Unable to find how to directly create a VLAN interface on fortigate device through fortimanager

[G0t1sh]

Hello,

With my team, we are currently working with a Fortimanager and multiple Fortigate.

We created an automation platform and we want to use fortimanager-collection to configure vlan interfaces on the fortigates.
We were able to configure interfaces on fortigate using 'fortinet.fortimanager.fmgr_dvmdb_script' but the solution doesn't seems good to us with low ability to get direct result or error management

We tried something with the next :

• 'fortinet.fortimanager.fmgr_system_interface' seems to be only used to directly configure system interface on the fortimanager itself and not fortigate

• 'fortinet.fortimanager.fmgr_generic' I have trouble to find the proper API call to create the interface on remote fortigate

Am I going the wrong way or am I missing something ?

[MaxxLiu22]

Hi @G0t1sh ,

Thank you for bringing this issue to our attention. Currently, our Ansible FMG collection does not support device scope configuration. However, we are actively developing the Ansible FMGDevice collection, which will include this functionality, and it is expected to be released soon. In the meantime, if you would like to manage your FGTs through FMG, you might consider using the Terraform FMGDevice provider. fmgdevice_system_interface Please let me know if you still have other questions.

Thanks,
Maxx

[dux-fortinet]

The API is "/pm/config/device/{device}/global/system/interface". You can find the details of this API in the FNDN

The API /pm/config/device/{device}/global/system/interface can be considered as three parts: /pm/config/device/{device} + /global + /system/interface

• /pm/config/device/{device}, you can specify the device name in {device}
• /global means this is a global setting. In some other APIs, this can be with /global or /vdom/{vdom}.
• /system/interface is the API of FortiGate(FortiOS)

For now, if you want to use ForiManager Ansible, you can use 'fortinet.fortimanager.fmgr_generic'

- name: Github97
  hosts: fortimanagers
  connection: httpapi
  vars:
    adom_name: "root"
    device_name: "<Your device name>"
  tasks:
    - name: Configure system interface
      fortinet.fortimanager.fmgr_generic:
        method: "set"
        params:
          - url: "/pm/config/device/{{device_name}}/global/system/interface"
            data:
              - name: "port1"
                allowaccess: ["ping", "https", "ssh", "http", "fgfm"]
      register: response
    - name: Display response
      debug:
        var: response

All APIs starting with /pm/config/device/{device} will be supported in our Ansible FMGDevice collection (not released yet) in the future.

Thanks,
Xinwei

[G0t1sh]

Thanks to both of you for the clear and quick answers.

Do you have an idea on when the Ansible FMGDevice collection will be released ? This quarter ? this year ?...

[dux-fortinet]

The basic development of the Ansible FMGDevice collection has been done. We are working on the documentation, improving details, and QA.
This quarter for sure. As fast as end of the February (Not 100% guaranteed).