)"
jitter-weight: "85"
latency-weight: "86"
link-cost-factor: "latency"
link-cost-threshold: "88"
member: "89"
mode: "auto"
name: "default_name_91"
packet-loss-weight: "92"
priority-members:
-
seq-num: "94 (source system.virtual-wan-link.members.seq-num)"
protocol: "95"
quality-link: "96"
route-tag: "97"
sla:
-
health-check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
id: "100"
src:
-
name: "default_name_102 (source firewall.address.name firewall.addrgrp.name)"
src-negate: "enable"
src6:
-
name: "default_name_105 (source firewall.address6.name firewall.addrgrp6.name)"
start-port: "106"
status: "enable"
tos: "<your_own_value>"
tos-mask: "<your_own_value>"
users:
-
name: "default_name_111 (source user.local.name)"
status: "disable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.