Welcome to Fortinet FortiManager Ansible Collection documentation!¶
fmgr_antivirus_profile – Configure AntiVirus profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/antivirus/profile
- /pm/config/global/obj/antivirus/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure AntiVirus profiles.
- data - No description for the parameter type: array
- analytics-bl-filetype - Only submit files matching this DLP file-pattern to FortiSandbox. type: str
- analytics-db - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. type: str choices: [disable, enable]
- analytics-max-upload - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). type: int
- analytics-wl-filetype - Do not submit files matching this DLP file-pattern to FortiSandbox. type: str
- av-block-log - Enable/disable logging for AntiVirus file blocking. type: str choices: [disable, enable]
- av-virus-log - Enable/disable AntiVirus logging. type: str choices: [disable, enable]
- comment - Comment. type: str
- extended-log - Enable/disable extended logging for antivirus. type: str choices: [disable, enable]
- ftgd-analytics - Settings to control which files are uploaded to FortiSandbox. type: str choices: [disable, suspicious, everything]
- inspection-mode - Inspection mode. type: str choices: [proxy, flow-based]
- mobile-malware-db - Enable/disable using the mobile malware signature database. type: str choices: [disable, enable]
- name - Profile name. type: str
- replacemsg-group - Replacement message group customized for this profile. type: str
- scan-mode - Choose between full scan mode and quick scan mode. type: str choices: [quick, full]
- parameters for method: [get] - Configure AntiVirus profiles.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [analytics-bl-filetype, analytics-db, analytics-max-upload, analytics-wl-filetype, av-block-log, av-virus-log, comment, extended-log, ftgd-analytics, inspection-mode, mobile-malware-db, name, replacemsg-group, scan-mode]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/ANTIVIRUS/PROFILE
fmgr_antivirus_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
analytics-bl-filetype: <value of string>
analytics-db: <value in [disable, enable]>
analytics-max-upload: <value of integer>
analytics-wl-filetype: <value of string>
av-block-log: <value in [disable, enable]>
av-virus-log: <value in [disable, enable]>
comment: <value of string>
extended-log: <value in [disable, enable]>
ftgd-analytics: <value in [disable, suspicious, everything]>
inspection-mode: <value in [proxy, flow-based]>
mobile-malware-db: <value in [disable, enable]>
name: <value of string>
replacemsg-group: <value of string>
scan-mode: <value in [quick, full]>
- name: REQUESTING /PM/CONFIG/OBJ/ANTIVIRUS/PROFILE
fmgr_antivirus_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [analytics-bl-filetype, analytics-db, analytics-max-upload, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/antivirus/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- analytics-bl-filetype - Only submit files matching this DLP file-pattern to FortiSandbox. type: str
- analytics-db - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. type: str
- analytics-max-upload - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). type: int
- analytics-wl-filetype - Do not submit files matching this DLP file-pattern to FortiSandbox. type: str
- av-block-log - Enable/disable logging for AntiVirus file blocking. type: str
- av-virus-log - Enable/disable AntiVirus logging. type: str
- comment - Comment. type: str
- extended-log - Enable/disable extended logging for antivirus. type: str
- ftgd-analytics - Settings to control which files are uploaded to FortiSandbox. type: str
- inspection-mode - Inspection mode. type: str
- mobile-malware-db - Enable/disable using the mobile malware signature database. type: str
- name - Profile name. type: str
- replacemsg-group - Replacement message group customized for this profile. type: str
- scan-mode - Choose between full scan mode and quick scan mode. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/antivirus/profile
fmgr_antivirus_profile_obj – Configure AntiVirus profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/antivirus/profile/{profile}
- /pm/config/global/obj/antivirus/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Configure AntiVirus profiles.
- data - No description for the parameter type: dict
- analytics-bl-filetype - Only submit files matching this DLP file-pattern to FortiSandbox. type: str
- analytics-db - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. type: str choices: [disable, enable]
- analytics-max-upload - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). type: int
- analytics-wl-filetype - Do not submit files matching this DLP file-pattern to FortiSandbox. type: str
- av-block-log - Enable/disable logging for AntiVirus file blocking. type: str choices: [disable, enable]
- av-virus-log - Enable/disable AntiVirus logging. type: str choices: [disable, enable]
- comment - Comment. type: str
- extended-log - Enable/disable extended logging for antivirus. type: str choices: [disable, enable]
- ftgd-analytics - Settings to control which files are uploaded to FortiSandbox. type: str choices: [disable, suspicious, everything]
- inspection-mode - Inspection mode. type: str choices: [proxy, flow-based]
- mobile-malware-db - Enable/disable using the mobile malware signature database. type: str choices: [disable, enable]
- name - Profile name. type: str
- replacemsg-group - Replacement message group customized for this profile. type: str
- scan-mode - Choose between full scan mode and quick scan mode. type: str choices: [quick, full]
- parameters for method: [delete] - Configure AntiVirus profiles.
- parameters for method: [get] - Configure AntiVirus profiles.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/ANTIVIRUS/PROFILE/{PROFILE}
fmgr_antivirus_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
analytics-bl-filetype: <value of string>
analytics-db: <value in [disable, enable]>
analytics-max-upload: <value of integer>
analytics-wl-filetype: <value of string>
av-block-log: <value in [disable, enable]>
av-virus-log: <value in [disable, enable]>
comment: <value of string>
extended-log: <value in [disable, enable]>
ftgd-analytics: <value in [disable, suspicious, everything]>
inspection-mode: <value in [proxy, flow-based]>
mobile-malware-db: <value in [disable, enable]>
name: <value of string>
replacemsg-group: <value of string>
scan-mode: <value in [quick, full]>
- name: REQUESTING /PM/CONFIG/OBJ/ANTIVIRUS/PROFILE/{PROFILE}
fmgr_antivirus_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/antivirus/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- analytics-bl-filetype - Only submit files matching this DLP file-pattern to FortiSandbox. type: str
- analytics-db - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. type: str
- analytics-max-upload - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). type: int
- analytics-wl-filetype - Do not submit files matching this DLP file-pattern to FortiSandbox. type: str
- av-block-log - Enable/disable logging for AntiVirus file blocking. type: str
- av-virus-log - Enable/disable AntiVirus logging. type: str
- comment - Comment. type: str
- extended-log - Enable/disable extended logging for antivirus. type: str
- ftgd-analytics - Settings to control which files are uploaded to FortiSandbox. type: str
- inspection-mode - Inspection mode. type: str
- mobile-malware-db - Enable/disable using the mobile malware signature database. type: str
- name - Profile name. type: str
- replacemsg-group - Replacement message group customized for this profile. type: str
- scan-mode - Choose between full scan mode and quick scan mode. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/antivirus/profile/{profile}
fmgr_application_list – Configure application control lists.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/application/list
- /pm/config/global/obj/application/list
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure application control lists.
- data - No description for the parameter type: array
- app-replacemsg - Enable/disable replacement messages for blocked applications. type: str choices: [disable, enable]
- comment - comments type: str
- deep-app-inspection - Enable/disable deep application inspection. type: str choices: [disable, enable]
- entries - No description for the parameter type: array
- action - Pass or block traffic, or reset connection for traffic from this application. type: str choices: [pass, block, reset]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- behavior - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- category - Category ID list. type: str
- id - Entry ID. type: int
- log - Enable/disable logging for this application list. type: str choices: [disable, enable]
- log-packet - Enable/disable packet logging. type: str choices: [disable, enable]
- parameters - No description for the parameter type: array
- id - Parameter ID. type: int
- value - Parameter value. type: str
- per-ip-shaper - Per-IP traffic shaper. type: str
- popularity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [1, 2, 3, 4, 5]
- protocols - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str choices: [none, attacker]
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str choices: [disable, enable]
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str choices: [periodical, continuous]
- rate-track - Track the packet protocol field. type: str choices: [none, src-ip, dest-ip, dhcp-client-mac, dns-domain]
- risk - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- session-ttl - Session TTL (0 = default). type: int
- shaper - Traffic shaper. type: str
- shaper-reverse - Reverse traffic shaper. type: str
- sub-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- technology - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- vendor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- extended-log - Enable/disable extended logging. type: str choices: [disable, enable]
- name - List name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [allow-dns, allow-icmp, allow-http, allow-ssl, allow-quic]
- other-application-action - Action for other applications. type: str choices: [pass, block]
- other-application-log - Enable/disable logging for other applications. type: str choices: [disable, enable]
- p2p-black-list - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [skype, edonkey, bittorrent]
- replacemsg-group - Replacement message group. type: str
- unknown-application-action - Pass or block traffic from unknown applications. type: str choices: [pass, block]
- unknown-application-log - Enable/disable logging for unknown applications. type: str choices: [disable, enable]
- parameters for method: [get] - Configure application control lists.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [app-replacemsg, comment, deep-app-inspection, extended-log, name, options, other-application-action, other-application-log, p2p-black-list, replacemsg-group, unknown-application-action, unknown-application-log]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/APPLICATION/LIST
fmgr_application_list:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
app-replacemsg: <value in [disable, enable]>
comment: <value of string>
deep-app-inspection: <value in [disable, enable]>
entries:
-
action: <value in [pass, block, reset]>
application:
- <value of integer>
behavior:
- <value of string>
category: <value of string>
id: <value of integer>
log: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
parameters:
-
id: <value of integer>
value: <value of string>
per-ip-shaper: <value of string>
popularity:
- <value in [1, 2, 3, ...]>
protocols:
- <value of string>
quarantine: <value in [none, attacker]>
quarantine-expiry: <value of string>
quarantine-log: <value in [disable, enable]>
rate-count: <value of integer>
rate-duration: <value of integer>
rate-mode: <value in [periodical, continuous]>
rate-track: <value in [none, src-ip, dest-ip, ...]>
risk:
- <value of integer>
session-ttl: <value of integer>
shaper: <value of string>
shaper-reverse: <value of string>
sub-category:
- <value of integer>
technology:
- <value of string>
vendor:
- <value of string>
extended-log: <value in [disable, enable]>
name: <value of string>
options:
- <value in [allow-dns, allow-icmp, allow-http, ...]>
other-application-action: <value in [pass, block]>
other-application-log: <value in [disable, enable]>
p2p-black-list:
- <value in [skype, edonkey, bittorrent]>
replacemsg-group: <value of string>
unknown-application-action: <value in [pass, block]>
unknown-application-log: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/APPLICATION/LIST
fmgr_application_list:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [app-replacemsg, comment, deep-app-inspection, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/application/list
- return values for method: [get]
- data
- No description for the parameter type: array
- app-replacemsg - Enable/disable replacement messages for blocked applications. type: str
- comment - comments type: str
- deep-app-inspection - Enable/disable deep application inspection. type: str
- entries - No description for the parameter type: array
- action - Pass or block traffic, or reset connection for traffic from this application. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- behavior - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- category - Category ID list. type: str
- id - Entry ID. type: int
- log - Enable/disable logging for this application list. type: str
- log-packet - Enable/disable packet logging. type: str
- parameters - No description for the parameter type: array
- id - Parameter ID. type: int
- value - Parameter value. type: str
- per-ip-shaper - Per-IP traffic shaper. type: str
- popularity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocols - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str
- rate-track - Track the packet protocol field. type: str
- risk - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- session-ttl - Session TTL (0 = default). type: int
- shaper - Traffic shaper. type: str
- shaper-reverse - Reverse traffic shaper. type: str
- sub-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- technology - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- vendor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- extended-log - Enable/disable extended logging. type: str
- name - List name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- other-application-action - Action for other applications. type: str
- other-application-log - Enable/disable logging for other applications. type: str
- p2p-black-list - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- replacemsg-group - Replacement message group. type: str
- unknown-application-action - Pass or block traffic from unknown applications. type: str
- unknown-application-log - Enable/disable logging for unknown applications. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/application/list
fmgr_application_list_obj – Configure application control lists.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/application/list/{list}
- /pm/config/global/obj/application/list/{list}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- list - the object name type: str
- parameters for method: [clone, set, update] - Configure application control lists.
- data - No description for the parameter type: dict
- app-replacemsg - Enable/disable replacement messages for blocked applications. type: str choices: [disable, enable]
- comment - comments type: str
- deep-app-inspection - Enable/disable deep application inspection. type: str choices: [disable, enable]
- entries - No description for the parameter type: array
- action - Pass or block traffic, or reset connection for traffic from this application. type: str choices: [pass, block, reset]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- behavior - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- category - Category ID list. type: str
- id - Entry ID. type: int
- log - Enable/disable logging for this application list. type: str choices: [disable, enable]
- log-packet - Enable/disable packet logging. type: str choices: [disable, enable]
- parameters - No description for the parameter type: array
- id - Parameter ID. type: int
- value - Parameter value. type: str
- per-ip-shaper - Per-IP traffic shaper. type: str
- popularity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [1, 2, 3, 4, 5]
- protocols - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str choices: [none, attacker]
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str choices: [disable, enable]
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str choices: [periodical, continuous]
- rate-track - Track the packet protocol field. type: str choices: [none, src-ip, dest-ip, dhcp-client-mac, dns-domain]
- risk - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- session-ttl - Session TTL (0 = default). type: int
- shaper - Traffic shaper. type: str
- shaper-reverse - Reverse traffic shaper. type: str
- sub-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- technology - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- vendor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- extended-log - Enable/disable extended logging. type: str choices: [disable, enable]
- name - List name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [allow-dns, allow-icmp, allow-http, allow-ssl, allow-quic]
- other-application-action - Action for other applications. type: str choices: [pass, block]
- other-application-log - Enable/disable logging for other applications. type: str choices: [disable, enable]
- p2p-black-list - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [skype, edonkey, bittorrent]
- replacemsg-group - Replacement message group. type: str
- unknown-application-action - Pass or block traffic from unknown applications. type: str choices: [pass, block]
- unknown-application-log - Enable/disable logging for unknown applications. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure application control lists.
- parameters for method: [get] - Configure application control lists.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/APPLICATION/LIST/{LIST}
fmgr_application_list_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
list: <value of string>
params:
-
data:
app-replacemsg: <value in [disable, enable]>
comment: <value of string>
deep-app-inspection: <value in [disable, enable]>
entries:
-
action: <value in [pass, block, reset]>
application:
- <value of integer>
behavior:
- <value of string>
category: <value of string>
id: <value of integer>
log: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
parameters:
-
id: <value of integer>
value: <value of string>
per-ip-shaper: <value of string>
popularity:
- <value in [1, 2, 3, ...]>
protocols:
- <value of string>
quarantine: <value in [none, attacker]>
quarantine-expiry: <value of string>
quarantine-log: <value in [disable, enable]>
rate-count: <value of integer>
rate-duration: <value of integer>
rate-mode: <value in [periodical, continuous]>
rate-track: <value in [none, src-ip, dest-ip, ...]>
risk:
- <value of integer>
session-ttl: <value of integer>
shaper: <value of string>
shaper-reverse: <value of string>
sub-category:
- <value of integer>
technology:
- <value of string>
vendor:
- <value of string>
extended-log: <value in [disable, enable]>
name: <value of string>
options:
- <value in [allow-dns, allow-icmp, allow-http, ...]>
other-application-action: <value in [pass, block]>
other-application-log: <value in [disable, enable]>
p2p-black-list:
- <value in [skype, edonkey, bittorrent]>
replacemsg-group: <value of string>
unknown-application-action: <value in [pass, block]>
unknown-application-log: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/APPLICATION/LIST/{LIST}
fmgr_application_list_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
list: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/application/list/{list}
- return values for method: [get]
- data
- No description for the parameter type: dict
- app-replacemsg - Enable/disable replacement messages for blocked applications. type: str
- comment - comments type: str
- deep-app-inspection - Enable/disable deep application inspection. type: str
- entries - No description for the parameter type: array
- action - Pass or block traffic, or reset connection for traffic from this application. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- behavior - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- category - Category ID list. type: str
- id - Entry ID. type: int
- log - Enable/disable logging for this application list. type: str
- log-packet - Enable/disable packet logging. type: str
- parameters - No description for the parameter type: array
- id - Parameter ID. type: int
- value - Parameter value. type: str
- per-ip-shaper - Per-IP traffic shaper. type: str
- popularity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocols - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str
- rate-track - Track the packet protocol field. type: str
- risk - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- session-ttl - Session TTL (0 = default). type: int
- shaper - Traffic shaper. type: str
- shaper-reverse - Reverse traffic shaper. type: str
- sub-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- technology - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- vendor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- extended-log - Enable/disable extended logging. type: str
- name - List name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- other-application-action - Action for other applications. type: str
- other-application-log - Enable/disable logging for other applications. type: str
- p2p-black-list - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- replacemsg-group - Replacement message group. type: str
- unknown-application-action - Pass or block traffic from unknown applications. type: str
- unknown-application-log - Enable/disable logging for unknown applications. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/application/list/{list}
fmgr_devprof_device_profile_fortianalyzer¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/device/profile/fortianalyzer
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] -
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] -
- data - No description for the parameter type: dict
- managed-sn - No description for the parameter type: str
- target - No description for the parameter type: str choices: [none, this-fmg, managed, others]
- target-ip - No description for the parameter type: str
- target-sn - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/DEVICE/PROFILE/FORTIANALYZER
fmgr_devprof_device_profile_fortianalyzer:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/DEVICE/PROFILE/FORTIANALYZER
fmgr_devprof_device_profile_fortianalyzer:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
managed-sn: <value of string>
target: <value in [none, this-fmg, managed, ...]>
target-ip: <value of string>
target-sn:
- <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- managed-sn - No description for the parameter type: str
- target - No description for the parameter type: str
- target-ip - No description for the parameter type: str
- target-sn - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/device/profile/fortianalyzer
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/device/profile/fortianalyzer
fmgr_devprof_device_profile_fortiguard¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/device/profile/fortiguard
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] -
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] -
- data - No description for the parameter type: dict
- target - No description for the parameter type: str choices: [none, direct, this-fmg]
- target-ip - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/DEVICE/PROFILE/FORTIGUARD
fmgr_devprof_device_profile_fortiguard:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/DEVICE/PROFILE/FORTIGUARD
fmgr_devprof_device_profile_fortiguard:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
target: <value in [none, direct, this-fmg]>
target-ip: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- target - No description for the parameter type: str
- target-ip - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/device/profile/fortiguard
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/device/profile/fortiguard
fmgr_devprof_log_syslogd_filter – Filters for remote system server.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/log/syslogd/filter
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - Filters for remote system server.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - Filters for remote system server.
- data - No description for the parameter type: dict
- severity - Lowest severity level to log. type: str choices: [emergency, alert, critical, error, warning, notification, information, debug]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/LOG/SYSLOGD/FILTER
fmgr_devprof_log_syslogd_filter:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/LOG/SYSLOGD/FILTER
fmgr_devprof_log_syslogd_filter:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
severity: <value in [emergency, alert, critical, ...]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- severity - Lowest severity level to log. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/log/syslogd/filter
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/log/syslogd/filter
fmgr_devprof_log_syslogd_setting – Global settings for remote syslog server.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/log/syslogd/setting
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - Global settings for remote syslog server.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - Global settings for remote syslog server.
- data - No description for the parameter type: dict
- certificate - Certificate used to communicate with Syslog server. type: str
- enc-algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: [high, low, disable, high-medium]
- facility - Remote syslog facility. type: str choices: [kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7]
- mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: [udp, legacy-reliable, reliable]
- port - Server listen port. type: int
- server - Address of remote syslog server. type: str
- ssl-min-proto-version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). type: str choices: [default, TLSv1-1, TLSv1-2, SSLv3, TLSv1]
- status - Enable/disable remote syslog logging. type: str choices: [disable, enable]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/LOG/SYSLOGD/SETTING
fmgr_devprof_log_syslogd_setting:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/LOG/SYSLOGD/SETTING
fmgr_devprof_log_syslogd_setting:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
certificate: <value of string>
enc-algorithm: <value in [high, low, disable, ...]>
facility: <value in [kernel, user, mail, ...]>
mode: <value in [udp, legacy-reliable, reliable]>
port: <value of integer>
server: <value of string>
ssl-min-proto-version: <value in [default, TLSv1-1, TLSv1-2, ...]>
status: <value in [disable, enable]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- certificate - Certificate used to communicate with Syslog server. type: str
- enc-algorithm - Enable/disable reliable syslogging with TLS encryption. type: str
- facility - Remote syslog facility. type: str
- mode - Remote syslog logging over UDP/Reliable TCP. type: str
- port - Server listen port. type: int
- server - Address of remote syslog server. type: str
- ssl-min-proto-version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). type: str
- status - Enable/disable remote syslog logging. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/log/syslogd/setting
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/log/syslogd/setting
fmgr_devprof_system_centralmanagement – Configure central management.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/central-management
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - Configure central management.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - Configure central management.
- data - No description for the parameter type: dict
- include-default-servers - Enable/disable inclusion of public FortiGuard servers in the override server list. type: str choices: [disable, enable]
- server-list - No description for the parameter type: array
- addr-type - Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. type: str choices: [fqdn, ipv4, ipv6]
- fqdn - FQDN address of override server. type: str
- id - ID. type: int
- server-address - IPv4 address of override server. type: str
- server-address6 - IPv6 address of override server. type: str
- server-type - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [update, rating]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/CENTRAL-MANAGEMENT
fmgr_devprof_system_centralmanagement:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/CENTRAL-MANAGEMENT
fmgr_devprof_system_centralmanagement:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
include-default-servers: <value in [disable, enable]>
server-list:
-
addr-type: <value in [fqdn, ipv4, ipv6]>
fqdn: <value of string>
id: <value of integer>
server-address: <value of string>
server-address6: <value of string>
server-type:
- <value in [update, rating]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- include-default-servers - Enable/disable inclusion of public FortiGuard servers in the override server list. type: str
- server-list - No description for the parameter type: array
- addr-type - Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. type: str
- fqdn - FQDN address of override server. type: str
- id - ID. type: int
- server-address - IPv4 address of override server. type: str
- server-address6 - IPv6 address of override server. type: str
- server-type - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/central-management
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/central-management
fmgr_devprof_system_dns – Configure DNS.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/dns
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - Configure DNS.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - Configure DNS.
- data - No description for the parameter type: dict
- cache-notfound-responses - Enable/disable response from the DNS server when a record is not in cache. type: str choices: [disable, enable]
- dns-cache-limit - Maximum number of records in the DNS cache. type: int
- dns-cache-ttl - Duration in seconds that the DNS cache retains information. type: int
- domain - Domain name suffix for the IP addresses of the DNS server. type: str
- ip6-primary - Primary DNS server IPv6 address. type: str
- ip6-secondary - Secondary DNS server IPv6 address. type: str
- primary - Primary DNS server IP address. type: str
- secondary - Secondary DNS server IP address. type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/DNS
fmgr_devprof_system_dns:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/DNS
fmgr_devprof_system_dns:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
cache-notfound-responses: <value in [disable, enable]>
dns-cache-limit: <value of integer>
dns-cache-ttl: <value of integer>
domain: <value of string>
ip6-primary: <value of string>
ip6-secondary: <value of string>
primary: <value of string>
secondary: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- cache-notfound-responses - Enable/disable response from the DNS server when a record is not in cache. type: str
- dns-cache-limit - Maximum number of records in the DNS cache. type: int
- dns-cache-ttl - Duration in seconds that the DNS cache retains information. type: int
- domain - Domain name suffix for the IP addresses of the DNS server. type: str
- ip6-primary - Primary DNS server IPv6 address. type: str
- ip6-secondary - Secondary DNS server IPv6 address. type: str
- primary - Primary DNS server IP address. type: str
- secondary - Secondary DNS server IP address. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/dns
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/dns
fmgr_devprof_system_emailserver – Configure the email server used by the FortiGate various things.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/email-server
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication features.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication features.
- data - No description for the parameter type: dict
- authenticate - Enable/disable authentication. type: str choices: [disable, enable]
- password - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- port - SMTP server port. type: int
- reply-to - Reply-To email address. type: str
- security - Connection security used by the email server. type: str choices: [none, starttls, smtps]
- server - SMTP server IP address or hostname. type: str
- source-ip - SMTP server IPv4 source IP. type: str
- source-ip6 - SMTP server IPv6 source IP. type: str
- ssl-min-proto-version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). type: str choices: [default, TLSv1, TLSv1-1, TLSv1-2, SSLv3]
- type - Use FortiGuard Message service or custom email server. type: str choices: [custom]
- username - SMTP server user name for authentication. type: str
- validate-server - Enable/disable validation of server certificate. type: str choices: [disable, enable]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/EMAIL-SERVER
fmgr_devprof_system_emailserver:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/EMAIL-SERVER
fmgr_devprof_system_emailserver:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
authenticate: <value in [disable, enable]>
password:
- <value of string>
port: <value of integer>
reply-to: <value of string>
security: <value in [none, starttls, smtps]>
server: <value of string>
source-ip: <value of string>
source-ip6: <value of string>
ssl-min-proto-version: <value in [default, TLSv1, TLSv1-1, ...]>
type: <value in [custom]>
username: <value of string>
validate-server: <value in [disable, enable]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- authenticate - Enable/disable authentication. type: str
- password - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- port - SMTP server port. type: int
- reply-to - Reply-To email address. type: str
- security - Connection security used by the email server. type: str
- server - SMTP server IP address or hostname. type: str
- source-ip - SMTP server IPv4 source IP. type: str
- source-ip6 - SMTP server IPv6 source IP. type: str
- ssl-min-proto-version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). type: str
- type - Use FortiGuard Message service or custom email server. type: str
- username - SMTP server user name for authentication. type: str
- validate-server - Enable/disable validation of server certificate. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/email-server
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/email-server
fmgr_devprof_system_global – Configure global attributes.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/global
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - Configure global attributes.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - Configure global attributes.
- data - No description for the parameter type: dict
- admin-https-redirect - Enable/disable redirection of HTTP administration access to HTTPS. type: str choices: [disable, enable]
- admin-port - Administrative access port for HTTP. type: int
- admin-scp - Enable/disable using SCP to download the system configuration. type: str choices: [disable, enable]
- admin-sport - Administrative access port for HTTPS. type: int
- admin-ssh-port - Administrative access port for SSH. type: int
- admin-ssh-v1 - Enable/disable SSH v1 compatibility. type: str choices: [disable, enable]
- admin-telnet-port - Administrative access port for TELNET. type: int
- admintimeout - Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). type: int
- gui-ipv6 - Enable/disable IPv6 settings on the GUI. type: str choices: [disable, enable]
- gui-lines-per-page - Number of lines to display per page for web administration. type: int
- gui-theme - Color scheme for the administration GUI. type: str choices: [blue, green, melongene, red, mariner]
- language - GUI display language. type: str choices: [english, simch, japanese, korean, spanish, trach, french, portuguese]
- switch-controller - Enable/disable switch controller feature. type: str choices: [disable, enable]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/GLOBAL
fmgr_devprof_system_global:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/GLOBAL
fmgr_devprof_system_global:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
admin-https-redirect: <value in [disable, enable]>
admin-port: <value of integer>
admin-scp: <value in [disable, enable]>
admin-sport: <value of integer>
admin-ssh-port: <value of integer>
admin-ssh-v1: <value in [disable, enable]>
admin-telnet-port: <value of integer>
admintimeout: <value of integer>
gui-ipv6: <value in [disable, enable]>
gui-lines-per-page: <value of integer>
gui-theme: <value in [blue, green, melongene, ...]>
language: <value in [english, simch, japanese, ...]>
switch-controller: <value in [disable, enable]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- admin-https-redirect - Enable/disable redirection of HTTP administration access to HTTPS. type: str
- admin-port - Administrative access port for HTTP. type: int
- admin-scp - Enable/disable using SCP to download the system configuration. type: str
- admin-sport - Administrative access port for HTTPS. type: int
- admin-ssh-port - Administrative access port for SSH. type: int
- admin-ssh-v1 - Enable/disable SSH v1 compatibility. type: str
- admin-telnet-port - Administrative access port for TELNET. type: int
- admintimeout - Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). type: int
- gui-ipv6 - Enable/disable IPv6 settings on the GUI. type: str
- gui-lines-per-page - Number of lines to display per page for web administration. type: int
- gui-theme - Color scheme for the administration GUI. type: str
- language - GUI display language. type: str
- switch-controller - Enable/disable switch controller feature. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/global
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/global
fmgr_devprof_system_ntp – Configure system NTP information.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/ntp
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - Configure system NTP information.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - Configure system NTP information.
- data - No description for the parameter type: dict
- ntpserver - No description for the parameter type: array
- authentication - Enable/disable MD5 authentication. type: str choices: [disable, enable]
- id - NTP server ID. type: int
- key - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- key-id - Key ID for authentication. type: int
- ntpv3 - Enable to use NTPv3 instead of NTPv4. type: str choices: [disable, enable]
- server - IP address or hostname of the NTP Server. type: str
- ntpsync - Enable/disable setting the FortiGate system time by synchronizing with an NTP Server. type: str choices: [disable, enable]
- source-ip6 - Source IPv6 address for communication to the NTP server. type: str
- syncinterval - NTP synchronization interval (1 - 1440 min). type: int
- type - Use the FortiGuard NTP server or any other available NTP Server. type: str choices: [fortiguard, custom]
- ntpserver - No description for the parameter type: array
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/NTP
fmgr_devprof_system_ntp:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/NTP
fmgr_devprof_system_ntp:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
ntpserver:
-
authentication: <value in [disable, enable]>
id: <value of integer>
key:
- <value of string>
key-id: <value of integer>
ntpv3: <value in [disable, enable]>
server: <value of string>
ntpsync: <value in [disable, enable]>
source-ip6: <value of string>
syncinterval: <value of integer>
type: <value in [fortiguard, custom]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- ntpserver - No description for the parameter type: array
- authentication - Enable/disable MD5 authentication. type: str
- id - NTP server ID. type: int
- key - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- key-id - Key ID for authentication. type: int
- ntpv3 - Enable to use NTPv3 instead of NTPv4. type: str
- server - IP address or hostname of the NTP Server. type: str
- ntpsync - Enable/disable setting the FortiGate system time by synchronizing with an NTP Server. type: str
- source-ip6 - Source IPv6 address for communication to the NTP server. type: str
- syncinterval - NTP synchronization interval (1 - 1440 min). type: int
- type - Use the FortiGuard NTP server or any other available NTP Server. type: str
- ntpserver - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/ntp
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/ntp
fmgr_devprof_system_snmp_community – SNMP community configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/community
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [add, set, update] - SNMP community configuration.
- data - No description for the parameter type: array
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, ha-hb-failure, ips-signature, ips-anomaly, av-virus, av-oversize, av-pattern, av-fragmented, fm-if-change, fm-conf-change, temperature-high, voltage-alert, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, power-supply-failure, amc-bypass, faz-disconnect, fan-failure, bgp-established, bgp-backward-transition, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, ips-fail-open, load-balance-real-server-down, device-new, enter-intf-bypass, exit-intf-bypass, per-cpu-high, power-blade-down, confsync_failure]
- hosts - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str choices: [disable, enable]
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str choices: [any, query, trap]
- id - Host entry ID. type: int
- ip - IPv4 address of the SNMP manager (host). type: str
- source-ip - Source IPv4 address for SNMP traps. type: str
- hosts6 - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str choices: [disable, enable]
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str choices: [any, query, trap]
- id - Host6 entry ID. type: int
- ipv6 - SNMP manager IPv6 address prefix. type: str
- source-ipv6 - Source IPv6 address for SNMP traps. type: str
- id - Community ID. type: int
- name - Community name. type: str
- query-v1-port - SNMP v1 query port (default = 161). type: int
- query-v1-status - Enable/disable SNMP v1 queries. type: str choices: [disable, enable]
- query-v2c-port - SNMP v2c query port (default = 161). type: int
- query-v2c-status - Enable/disable SNMP v2c queries. type: str choices: [disable, enable]
- status - Enable/disable this SNMP community. type: str choices: [disable, enable]
- trap-v1-lport - SNMP v1 trap local port (default = 162). type: int
- trap-v1-rport - SNMP v1 trap remote port (default = 162). type: int
- trap-v1-status - Enable/disable SNMP v1 traps. type: str choices: [disable, enable]
- trap-v2c-lport - SNMP v2c trap local port (default = 162). type: int
- trap-v2c-rport - SNMP v2c trap remote port (default = 162). type: int
- trap-v2c-status - Enable/disable SNMP v2c traps. type: str choices: [disable, enable]
- events - No description for the parameter type: array
- parameters for method: [get] - SNMP community configuration.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [events, id, name, query-v1-port, query-v1-status, query-v2c-port, query-v2c-status, status, trap-v1-lport, trap-v1-rport, trap-v1-status, trap-v2c-lport, trap-v2c-rport, trap-v2c-status]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/COMMUNITY
fmgr_devprof_system_snmp_community:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
-
events:
- <value in [cpu-high, mem-low, log-full, ...]>
hosts:
-
ha-direct: <value in [disable, enable]>
host-type: <value in [any, query, trap]>
id: <value of integer>
ip: <value of string>
source-ip: <value of string>
hosts6:
-
ha-direct: <value in [disable, enable]>
host-type: <value in [any, query, trap]>
id: <value of integer>
ipv6: <value of string>
source-ipv6: <value of string>
id: <value of integer>
name: <value of string>
query-v1-port: <value of integer>
query-v1-status: <value in [disable, enable]>
query-v2c-port: <value of integer>
query-v2c-status: <value in [disable, enable]>
status: <value in [disable, enable]>
trap-v1-lport: <value of integer>
trap-v1-rport: <value of integer>
trap-v1-status: <value in [disable, enable]>
trap-v2c-lport: <value of integer>
trap-v2c-rport: <value of integer>
trap-v2c-status: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/COMMUNITY
fmgr_devprof_system_snmp_community:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
attr: <value of string>
fields:
-
- <value in [events, id, name, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- data
- No description for the parameter type: array
- id - Community ID. type: int
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/community
- return values for method: [get]
- data
- No description for the parameter type: array
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- hosts - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str
- id - Host entry ID. type: int
- ip - IPv4 address of the SNMP manager (host). type: str
- source-ip - Source IPv4 address for SNMP traps. type: str
- hosts6 - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str
- id - Host6 entry ID. type: int
- ipv6 - SNMP manager IPv6 address prefix. type: str
- source-ipv6 - Source IPv6 address for SNMP traps. type: str
- id - Community ID. type: int
- name - Community name. type: str
- query-v1-port - SNMP v1 query port (default = 161). type: int
- query-v1-status - Enable/disable SNMP v1 queries. type: str
- query-v2c-port - SNMP v2c query port (default = 161). type: int
- query-v2c-status - Enable/disable SNMP v2c queries. type: str
- status - Enable/disable this SNMP community. type: str
- trap-v1-lport - SNMP v1 trap local port (default = 162). type: int
- trap-v1-rport - SNMP v1 trap remote port (default = 162). type: int
- trap-v1-status - Enable/disable SNMP v1 traps. type: str
- trap-v2c-lport - SNMP v2c trap local port (default = 162). type: int
- trap-v2c-rport - SNMP v2c trap remote port (default = 162). type: int
- trap-v2c-status - Enable/disable SNMP v2c traps. type: str
- events - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/community
fmgr_devprof_system_snmp_community_obj – SNMP community configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/community/{community}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- community - the object name type: str
- parameters for method: [clone, set, update] - SNMP community configuration.
- data - No description for the parameter type: dict
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, ha-hb-failure, ips-signature, ips-anomaly, av-virus, av-oversize, av-pattern, av-fragmented, fm-if-change, fm-conf-change, temperature-high, voltage-alert, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, power-supply-failure, amc-bypass, faz-disconnect, fan-failure, bgp-established, bgp-backward-transition, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, ips-fail-open, load-balance-real-server-down, device-new, enter-intf-bypass, exit-intf-bypass, per-cpu-high, power-blade-down, confsync_failure]
- hosts - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str choices: [disable, enable]
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str choices: [any, query, trap]
- id - Host entry ID. type: int
- ip - IPv4 address of the SNMP manager (host). type: str
- source-ip - Source IPv4 address for SNMP traps. type: str
- hosts6 - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str choices: [disable, enable]
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str choices: [any, query, trap]
- id - Host6 entry ID. type: int
- ipv6 - SNMP manager IPv6 address prefix. type: str
- source-ipv6 - Source IPv6 address for SNMP traps. type: str
- id - Community ID. type: int
- name - Community name. type: str
- query-v1-port - SNMP v1 query port (default = 161). type: int
- query-v1-status - Enable/disable SNMP v1 queries. type: str choices: [disable, enable]
- query-v2c-port - SNMP v2c query port (default = 161). type: int
- query-v2c-status - Enable/disable SNMP v2c queries. type: str choices: [disable, enable]
- status - Enable/disable this SNMP community. type: str choices: [disable, enable]
- trap-v1-lport - SNMP v1 trap local port (default = 162). type: int
- trap-v1-rport - SNMP v1 trap remote port (default = 162). type: int
- trap-v1-status - Enable/disable SNMP v1 traps. type: str choices: [disable, enable]
- trap-v2c-lport - SNMP v2c trap local port (default = 162). type: int
- trap-v2c-rport - SNMP v2c trap remote port (default = 162). type: int
- trap-v2c-status - Enable/disable SNMP v2c traps. type: str choices: [disable, enable]
- events - No description for the parameter type: array
- parameters for method: [delete] - SNMP community configuration.
- parameters for method: [get] - SNMP community configuration.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/COMMUNITY/{COMMUNITY}
fmgr_devprof_system_snmp_community_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
community: <value of string>
params:
-
data:
events:
- <value in [cpu-high, mem-low, log-full, ...]>
hosts:
-
ha-direct: <value in [disable, enable]>
host-type: <value in [any, query, trap]>
id: <value of integer>
ip: <value of string>
source-ip: <value of string>
hosts6:
-
ha-direct: <value in [disable, enable]>
host-type: <value in [any, query, trap]>
id: <value of integer>
ipv6: <value of string>
source-ipv6: <value of string>
id: <value of integer>
name: <value of string>
query-v1-port: <value of integer>
query-v1-status: <value in [disable, enable]>
query-v2c-port: <value of integer>
query-v2c-status: <value in [disable, enable]>
status: <value in [disable, enable]>
trap-v1-lport: <value of integer>
trap-v1-rport: <value of integer>
trap-v1-status: <value in [disable, enable]>
trap-v2c-lport: <value of integer>
trap-v2c-rport: <value of integer>
trap-v2c-status: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/COMMUNITY/{COMMUNITY}
fmgr_devprof_system_snmp_community_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
community: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, set, update]
- data
- No description for the parameter type: dict
- id - Community ID. type: int
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/community/{community}
- return values for method: [delete]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/community/{community}
- return values for method: [get]
- data
- No description for the parameter type: dict
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- hosts - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str
- id - Host entry ID. type: int
- ip - IPv4 address of the SNMP manager (host). type: str
- source-ip - Source IPv4 address for SNMP traps. type: str
- hosts6 - No description for the parameter type: array
- ha-direct - Enable/disable direct management of HA cluster members. type: str
- host-type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str
- id - Host6 entry ID. type: int
- ipv6 - SNMP manager IPv6 address prefix. type: str
- source-ipv6 - Source IPv6 address for SNMP traps. type: str
- id - Community ID. type: int
- name - Community name. type: str
- query-v1-port - SNMP v1 query port (default = 161). type: int
- query-v1-status - Enable/disable SNMP v1 queries. type: str
- query-v2c-port - SNMP v2c query port (default = 161). type: int
- query-v2c-status - Enable/disable SNMP v2c queries. type: str
- status - Enable/disable this SNMP community. type: str
- trap-v1-lport - SNMP v1 trap local port (default = 162). type: int
- trap-v1-rport - SNMP v1 trap remote port (default = 162). type: int
- trap-v1-status - Enable/disable SNMP v1 traps. type: str
- trap-v2c-lport - SNMP v2c trap local port (default = 162). type: int
- trap-v2c-rport - SNMP v2c trap remote port (default = 162). type: int
- trap-v2c-status - Enable/disable SNMP v2c traps. type: str
- events - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/community/{community}
fmgr_devprof_system_snmp_sysinfo – SNMP system info configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/sysinfo
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [get] - SNMP system info configuration.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [set, update] - SNMP system info configuration.
- data - No description for the parameter type: dict
- status - Enable/disable SNMP. type: str choices: [disable, enable]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/SYSINFO
fmgr_devprof_system_snmp_sysinfo:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/SYSINFO
fmgr_devprof_system_snmp_sysinfo:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
status: <value in [disable, enable]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- status - Enable/disable SNMP. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/sysinfo
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/sysinfo
fmgr_devprof_system_snmp_user – SNMP user configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/user
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- parameters for method: [add, set, update] - SNMP user configuration.
- data - No description for the parameter type: array
- auth-proto - Authentication protocol. type: str choices: [md5, sha]
- auth-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, fm-conf-change, ips-signature, ips-anomaly, temperature-high, voltage-alert, av-virus, av-oversize, av-pattern, av-fragmented, ha-hb-failure, fan-failure, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, fm-if-change, power-supply-failure, amc-bypass, faz-disconnect, bgp-established, bgp-backward-transition, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, ips-fail-open, load-balance-real-server-down, device-new, enter-intf-bypass, exit-intf-bypass, per-cpu-high, power-blade-down, confsync_failure]
- ha-direct - Enable/disable direct management of HA cluster members. type: str choices: [disable, enable]
- name - SNMP user name. type: str
- notify-hosts - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- notify-hosts6 - IPv6 SNMP managers to send notifications (traps) to. type: str
- priv-proto - Privacy (encryption) protocol. type: str choices: [aes, des, aes256, aes256cisco]
- priv-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- queries - Enable/disable SNMP queries for this user. type: str choices: [disable, enable]
- query-port - SNMPv3 query port (default = 161). type: int
- security-level - Security level for message authentication and encryption. type: str choices: [no-auth-no-priv, auth-no-priv, auth-priv]
- source-ip - Source IP for SNMP trap. type: str
- source-ipv6 - Source IPv6 for SNMP trap. type: str
- status - Enable/disable this SNMP user. type: str choices: [disable, enable]
- trap-lport - SNMPv3 local trap port (default = 162). type: int
- trap-rport - SNMPv3 trap remote port (default = 162). type: int
- trap-status - Enable/disable traps for this SNMP user. type: str choices: [disable, enable]
- parameters for method: [get] - SNMP user configuration.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [auth-proto, auth-pwd, events, ha-direct, name, notify-hosts, notify-hosts6, priv-proto, priv-pwd, queries, query-port, security-level, source-ip, source-ipv6, status, trap-lport, trap-rport, trap-status]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/USER
fmgr_devprof_system_snmp_user:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
data:
-
auth-proto: <value in [md5, sha]>
auth-pwd:
- <value of string>
events:
- <value in [cpu-high, mem-low, log-full, ...]>
ha-direct: <value in [disable, enable]>
name: <value of string>
notify-hosts:
- <value of string>
notify-hosts6: <value of string>
priv-proto: <value in [aes, des, aes256, ...]>
priv-pwd:
- <value of string>
queries: <value in [disable, enable]>
query-port: <value of integer>
security-level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]>
source-ip: <value of string>
source-ipv6: <value of string>
status: <value in [disable, enable]>
trap-lport: <value of integer>
trap-rport: <value of integer>
trap-status: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/USER
fmgr_devprof_system_snmp_user:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
params:
-
attr: <value of string>
fields:
-
- <value in [auth-proto, auth-pwd, events, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/user
- return values for method: [get]
- data
- No description for the parameter type: array
- auth-proto - Authentication protocol. type: str
- auth-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ha-direct - Enable/disable direct management of HA cluster members. type: str
- name - SNMP user name. type: str
- notify-hosts - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- notify-hosts6 - IPv6 SNMP managers to send notifications (traps) to. type: str
- priv-proto - Privacy (encryption) protocol. type: str
- priv-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- queries - Enable/disable SNMP queries for this user. type: str
- query-port - SNMPv3 query port (default = 161). type: int
- security-level - Security level for message authentication and encryption. type: str
- source-ip - Source IP for SNMP trap. type: str
- source-ipv6 - Source IPv6 for SNMP trap. type: str
- status - Enable/disable this SNMP user. type: str
- trap-lport - SNMPv3 local trap port (default = 162). type: int
- trap-rport - SNMPv3 trap remote port (default = 162). type: int
- trap-status - Enable/disable traps for this SNMP user. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/user
fmgr_devprof_system_snmp_user_obj – SNMP user configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/user/{user}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- devprof - the object name type: str
- user - the object name type: str
- parameters for method: [clone, set, update] - SNMP user configuration.
- data - No description for the parameter type: dict
- auth-proto - Authentication protocol. type: str choices: [md5, sha]
- auth-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, fm-conf-change, ips-signature, ips-anomaly, temperature-high, voltage-alert, av-virus, av-oversize, av-pattern, av-fragmented, ha-hb-failure, fan-failure, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, fm-if-change, power-supply-failure, amc-bypass, faz-disconnect, bgp-established, bgp-backward-transition, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, ips-fail-open, load-balance-real-server-down, device-new, enter-intf-bypass, exit-intf-bypass, per-cpu-high, power-blade-down, confsync_failure]
- ha-direct - Enable/disable direct management of HA cluster members. type: str choices: [disable, enable]
- name - SNMP user name. type: str
- notify-hosts - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- notify-hosts6 - IPv6 SNMP managers to send notifications (traps) to. type: str
- priv-proto - Privacy (encryption) protocol. type: str choices: [aes, des, aes256, aes256cisco]
- priv-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- queries - Enable/disable SNMP queries for this user. type: str choices: [disable, enable]
- query-port - SNMPv3 query port (default = 161). type: int
- security-level - Security level for message authentication and encryption. type: str choices: [no-auth-no-priv, auth-no-priv, auth-priv]
- source-ip - Source IP for SNMP trap. type: str
- source-ipv6 - Source IPv6 for SNMP trap. type: str
- status - Enable/disable this SNMP user. type: str choices: [disable, enable]
- trap-lport - SNMPv3 local trap port (default = 162). type: int
- trap-rport - SNMPv3 trap remote port (default = 162). type: int
- trap-status - Enable/disable traps for this SNMP user. type: str choices: [disable, enable]
- parameters for method: [delete] - SNMP user configuration.
- parameters for method: [get] - SNMP user configuration.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/USER/{USER}
fmgr_devprof_system_snmp_user_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
user: <value of string>
params:
-
data:
auth-proto: <value in [md5, sha]>
auth-pwd:
- <value of string>
events:
- <value in [cpu-high, mem-low, log-full, ...]>
ha-direct: <value in [disable, enable]>
name: <value of string>
notify-hosts:
- <value of string>
notify-hosts6: <value of string>
priv-proto: <value in [aes, des, aes256, ...]>
priv-pwd:
- <value of string>
queries: <value in [disable, enable]>
query-port: <value of integer>
security-level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]>
source-ip: <value of string>
source-ipv6: <value of string>
status: <value in [disable, enable]>
trap-lport: <value of integer>
trap-rport: <value of integer>
trap-status: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/DEVPROF/{DEVPROF}/SYSTEM/SNMP/USER/{USER}
fmgr_devprof_system_snmp_user_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
devprof: <value of string>
user: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/user/{user}
- return values for method: [get]
- data
- No description for the parameter type: dict
- auth-proto - Authentication protocol. type: str
- auth-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- events - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ha-direct - Enable/disable direct management of HA cluster members. type: str
- name - SNMP user name. type: str
- notify-hosts - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- notify-hosts6 - IPv6 SNMP managers to send notifications (traps) to. type: str
- priv-proto - Privacy (encryption) protocol. type: str
- priv-pwd - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- queries - Enable/disable SNMP queries for this user. type: str
- query-port - SNMPv3 query port (default = 161). type: int
- security-level - Security level for message authentication and encryption. type: str
- source-ip - Source IP for SNMP trap. type: str
- source-ipv6 - Source IPv6 for SNMP trap. type: str
- status - Enable/disable this SNMP user. type: str
- trap-lport - SNMPv3 local trap port (default = 162). type: int
- trap-rport - SNMPv3 trap remote port (default = 162). type: int
- trap-status - Enable/disable traps for this SNMP user. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/devprof/{devprof}/system/snmp/user/{user}
fmgr_dnsfilter_profile – Configure DNS domain filter profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/dnsfilter/profile
- /pm/config/global/obj/dnsfilter/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure DNS domain filter profiles.
- data - No description for the parameter type: array
- block-action - Action to take for blocked domains. type: str choices: [block, redirect]
- block-botnet - Enable/disable blocking botnet C&C DNS lookups. type: str choices: [disable, enable]
- comment - Comment. type: str
- external-ip-blocklist - One or more external IP block lists. type: str
- log-all-domain - Enable/disable logging of all domains visited (detailed DNS logging). type: str choices: [disable, enable]
- name - Profile name. type: str
- redirect-portal - IP address of the SDNS redirect portal. type: str
- safe-search - Enable/disable Google, Bing, and YouTube safe search. type: str choices: [disable, enable]
- sdns-domain-log - Enable/disable domain filtering and botnet domain logging. type: str choices: [disable, enable]
- sdns-ftgd-err-log - Enable/disable FortiGuard SDNS rating error logging. type: str choices: [disable, enable]
- youtube-restrict - Set safe search for YouTube restriction level. type: str choices: [strict, moderate]
- parameters for method: [get] - Configure DNS domain filter profiles.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [block-action, block-botnet, comment, external-ip-blocklist, log-all-domain, name, redirect-portal, safe-search, sdns-domain-log, sdns-ftgd-err-log, youtube-restrict]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/DNSFILTER/PROFILE
fmgr_dnsfilter_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
block-action: <value in [block, redirect]>
block-botnet: <value in [disable, enable]>
comment: <value of string>
external-ip-blocklist: <value of string>
log-all-domain: <value in [disable, enable]>
name: <value of string>
redirect-portal: <value of string>
safe-search: <value in [disable, enable]>
sdns-domain-log: <value in [disable, enable]>
sdns-ftgd-err-log: <value in [disable, enable]>
youtube-restrict: <value in [strict, moderate]>
- name: REQUESTING /PM/CONFIG/OBJ/DNSFILTER/PROFILE
fmgr_dnsfilter_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [block-action, block-botnet, comment, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/dnsfilter/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- block-action - Action to take for blocked domains. type: str
- block-botnet - Enable/disable blocking botnet C&C DNS lookups. type: str
- comment - Comment. type: str
- external-ip-blocklist - One or more external IP block lists. type: str
- log-all-domain - Enable/disable logging of all domains visited (detailed DNS logging). type: str
- name - Profile name. type: str
- redirect-portal - IP address of the SDNS redirect portal. type: str
- safe-search - Enable/disable Google, Bing, and YouTube safe search. type: str
- sdns-domain-log - Enable/disable domain filtering and botnet domain logging. type: str
- sdns-ftgd-err-log - Enable/disable FortiGuard SDNS rating error logging. type: str
- youtube-restrict - Set safe search for YouTube restriction level. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/dnsfilter/profile
fmgr_dnsfilter_profile_obj – Configure DNS domain filter profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/dnsfilter/profile/{profile}
- /pm/config/global/obj/dnsfilter/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Configure DNS domain filter profiles.
- data - No description for the parameter type: dict
- block-action - Action to take for blocked domains. type: str choices: [block, redirect]
- block-botnet - Enable/disable blocking botnet C&C DNS lookups. type: str choices: [disable, enable]
- comment - Comment. type: str
- external-ip-blocklist - One or more external IP block lists. type: str
- log-all-domain - Enable/disable logging of all domains visited (detailed DNS logging). type: str choices: [disable, enable]
- name - Profile name. type: str
- redirect-portal - IP address of the SDNS redirect portal. type: str
- safe-search - Enable/disable Google, Bing, and YouTube safe search. type: str choices: [disable, enable]
- sdns-domain-log - Enable/disable domain filtering and botnet domain logging. type: str choices: [disable, enable]
- sdns-ftgd-err-log - Enable/disable FortiGuard SDNS rating error logging. type: str choices: [disable, enable]
- youtube-restrict - Set safe search for YouTube restriction level. type: str choices: [strict, moderate]
- parameters for method: [delete] - Configure DNS domain filter profiles.
- parameters for method: [get] - Configure DNS domain filter profiles.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/DNSFILTER/PROFILE/{PROFILE}
fmgr_dnsfilter_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
block-action: <value in [block, redirect]>
block-botnet: <value in [disable, enable]>
comment: <value of string>
external-ip-blocklist: <value of string>
log-all-domain: <value in [disable, enable]>
name: <value of string>
redirect-portal: <value of string>
safe-search: <value in [disable, enable]>
sdns-domain-log: <value in [disable, enable]>
sdns-ftgd-err-log: <value in [disable, enable]>
youtube-restrict: <value in [strict, moderate]>
- name: REQUESTING /PM/CONFIG/OBJ/DNSFILTER/PROFILE/{PROFILE}
fmgr_dnsfilter_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/dnsfilter/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- block-action - Action to take for blocked domains. type: str
- block-botnet - Enable/disable blocking botnet C&C DNS lookups. type: str
- comment - Comment. type: str
- external-ip-blocklist - One or more external IP block lists. type: str
- log-all-domain - Enable/disable logging of all domains visited (detailed DNS logging). type: str
- name - Profile name. type: str
- redirect-portal - IP address of the SDNS redirect portal. type: str
- safe-search - Enable/disable Google, Bing, and YouTube safe search. type: str
- sdns-domain-log - Enable/disable domain filtering and botnet domain logging. type: str
- sdns-ftgd-err-log - Enable/disable FortiGuard SDNS rating error logging. type: str
- youtube-restrict - Set safe search for YouTube restriction level. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/dnsfilter/profile/{profile}
fmgr_dvm_cmd_add_device – Add a device to the Device Manager database.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [exec] the following FortiManager json-rpc urls.
- /dvm/cmd/add/device
- /dvm/cmd/add/device
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [exec] - Add a device to the Device Manager database.
- data - No description for the parameter type: dict
- adom - Name or ID of the ADOM where the command is to be executed on. type: str
- device
- adm_pass - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- adm_usr - add real and promote device. type: str
- desc - available for all operations. type: str
- device action - Specify add device operations, or leave blank to add real device: type: str
- faz.quota - available for all operations. type: int
- ip - add real device only. type: str
- meta fields - add real and model device. type: str
- mgmt_mode - add real and model device. type: str choices: [unreg, fmg, faz, fmgfaz]
- mr - add model device only. type: int
- name - required for all operations. type: str
- os_type - add model device only. type: str choices: [unknown, fos, fsw, foc, fml, faz, fwb, fch, fct, log, fmg, fsa, fdd, fac]
- os_ver - add model device only. type: str choices: [unknown, 0.0, 1.0, 2.0, 3.0, 4.0, 5.0]
- patch - add model device only. type: int
- platform_str - add model device only. type: str
- sn - add model device only. type: str
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [none, create_task, nonblocking, log_dev]
- groups - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVM/CMD/ADD/DEVICE
fmgr_dvm_cmd_add_device:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [exec]>
params:
-
data:
adom: <value of string>
device:
adm_pass:
- <value of string>
adm_usr: <value of string>
desc: <value of string>
device action: <value of string>
faz.quota: <value of integer>
ip: <value of string>
meta fields: <value of string>
mgmt_mode: <value in [unreg, fmg, faz, ...]>
mr: <value of integer>
name: <value of string>
os_type: <value in [unknown, fos, fsw, ...]>
os_ver: <value in [unknown, 0.0, 1.0, ...]>
patch: <value of integer>
platform_str: <value of string>
sn: <value of string>
flags:
- <value in [none, create_task, nonblocking, ...]>
groups:
-
name: <value of string>
vdom: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [exec]
- data
- No description for the parameter type: dict
- device
- adm_pass - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- adm_usr - No description for the parameter type: str
- app_ver - No description for the parameter type: str
- av_ver - No description for the parameter type: str
- beta - No description for the parameter type: int
- branch_pt - No description for the parameter type: int
- build - No description for the parameter type: int
- checksum - No description for the parameter type: str
- conf_status - No description for the parameter type: str example: unknown
- conn_mode - No description for the parameter type: str example: passive
- conn_status - No description for the parameter type: str example: UNKNOWN
- db_status - No description for the parameter type: str example: unknown
- desc - No description for the parameter type: str
- dev_status - No description for the parameter type: str example: unknown
- fap_cnt - No description for the parameter type: int
- faz.full_act - No description for the parameter type: int
- faz.perm - No description for the parameter type: int
- faz.quota - No description for the parameter type: int
- faz.used - No description for the parameter type: int
- fex_cnt - No description for the parameter type: int
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- foslic_cpu - VM Meter vCPU count. type: int
- foslic_dr_site - VM Meter DR Site status. type: str example: disable
- foslic_inst_time - VM Meter first deployment time (in UNIX timestamp). type: int
- foslic_last_sync - VM Meter last synchronized time (in UNIX timestamp). type: int
- foslic_ram - VM Meter device RAM size (in MB). type: int
- foslic_type - VM Meter license type. type: str example: temporary
- foslic_utm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- fsw_cnt - No description for the parameter type: int
- ha_group_id - No description for the parameter type: int
- ha_group_name - No description for the parameter type: str
- ha_mode - enabled - Value reserved for non-FOS HA devices. type: str example: standalone
- ha_slave - No description for the parameter type: array
- idx - No description for the parameter type: int
- name - No description for the parameter type: str
- prio - No description for the parameter type: int
- role - No description for the parameter type: str example: slave
- sn - No description for the parameter type: str
- status - No description for the parameter type: int
- hdisk_size - No description for the parameter type: int
- hostname - No description for the parameter type: str
- hw_rev_major - No description for the parameter type: int
- hw_rev_minor - No description for the parameter type: int
- ip - No description for the parameter type: str
- ips_ext - No description for the parameter type: int
- ips_ver - No description for the parameter type: str
- last_checked - No description for the parameter type: int
- last_resync - No description for the parameter type: int
- latitude - No description for the parameter type: str
- lic_flags - No description for the parameter type: int
- lic_region - No description for the parameter type: str
- location_from - No description for the parameter type: str
- logdisk_size - No description for the parameter type: int
- longitude - No description for the parameter type: str
- maxvdom - No description for the parameter type: int example: 10
- meta fields - No description for the parameter type: str
- mgmt_id - No description for the parameter type: int
- mgmt_if - No description for the parameter type: str
- mgmt_mode - No description for the parameter type: str example: unreg
- mgt_vdom - No description for the parameter type: str
- mr - No description for the parameter type: int example: -1
- name - Unique name for the device. type: str
- os_type - No description for the parameter type: str example: unknown
- os_ver - No description for the parameter type: str example: unknown
- patch - No description for the parameter type: int
- platform_str - No description for the parameter type: str
- psk - No description for the parameter type: str
- sn - Unique value for each device. type: str
- vdom - No description for the parameter type: array
- comments - No description for the parameter type: str
- name - No description for the parameter type: str
- opmode - No description for the parameter type: str example: nat
- rtm_prof_id - No description for the parameter type: int
- status - No description for the parameter type: str
- version - No description for the parameter type: int
- vm_cpu - No description for the parameter type: int
- vm_cpu_limit - No description for the parameter type: int
- vm_lic_expire - No description for the parameter type: int
- vm_mem - No description for the parameter type: int
- vm_mem_limit - No description for the parameter type: int
- vm_status - No description for the parameter type: int
- pid - When "nonblocking" flag is set, return the process ID for the command. type: int
- taskid - When "create_task" flag is set, return the ID of the task associated with the command. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvm/cmd/add/device
fmgr_dvm_cmd_del_device – Delete a device.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [exec] the following FortiManager json-rpc urls.
- /dvm/cmd/del/device
- /dvm/cmd/del/device
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [exec] - Delete a device.
- data - No description for the parameter type: dict
- adom - Name or ID of the ADOM where the command is to be executed on. type: str
- device - Name or ID of the target device. type: str
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [none, create_task, nonblocking, log_dev]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVM/CMD/DEL/DEVICE
fmgr_dvm_cmd_del_device:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [exec]>
params:
-
data:
adom: <value of string>
device: <value of string>
flags:
- <value in [none, create_task, nonblocking, ...]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [exec]
- data
- No description for the parameter type: dict
- pid - When "nonblocking" flag is set, return the process ID for the command. type: int
- taskid - When "create_task" flag is set, return the ID of the task associated with the command. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvm/cmd/del/device
fmgr_dvm_cmd_discover_device – Probe a remote device and retrieve its device information and system status.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [exec] the following FortiManager json-rpc urls.
- /dvm/cmd/discover/device
- /dvm/cmd/discover/device
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [exec] - Probe a remote device and retrieve its device information and system status.
- data - No description for the parameter type: dict
- device
- adm_pass - No description for the parameter type: str
- adm_usr - No description for the parameter type: str
- ip - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVM/CMD/DISCOVER/DEVICE
fmgr_dvm_cmd_discover_device:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [exec]>
params:
-
data:
device:
adm_pass: <value of string>
adm_usr: <value of string>
ip: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [exec]
- data
- No description for the parameter type: dict
- device
- adm_pass - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- adm_usr - No description for the parameter type: str
- app_ver - No description for the parameter type: str
- av_ver - No description for the parameter type: str
- beta - No description for the parameter type: int
- branch_pt - No description for the parameter type: int
- build - No description for the parameter type: int
- checksum - No description for the parameter type: str
- conf_status - No description for the parameter type: str example: unknown
- conn_mode - No description for the parameter type: str example: passive
- conn_status - No description for the parameter type: str example: UNKNOWN
- db_status - No description for the parameter type: str example: unknown
- desc - No description for the parameter type: str
- dev_status - No description for the parameter type: str example: unknown
- fap_cnt - No description for the parameter type: int
- faz.full_act - No description for the parameter type: int
- faz.perm - No description for the parameter type: int
- faz.quota - No description for the parameter type: int
- faz.used - No description for the parameter type: int
- fex_cnt - No description for the parameter type: int
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- foslic_cpu - VM Meter vCPU count. type: int
- foslic_dr_site - VM Meter DR Site status. type: str example: disable
- foslic_inst_time - VM Meter first deployment time (in UNIX timestamp). type: int
- foslic_last_sync - VM Meter last synchronized time (in UNIX timestamp). type: int
- foslic_ram - VM Meter device RAM size (in MB). type: int
- foslic_type - VM Meter license type. type: str example: temporary
- foslic_utm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- fsw_cnt - No description for the parameter type: int
- ha_group_id - No description for the parameter type: int
- ha_group_name - No description for the parameter type: str
- ha_mode - enabled - Value reserved for non-FOS HA devices. type: str example: standalone
- ha_slave - No description for the parameter type: array
- idx - No description for the parameter type: int
- name - No description for the parameter type: str
- prio - No description for the parameter type: int
- role - No description for the parameter type: str example: slave
- sn - No description for the parameter type: str
- status - No description for the parameter type: int
- hdisk_size - No description for the parameter type: int
- hostname - No description for the parameter type: str
- hw_rev_major - No description for the parameter type: int
- hw_rev_minor - No description for the parameter type: int
- ip - No description for the parameter type: str
- ips_ext - No description for the parameter type: int
- ips_ver - No description for the parameter type: str
- last_checked - No description for the parameter type: int
- last_resync - No description for the parameter type: int
- latitude - No description for the parameter type: str
- lic_flags - No description for the parameter type: int
- lic_region - No description for the parameter type: str
- location_from - No description for the parameter type: str
- logdisk_size - No description for the parameter type: int
- longitude - No description for the parameter type: str
- maxvdom - No description for the parameter type: int example: 10
- meta fields - No description for the parameter type: str
- mgmt_id - No description for the parameter type: int
- mgmt_if - No description for the parameter type: str
- mgmt_mode - No description for the parameter type: str example: unreg
- mgt_vdom - No description for the parameter type: str
- mr - No description for the parameter type: int example: -1
- name - Unique name for the device. type: str
- os_type - No description for the parameter type: str example: unknown
- os_ver - No description for the parameter type: str example: unknown
- patch - No description for the parameter type: int
- platform_str - No description for the parameter type: str
- psk - No description for the parameter type: str
- sn - Unique value for each device. type: str
- vdom - No description for the parameter type: array
- comments - No description for the parameter type: str
- name - No description for the parameter type: str
- opmode - No description for the parameter type: str example: nat
- rtm_prof_id - No description for the parameter type: int
- status - No description for the parameter type: str
- version - No description for the parameter type: int
- vm_cpu - No description for the parameter type: int
- vm_cpu_limit - No description for the parameter type: int
- vm_lic_expire - No description for the parameter type: int
- vm_mem - No description for the parameter type: int
- vm_mem_limit - No description for the parameter type: int
- vm_status - No description for the parameter type: int
- pid - When "nonblocking" flag is set, return the process ID for the command. type: int
- taskid - When "create_task" flag is set, return the ID of the task associated with the command. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvm/cmd/discover/device
fmgr_dvm_cmd_update_device – Refresh the FGFM connection and system information of a device.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [exec] the following FortiManager json-rpc urls.
- /dvm/cmd/update/device
- /dvm/cmd/update/device
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [exec] - Refresh the FGFM connection and system information of a device.
- data - No description for the parameter type: dict
- adom - Name or ID of the ADOM where the command is to be executed on. type: str
- device - Name or ID of the target device. type: str
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [none, create_task, nonblocking, log_dev]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVM/CMD/UPDATE/DEVICE
fmgr_dvm_cmd_update_device:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [exec]>
params:
-
data:
adom: <value of string>
device: <value of string>
flags:
- <value in [none, create_task, nonblocking, ...]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [exec]
- data
- No description for the parameter type: dict
- pid - When "nonblocking" flag is set, return the process ID for the command. type: int
- taskid - When "create_task" flag is set, return the ID of the task associated with the command. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvm/cmd/update/device
fmgr_dvmdb_device – Device table, most attributes are read-only and can only be changed internally.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /dvmdb/adom/{adom}/device
- /dvmdb/device
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [get] - Device table, most attributes are read-only and can only be changed internally. Refer to Device Manager Command module for API to add, delete, and manage devices.
- expand member - Fetch all or selected attributes of object members. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [adm_pass, adm_usr, app_ver, av_ver, beta, branch_pt, build, checksum, conf_status, conn_mode, conn_status, db_status, desc, dev_status, fap_cnt, faz.full_act, faz.perm, faz.quota, faz.used, fex_cnt, flags, foslic_cpu, foslic_dr_site, foslic_inst_time, foslic_last_sync, foslic_ram, foslic_type, foslic_utm, fsw_cnt, ha_group_id, ha_group_name, ha_mode, hdisk_size, hostname, hw_rev_major, hw_rev_minor, ip, ips_ext, ips_ver, last_checked, last_resync, latitude, lic_flags, lic_region, location_from, logdisk_size, longitude, maxvdom, mgmt_id, mgmt_if, mgmt_mode, mgt_vdom, mr, name, os_type, os_ver, patch, platform_str, psk, sn, version, vm_cpu, vm_cpu_limit, vm_lic_expire, vm_mem, vm_mem_limit, vm_status]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- loadsub - Enable or disable the return of any sub-objects. type: int
- meta fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- option - Set fetch option for the request. type: str choices: [count, object member, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
- parameters for method: [set, update] - Device table, most attributes are read-only and can only be changed internally. Refer to Device Manager Command module for API to add, delete, and manage devices.
- data - No description for the parameter type: array
- adm_pass - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- adm_usr - No description for the parameter type: str
- app_ver - No description for the parameter type: str
- av_ver - No description for the parameter type: str
- beta - No description for the parameter type: int
- branch_pt - No description for the parameter type: int
- build - No description for the parameter type: int
- checksum - No description for the parameter type: str
- conf_status - No description for the parameter type: str choices: [unknown, insync, outofsync] default: unknown
- conn_mode - No description for the parameter type: str choices: [active, passive] default: passive
- conn_status - No description for the parameter type: str choices: [UNKNOWN, up, down] default: UNKNOWN
- db_status - No description for the parameter type: str choices: [unknown, nomod, mod] default: unknown
- desc - No description for the parameter type: str
- dev_status - No description for the parameter type: str choices: [none, unknown, checkedin, inprogress, installed, aborted, sched, retry, canceled, pending, retrieved, changed_conf, sync_fail, timeout, rev_revert, auto_updated] default: unknown
- fap_cnt - No description for the parameter type: int
- faz.full_act - No description for the parameter type: int
- faz.perm - No description for the parameter type: int
- faz.quota - No description for the parameter type: int
- faz.used - No description for the parameter type: int
- fex_cnt - No description for the parameter type: int
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [has_hdd, vdom_enabled, discover, reload, interim_build, offline_mode, is_model, fips_mode, linked_to_model, ip-conflict, faz-autosync]
- foslic_cpu - VM Meter vCPU count. type: int
- foslic_dr_site - VM Meter DR Site status. type: str choices: [disable, enable] default: disable
- foslic_inst_time - VM Meter first deployment time (in UNIX timestamp). type: int
- foslic_last_sync - VM Meter last synchronized time (in UNIX timestamp). type: int
- foslic_ram - VM Meter device RAM size (in MB). type: int
- foslic_type - VM Meter license type. type: str choices: [temporary, trial, regular, trial_expired] default: temporary
- foslic_utm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [fw, av, ips, app, url, utm, fwb]
- fsw_cnt - No description for the parameter type: int
- ha_group_id - No description for the parameter type: int
- ha_group_name - No description for the parameter type: str
- ha_mode - enabled - Value reserved for non-FOS HA devices. type: str choices: [standalone, AP, AA, ELBC, DUAL, enabled, unknown] default: standalone
- hdisk_size - No description for the parameter type: int
- hostname - No description for the parameter type: str
- hw_rev_major - No description for the parameter type: int
- hw_rev_minor - No description for the parameter type: int
- ip - No description for the parameter type: str
- ips_ext - No description for the parameter type: int
- ips_ver - No description for the parameter type: str
- last_checked - No description for the parameter type: int
- last_resync - No description for the parameter type: int
- latitude - No description for the parameter type: str
- lic_flags - No description for the parameter type: int
- lic_region - No description for the parameter type: str
- location_from - No description for the parameter type: str
- logdisk_size - No description for the parameter type: int
- longitude - No description for the parameter type: str
- maxvdom - No description for the parameter type: int default: 10
- meta fields - No description for the parameter type: str
- mgmt_id - No description for the parameter type: int
- mgmt_if - No description for the parameter type: str
- mgmt_mode - No description for the parameter type: str choices: [unreg, fmg, faz, fmgfaz] default: unreg
- mgt_vdom - No description for the parameter type: str
- mr - No description for the parameter type: int default: -1
- name - Unique name for the device. type: str
- os_type - No description for the parameter type: str choices: [unknown, fos, fsw, foc, fml, faz, fwb, fch, fct, log, fmg, fsa, fdd, fac, fpx] default: unknown
- os_ver - No description for the parameter type: str choices: [unknown, 0.0, 1.0, 2.0, 3.0, 4.0, 5.0, 6.0] default: unknown
- patch - No description for the parameter type: int
- platform_str - No description for the parameter type: str
- psk - No description for the parameter type: str
- sn - Unique value for each device. type: str
- vdom - No description for the parameter type: array
- comments - No description for the parameter type: str
- name - No description for the parameter type: str
- opmode - No description for the parameter type: str choices: [nat, transparent] default: nat
- rtm_prof_id - No description for the parameter type: int
- status - No description for the parameter type: str
- version - No description for the parameter type: int
- vm_cpu - No description for the parameter type: int
- vm_cpu_limit - No description for the parameter type: int
- vm_lic_expire - No description for the parameter type: int
- vm_mem - No description for the parameter type: int
- vm_mem_limit - No description for the parameter type: int
- vm_status - No description for the parameter type: int
- adm_pass - No description for the parameter type: array
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVMDB/DEVICE
fmgr_dvmdb_device:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
expand member: <value of string>
fields:
-
- <value in [adm_pass, adm_usr, app_ver, ...]>
filter:
- <value of string>
loadsub: <value of integer>
meta fields:
- <value of string>
option: <value in [count, object member, syntax]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
- name: REQUESTING /DVMDB/DEVICE
fmgr_dvmdb_device:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
adm_pass:
- <value of string>
adm_usr: <value of string>
app_ver: <value of string>
av_ver: <value of string>
beta: <value of integer>
branch_pt: <value of integer>
build: <value of integer>
checksum: <value of string>
conf_status: <value in [unknown, insync, outofsync] default: 'unknown'>
conn_mode: <value in [active, passive] default: 'passive'>
conn_status: <value in [UNKNOWN, up, down] default: 'UNKNOWN'>
db_status: <value in [unknown, nomod, mod] default: 'unknown'>
desc: <value of string>
dev_status: <value in [none, unknown, checkedin, ...] default: 'unknown'>
fap_cnt: <value of integer>
faz.full_act: <value of integer>
faz.perm: <value of integer>
faz.quota: <value of integer>
faz.used: <value of integer>
fex_cnt: <value of integer>
flags:
- <value in [has_hdd, vdom_enabled, discover, ...]>
foslic_cpu: <value of integer>
foslic_dr_site: <value in [disable, enable] default: 'disable'>
foslic_inst_time: <value of integer>
foslic_last_sync: <value of integer>
foslic_ram: <value of integer>
foslic_type: <value in [temporary, trial, regular, ...] default: 'temporary'>
foslic_utm:
- <value in [fw, av, ips, ...]>
fsw_cnt: <value of integer>
ha_group_id: <value of integer>
ha_group_name: <value of string>
ha_mode: <value in [standalone, AP, AA, ...] default: 'standalone'>
hdisk_size: <value of integer>
hostname: <value of string>
hw_rev_major: <value of integer>
hw_rev_minor: <value of integer>
ip: <value of string>
ips_ext: <value of integer>
ips_ver: <value of string>
last_checked: <value of integer>
last_resync: <value of integer>
latitude: <value of string>
lic_flags: <value of integer>
lic_region: <value of string>
location_from: <value of string>
logdisk_size: <value of integer>
longitude: <value of string>
maxvdom: <value of integer default: 10>
meta fields: <value of string>
mgmt_id: <value of integer>
mgmt_if: <value of string>
mgmt_mode: <value in [unreg, fmg, faz, ...] default: 'unreg'>
mgt_vdom: <value of string>
mr: <value of integer default: -1>
name: <value of string>
os_type: <value in [unknown, fos, fsw, ...] default: 'unknown'>
os_ver: <value in [unknown, 0.0, 1.0, ...] default: 'unknown'>
patch: <value of integer>
platform_str: <value of string>
psk: <value of string>
sn: <value of string>
vdom:
-
comments: <value of string>
name: <value of string>
opmode: <value in [nat, transparent] default: 'nat'>
rtm_prof_id: <value of integer>
status: <value of string>
version: <value of integer>
vm_cpu: <value of integer>
vm_cpu_limit: <value of integer>
vm_lic_expire: <value of integer>
vm_mem: <value of integer>
vm_mem_limit: <value of integer>
vm_status: <value of integer>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: array
- adm_pass - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- adm_usr - No description for the parameter type: str
- app_ver - No description for the parameter type: str
- av_ver - No description for the parameter type: str
- beta - No description for the parameter type: int
- branch_pt - No description for the parameter type: int
- build - No description for the parameter type: int
- checksum - No description for the parameter type: str
- conf_status - No description for the parameter type: str example: unknown
- conn_mode - No description for the parameter type: str example: passive
- conn_status - No description for the parameter type: str example: UNKNOWN
- db_status - No description for the parameter type: str example: unknown
- desc - No description for the parameter type: str
- dev_status - No description for the parameter type: str example: unknown
- fap_cnt - No description for the parameter type: int
- faz.full_act - No description for the parameter type: int
- faz.perm - No description for the parameter type: int
- faz.quota - No description for the parameter type: int
- faz.used - No description for the parameter type: int
- fex_cnt - No description for the parameter type: int
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- foslic_cpu - VM Meter vCPU count. type: int
- foslic_dr_site - VM Meter DR Site status. type: str example: disable
- foslic_inst_time - VM Meter first deployment time (in UNIX timestamp). type: int
- foslic_last_sync - VM Meter last synchronized time (in UNIX timestamp). type: int
- foslic_ram - VM Meter device RAM size (in MB). type: int
- foslic_type - VM Meter license type. type: str example: temporary
- foslic_utm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- fsw_cnt - No description for the parameter type: int
- ha_group_id - No description for the parameter type: int
- ha_group_name - No description for the parameter type: str
- ha_mode - enabled - Value reserved for non-FOS HA devices. type: str example: standalone
- hdisk_size - No description for the parameter type: int
- hostname - No description for the parameter type: str
- hw_rev_major - No description for the parameter type: int
- hw_rev_minor - No description for the parameter type: int
- ip - No description for the parameter type: str
- ips_ext - No description for the parameter type: int
- ips_ver - No description for the parameter type: str
- last_checked - No description for the parameter type: int
- last_resync - No description for the parameter type: int
- latitude - No description for the parameter type: str
- lic_flags - No description for the parameter type: int
- lic_region - No description for the parameter type: str
- location_from - No description for the parameter type: str
- logdisk_size - No description for the parameter type: int
- longitude - No description for the parameter type: str
- maxvdom - No description for the parameter type: int example: 10
- meta fields - No description for the parameter type: str
- mgmt_id - No description for the parameter type: int
- mgmt_if - No description for the parameter type: str
- mgmt_mode - No description for the parameter type: str example: unreg
- mgt_vdom - No description for the parameter type: str
- mr - No description for the parameter type: int example: -1
- name - Unique name for the device. type: str
- os_type - No description for the parameter type: str example: unknown
- os_ver - No description for the parameter type: str example: unknown
- patch - No description for the parameter type: int
- platform_str - No description for the parameter type: str
- psk - No description for the parameter type: str
- sn - Unique value for each device. type: str
- vdom - No description for the parameter type: array
- comments - No description for the parameter type: str
- name - No description for the parameter type: str
- opmode - No description for the parameter type: str example: nat
- rtm_prof_id - No description for the parameter type: int
- status - No description for the parameter type: str
- version - No description for the parameter type: int
- vm_cpu - No description for the parameter type: int
- vm_cpu_limit - No description for the parameter type: int
- vm_lic_expire - No description for the parameter type: int
- vm_mem - No description for the parameter type: int
- vm_mem_limit - No description for the parameter type: int
- vm_status - No description for the parameter type: int
- adm_pass - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/device
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/device
fmgr_dvmdb_device_obj – Device table, most attributes are read-only and can only be changed internally.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /dvmdb/adom/{adom}/device/{device}
- /dvmdb/device/{device}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- device - the object name type: str
- parameters for method: [get] - Device table, most attributes are read-only and can only be changed internally. Refer to Device Manager Command module for API to add, delete, and manage devices.
- option - Set fetch option for the request. type: str choices: [object member, chksum]
- parameters for method: [set, update] - Device table, most attributes are read-only and can only be changed internally. Refer to Device Manager Command module for API to add, delete, and manage devices.
- data - No description for the parameter type: dict
- adm_pass - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- adm_usr - No description for the parameter type: str
- app_ver - No description for the parameter type: str
- av_ver - No description for the parameter type: str
- beta - No description for the parameter type: int
- branch_pt - No description for the parameter type: int
- build - No description for the parameter type: int
- checksum - No description for the parameter type: str
- conf_status - No description for the parameter type: str choices: [unknown, insync, outofsync] default: unknown
- conn_mode - No description for the parameter type: str choices: [active, passive] default: passive
- conn_status - No description for the parameter type: str choices: [UNKNOWN, up, down] default: UNKNOWN
- db_status - No description for the parameter type: str choices: [unknown, nomod, mod] default: unknown
- desc - No description for the parameter type: str
- dev_status - No description for the parameter type: str choices: [none, unknown, checkedin, inprogress, installed, aborted, sched, retry, canceled, pending, retrieved, changed_conf, sync_fail, timeout, rev_revert, auto_updated] default: unknown
- fap_cnt - No description for the parameter type: int
- faz.full_act - No description for the parameter type: int
- faz.perm - No description for the parameter type: int
- faz.quota - No description for the parameter type: int
- faz.used - No description for the parameter type: int
- fex_cnt - No description for the parameter type: int
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [has_hdd, vdom_enabled, discover, reload, interim_build, offline_mode, is_model, fips_mode, linked_to_model, ip-conflict, faz-autosync]
- foslic_cpu - VM Meter vCPU count. type: int
- foslic_dr_site - VM Meter DR Site status. type: str choices: [disable, enable] default: disable
- foslic_inst_time - VM Meter first deployment time (in UNIX timestamp). type: int
- foslic_last_sync - VM Meter last synchronized time (in UNIX timestamp). type: int
- foslic_ram - VM Meter device RAM size (in MB). type: int
- foslic_type - VM Meter license type. type: str choices: [temporary, trial, regular, trial_expired] default: temporary
- foslic_utm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [fw, av, ips, app, url, utm, fwb]
- fsw_cnt - No description for the parameter type: int
- ha_group_id - No description for the parameter type: int
- ha_group_name - No description for the parameter type: str
- ha_mode - enabled - Value reserved for non-FOS HA devices. type: str choices: [standalone, AP, AA, ELBC, DUAL, enabled, unknown] default: standalone
- hdisk_size - No description for the parameter type: int
- hostname - No description for the parameter type: str
- hw_rev_major - No description for the parameter type: int
- hw_rev_minor - No description for the parameter type: int
- ip - No description for the parameter type: str
- ips_ext - No description for the parameter type: int
- ips_ver - No description for the parameter type: str
- last_checked - No description for the parameter type: int
- last_resync - No description for the parameter type: int
- latitude - No description for the parameter type: str
- lic_flags - No description for the parameter type: int
- lic_region - No description for the parameter type: str
- location_from - No description for the parameter type: str
- logdisk_size - No description for the parameter type: int
- longitude - No description for the parameter type: str
- maxvdom - No description for the parameter type: int default: 10
- meta fields - No description for the parameter type: str
- mgmt_id - No description for the parameter type: int
- mgmt_if - No description for the parameter type: str
- mgmt_mode - No description for the parameter type: str choices: [unreg, fmg, faz, fmgfaz] default: unreg
- mgt_vdom - No description for the parameter type: str
- mr - No description for the parameter type: int default: -1
- name - Unique name for the device. type: str
- os_type - No description for the parameter type: str choices: [unknown, fos, fsw, foc, fml, faz, fwb, fch, fct, log, fmg, fsa, fdd, fac, fpx] default: unknown
- os_ver - No description for the parameter type: str choices: [unknown, 0.0, 1.0, 2.0, 3.0, 4.0, 5.0, 6.0] default: unknown
- patch - No description for the parameter type: int
- platform_str - No description for the parameter type: str
- psk - No description for the parameter type: str
- sn - Unique value for each device. type: str
- vdom - No description for the parameter type: array
- comments - No description for the parameter type: str
- name - No description for the parameter type: str
- opmode - No description for the parameter type: str choices: [nat, transparent] default: nat
- rtm_prof_id - No description for the parameter type: int
- status - No description for the parameter type: str
- version - No description for the parameter type: int
- vm_cpu - No description for the parameter type: int
- vm_cpu_limit - No description for the parameter type: int
- vm_lic_expire - No description for the parameter type: int
- vm_mem - No description for the parameter type: int
- vm_mem_limit - No description for the parameter type: int
- vm_status - No description for the parameter type: int
- adm_pass - No description for the parameter type: array
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVMDB/DEVICE/{DEVICE}
fmgr_dvmdb_device_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
device: <value of string>
params:
-
option: <value in [object member, chksum]>
- name: REQUESTING /DVMDB/DEVICE/{DEVICE}
fmgr_dvmdb_device_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
device: <value of string>
params:
-
data:
adm_pass:
- <value of string>
adm_usr: <value of string>
app_ver: <value of string>
av_ver: <value of string>
beta: <value of integer>
branch_pt: <value of integer>
build: <value of integer>
checksum: <value of string>
conf_status: <value in [unknown, insync, outofsync] default: 'unknown'>
conn_mode: <value in [active, passive] default: 'passive'>
conn_status: <value in [UNKNOWN, up, down] default: 'UNKNOWN'>
db_status: <value in [unknown, nomod, mod] default: 'unknown'>
desc: <value of string>
dev_status: <value in [none, unknown, checkedin, ...] default: 'unknown'>
fap_cnt: <value of integer>
faz.full_act: <value of integer>
faz.perm: <value of integer>
faz.quota: <value of integer>
faz.used: <value of integer>
fex_cnt: <value of integer>
flags:
- <value in [has_hdd, vdom_enabled, discover, ...]>
foslic_cpu: <value of integer>
foslic_dr_site: <value in [disable, enable] default: 'disable'>
foslic_inst_time: <value of integer>
foslic_last_sync: <value of integer>
foslic_ram: <value of integer>
foslic_type: <value in [temporary, trial, regular, ...] default: 'temporary'>
foslic_utm:
- <value in [fw, av, ips, ...]>
fsw_cnt: <value of integer>
ha_group_id: <value of integer>
ha_group_name: <value of string>
ha_mode: <value in [standalone, AP, AA, ...] default: 'standalone'>
hdisk_size: <value of integer>
hostname: <value of string>
hw_rev_major: <value of integer>
hw_rev_minor: <value of integer>
ip: <value of string>
ips_ext: <value of integer>
ips_ver: <value of string>
last_checked: <value of integer>
last_resync: <value of integer>
latitude: <value of string>
lic_flags: <value of integer>
lic_region: <value of string>
location_from: <value of string>
logdisk_size: <value of integer>
longitude: <value of string>
maxvdom: <value of integer default: 10>
meta fields: <value of string>
mgmt_id: <value of integer>
mgmt_if: <value of string>
mgmt_mode: <value in [unreg, fmg, faz, ...] default: 'unreg'>
mgt_vdom: <value of string>
mr: <value of integer default: -1>
name: <value of string>
os_type: <value in [unknown, fos, fsw, ...] default: 'unknown'>
os_ver: <value in [unknown, 0.0, 1.0, ...] default: 'unknown'>
patch: <value of integer>
platform_str: <value of string>
psk: <value of string>
sn: <value of string>
vdom:
-
comments: <value of string>
name: <value of string>
opmode: <value in [nat, transparent] default: 'nat'>
rtm_prof_id: <value of integer>
status: <value of string>
version: <value of integer>
vm_cpu: <value of integer>
vm_cpu_limit: <value of integer>
vm_lic_expire: <value of integer>
vm_mem: <value of integer>
vm_mem_limit: <value of integer>
vm_status: <value of integer>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- adm_pass - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- adm_usr - No description for the parameter type: str
- app_ver - No description for the parameter type: str
- av_ver - No description for the parameter type: str
- beta - No description for the parameter type: int
- branch_pt - No description for the parameter type: int
- build - No description for the parameter type: int
- checksum - No description for the parameter type: str
- conf_status - No description for the parameter type: str example: unknown
- conn_mode - No description for the parameter type: str example: passive
- conn_status - No description for the parameter type: str example: UNKNOWN
- db_status - No description for the parameter type: str example: unknown
- desc - No description for the parameter type: str
- dev_status - No description for the parameter type: str example: unknown
- fap_cnt - No description for the parameter type: int
- faz.full_act - No description for the parameter type: int
- faz.perm - No description for the parameter type: int
- faz.quota - No description for the parameter type: int
- faz.used - No description for the parameter type: int
- fex_cnt - No description for the parameter type: int
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- foslic_cpu - VM Meter vCPU count. type: int
- foslic_dr_site - VM Meter DR Site status. type: str example: disable
- foslic_inst_time - VM Meter first deployment time (in UNIX timestamp). type: int
- foslic_last_sync - VM Meter last synchronized time (in UNIX timestamp). type: int
- foslic_ram - VM Meter device RAM size (in MB). type: int
- foslic_type - VM Meter license type. type: str example: temporary
- foslic_utm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- fsw_cnt - No description for the parameter type: int
- ha_group_id - No description for the parameter type: int
- ha_group_name - No description for the parameter type: str
- ha_mode - enabled - Value reserved for non-FOS HA devices. type: str example: standalone
- hdisk_size - No description for the parameter type: int
- hostname - No description for the parameter type: str
- hw_rev_major - No description for the parameter type: int
- hw_rev_minor - No description for the parameter type: int
- ip - No description for the parameter type: str
- ips_ext - No description for the parameter type: int
- ips_ver - No description for the parameter type: str
- last_checked - No description for the parameter type: int
- last_resync - No description for the parameter type: int
- latitude - No description for the parameter type: str
- lic_flags - No description for the parameter type: int
- lic_region - No description for the parameter type: str
- location_from - No description for the parameter type: str
- logdisk_size - No description for the parameter type: int
- longitude - No description for the parameter type: str
- maxvdom - No description for the parameter type: int example: 10
- meta fields - No description for the parameter type: str
- mgmt_id - No description for the parameter type: int
- mgmt_if - No description for the parameter type: str
- mgmt_mode - No description for the parameter type: str example: unreg
- mgt_vdom - No description for the parameter type: str
- mr - No description for the parameter type: int example: -1
- name - Unique name for the device. type: str
- os_type - No description for the parameter type: str example: unknown
- os_ver - No description for the parameter type: str example: unknown
- patch - No description for the parameter type: int
- platform_str - No description for the parameter type: str
- psk - No description for the parameter type: str
- sn - Unique value for each device. type: str
- vdom - No description for the parameter type: array
- comments - No description for the parameter type: str
- name - No description for the parameter type: str
- opmode - No description for the parameter type: str example: nat
- rtm_prof_id - No description for the parameter type: int
- status - No description for the parameter type: str
- version - No description for the parameter type: int
- vm_cpu - No description for the parameter type: int
- vm_cpu_limit - No description for the parameter type: int
- vm_lic_expire - No description for the parameter type: int
- vm_mem - No description for the parameter type: int
- vm_mem_limit - No description for the parameter type: int
- vm_status - No description for the parameter type: int
- adm_pass - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/device/{device}
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/device/{device}
fmgr_dvmdb_group – Device group table.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /dvmdb/adom/{adom}/group
- /dvmdb/group
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Device group table.
- data - No description for the parameter type: array
- desc - No description for the parameter type: str
- meta fields - No description for the parameter type: str
- name - No description for the parameter type: str
- os_type - No description for the parameter type: str choices: [unknown, fos, fsw, foc, fml, faz, fwb, fch, fct, log, fmg, fsa, fdd, fac, fpx] default: unknown
- type - No description for the parameter type: str choices: [normal, default, auto] default: normal
- parameters for method: [get] - Device group table.
- expand member - Fetch all or selected attributes of object members. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [desc, name, os_type, type]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- loadsub - Enable or disable the return of any sub-objects. type: int
- meta fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- option - Set fetch option for the request. type: str choices: [count, object member, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVMDB/GROUP
fmgr_dvmdb_group:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
desc: <value of string>
meta fields: <value of string>
name: <value of string>
os_type: <value in [unknown, fos, fsw, ...] default: 'unknown'>
type: <value in [normal, default, auto] default: 'normal'>
- name: REQUESTING /DVMDB/GROUP
fmgr_dvmdb_group:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
expand member: <value of string>
fields:
-
- <value in [desc, name, os_type, ...]>
filter:
- <value of string>
loadsub: <value of integer>
meta fields:
- <value of string>
option: <value in [count, object member, syntax]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/group
- return values for method: [get]
- data
- No description for the parameter type: array
- desc - No description for the parameter type: str
- meta fields - No description for the parameter type: str
- name - No description for the parameter type: str
- os_type - No description for the parameter type: str example: unknown
- type - No description for the parameter type: str example: normal
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/group
fmgr_dvmdb_group_obj – Device group table.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [delete, get, set, update, add] the following FortiManager json-rpc urls.
- /dvmdb/adom/{adom}/group/{group}
- /dvmdb/group/{group}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- group - the object name type: str
- parameters for method: [delete] - Device group table.
- parameter collection 0
- parameter collection 1
- data - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- parameters for method: [get] - Device group table.
- option - Set fetch option for the request. type: str choices: [object member, chksum]
- parameters for method: [set, update] - Device group table.
- parameter collection 0
- data - No description for the parameter type: dict
- desc - No description for the parameter type: str
- meta fields - No description for the parameter type: str
- name - No description for the parameter type: str
- os_type - No description for the parameter type: str choices: [unknown, fos, fsw, foc, fml, faz, fwb, fch, fct, log, fmg, fsa, fdd, fac, fpx] default: unknown
- type - No description for the parameter type: str choices: [normal, default, auto] default: normal
- parameter collection 1
- data - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- parameters for method: [add] - Device group table.
- data - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVMDB/GROUP/{GROUP}
fmgr_dvmdb_group_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [delete]>
url_params:
adom: <value in [none, global, custom dom]>
group: <value of string>
params:
-
data:
-
name: <value of string>
vdom: <value of string>
- name: REQUESTING /DVMDB/GROUP/{GROUP}
fmgr_dvmdb_group_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
group: <value of string>
params:
-
option: <value in [object member, chksum]>
- name: REQUESTING /DVMDB/GROUP/{GROUP}
fmgr_dvmdb_group_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
group: <value of string>
params:
-
data:
desc: <value of string>
meta fields: <value of string>
name: <value of string>
os_type: <value in [unknown, fos, fsw, ...] default: 'unknown'>
type: <value in [normal, default, auto] default: 'normal'>
- name: REQUESTING /DVMDB/GROUP/{GROUP}
fmgr_dvmdb_group_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
group: <value of string>
params:
-
data:
-
name: <value of string>
vdom: <value of string>
- name: REQUESTING /DVMDB/GROUP/{GROUP}
fmgr_dvmdb_group_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add]>
url_params:
adom: <value in [none, global, custom dom]>
group: <value of string>
params:
-
data:
-
name: <value of string>
vdom: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [delete, set, update]
- return values collection 0
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/group/{group}
- return values collection 1
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/group/{group}
- return values for method: [get]
- data
- No description for the parameter type: dict
- desc - No description for the parameter type: str
- meta fields - No description for the parameter type: str
- name - No description for the parameter type: str
- os_type - No description for the parameter type: str example: unknown
- type - No description for the parameter type: str example: normal
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/group/{group}
- return values for method: [add]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/group/{group}
fmgr_dvmdb_script – Script table.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /dvmdb/adom/{adom}/script
- /dvmdb/global/script
- /dvmdb/script
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Script table.
- data - No description for the parameter type: array
- content - The full content of the script result log. type: str
- desc - No description for the parameter type: str
- filter_build - The value will be ignored in add/set/update requests if filter_ostype is not set. type: int
- filter_device - Name or id of an existing device in the database. type: int
- filter_hostname - The value has no effect if target is "adom_database". type: str
- filter_ostype - The value has no effect if target is "adom_database". type: str choices: [unknown, fos] default: unknown
- filter_osver - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str choices: [unknown, 4.00, 5.00] default: unknown
- filter_platform - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str
- filter_serial - The value has no effect if target is "adom_database". type: str
- modification_time - It is a read-only attribute indicating the time when the script was created or modified. type: str
- name - No description for the parameter type: str
- script_schedule - No description for the parameter type: array
- datetime - Indicates the date and time of the schedule. type: str
- day_of_week - No description for the parameter type: str choices: [unknown, sun, mon, tue, wed, thu, fri, sat] default: sun
- device - Name or id of an existing device in the database. type: int
- name - No description for the parameter type: str
- run_on_db - Indicates if the scheduled script should be executed on device database. type: str choices: [disable, enable] default: disable
- type - No description for the parameter type: str choices: [auto, onetime, daily, weekly, monthly]
- target - No description for the parameter type: str choices: [device_database, remote_device, adom_database] default: device_database
- type - No description for the parameter type: str choices: [cli, tcl, cligrp]
- parameters for method: [get] - Script table.
- expand member - Fetch all or selected attributes of object members. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [content, desc, filter_build, filter_device, filter_hostname, filter_ostype, filter_osver, filter_platform, filter_serial, modification_time, name, target, type]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVMDB/SCRIPT
fmgr_dvmdb_script:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
content: <value of string>
desc: <value of string>
filter_build: <value of integer>
filter_device: <value of integer>
filter_hostname: <value of string>
filter_ostype: <value in [unknown, fos] default: 'unknown'>
filter_osver: <value in [unknown, 4.00, 5.00] default: 'unknown'>
filter_platform: <value of string>
filter_serial: <value of string>
modification_time: <value of string>
name: <value of string>
script_schedule:
-
datetime: <value of string>
day_of_week: <value in [unknown, sun, mon, ...] default: 'sun'>
device: <value of integer>
name: <value of string>
run_on_db: <value in [disable, enable] default: 'disable'>
type: <value in [auto, onetime, daily, ...]>
target: <value in [device_database, remote_device, adom_database] default: 'device_database'>
type: <value in [cli, tcl, cligrp]>
- name: REQUESTING /DVMDB/SCRIPT
fmgr_dvmdb_script:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
expand member: <value of string>
fields:
-
- <value in [content, desc, filter_build, ...]>
filter:
- <value of string>
loadsub: <value of integer>
option: <value in [count, object member, syntax]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/script
- return values for method: [get]
- data
- No description for the parameter type: array
- content - The full content of the script result log. type: str
- desc - No description for the parameter type: str
- filter_build - The value will be ignored in add/set/update requests if filter_ostype is not set. type: int
- filter_device - Name or id of an existing device in the database. type: int
- filter_hostname - The value has no effect if target is "adom_database". type: str
- filter_ostype - The value has no effect if target is "adom_database". type: str example: unknown
- filter_osver - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str example: unknown
- filter_platform - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str
- filter_serial - The value has no effect if target is "adom_database". type: str
- modification_time - It is a read-only attribute indicating the time when the script was created or modified. type: str
- name - No description for the parameter type: str
- script_schedule - No description for the parameter type: array
- datetime - Indicates the date and time of the schedule. type: str
- day_of_week - No description for the parameter type: str example: sun
- device - Name or id of an existing device in the database. type: int
- name - No description for the parameter type: str
- run_on_db - Indicates if the scheduled script should be executed on device database. type: str example: disable
- type - No description for the parameter type: str
- target - No description for the parameter type: str example: device_database
- type - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/script
fmgr_dvmdb_script_execute – Run script.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [exec] the following FortiManager json-rpc urls.
- /dvmdb/adom/{adom}/script/execute
- /dvmdb/global/script/execute
- /dvmdb/script/execute
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [exec] - Run script.
- workflow - No description for the parameter type: dict
- adom - No description for the parameter type: str
- package - No description for the parameter type: str
- scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- script - Script name. type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVMDB/SCRIPT/EXECUTE
fmgr_dvmdb_script_execute:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [exec]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
workflow:
adom: <value of string>
package: <value of string>
scope:
-
name: <value of string>
vdom: <value of string>
script: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [exec]
- data
- No description for the parameter type: dict
- task - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/script/execute
fmgr_dvmdb_script_obj – Script table.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [delete, get, set, update, add] the following FortiManager json-rpc urls.
- /dvmdb/adom/{adom}/script/{script}
- /dvmdb/global/script/{script}
- /dvmdb/script/{script}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- script - the object name type: str
- parameters for method: [delete] - Script table.
- parameter collection 0
- parameter collection 1
- data - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- parameters for method: [get] - Script table.
- option - Set fetch option for the request. type: str choices: [object member, chksum]
- parameters for method: [set, update] - Script table.
- parameter collection 0
- data - No description for the parameter type: dict
- content - The full content of the script result log. type: str
- desc - No description for the parameter type: str
- filter_build - The value will be ignored in add/set/update requests if filter_ostype is not set. type: int
- filter_device - Name or id of an existing device in the database. type: int
- filter_hostname - The value has no effect if target is "adom_database". type: str
- filter_ostype - The value has no effect if target is "adom_database". type: str choices: [unknown, fos] default: unknown
- filter_osver - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str choices: [unknown, 4.00, 5.00] default: unknown
- filter_platform - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str
- filter_serial - The value has no effect if target is "adom_database". type: str
- modification_time - It is a read-only attribute indicating the time when the script was created or modified. type: str
- name - No description for the parameter type: str
- script_schedule - No description for the parameter type: array
- datetime - Indicates the date and time of the schedule. type: str
- day_of_week - No description for the parameter type: str choices: [unknown, sun, mon, tue, wed, thu, fri, sat] default: sun
- device - Name or id of an existing device in the database. type: int
- name - No description for the parameter type: str
- run_on_db - Indicates if the scheduled script should be executed on device database. type: str choices: [disable, enable] default: disable
- type - No description for the parameter type: str choices: [auto, onetime, daily, weekly, monthly]
- target - No description for the parameter type: str choices: [device_database, remote_device, adom_database] default: device_database
- type - No description for the parameter type: str choices: [cli, tcl, cligrp]
- parameter collection 1
- data - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- parameters for method: [add] - Script table.
- data - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /DVMDB/SCRIPT/{SCRIPT}
fmgr_dvmdb_script_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [delete]>
url_params:
adom: <value in [none, global, custom dom]>
script: <value of string>
params:
-
data:
-
name: <value of string>
vdom: <value of string>
- name: REQUESTING /DVMDB/SCRIPT/{SCRIPT}
fmgr_dvmdb_script_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
script: <value of string>
params:
-
option: <value in [object member, chksum]>
- name: REQUESTING /DVMDB/SCRIPT/{SCRIPT}
fmgr_dvmdb_script_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
script: <value of string>
params:
-
data:
content: <value of string>
desc: <value of string>
filter_build: <value of integer>
filter_device: <value of integer>
filter_hostname: <value of string>
filter_ostype: <value in [unknown, fos] default: 'unknown'>
filter_osver: <value in [unknown, 4.00, 5.00] default: 'unknown'>
filter_platform: <value of string>
filter_serial: <value of string>
modification_time: <value of string>
name: <value of string>
script_schedule:
-
datetime: <value of string>
day_of_week: <value in [unknown, sun, mon, ...] default: 'sun'>
device: <value of integer>
name: <value of string>
run_on_db: <value in [disable, enable] default: 'disable'>
type: <value in [auto, onetime, daily, ...]>
target: <value in [device_database, remote_device, adom_database] default: 'device_database'>
type: <value in [cli, tcl, cligrp]>
- name: REQUESTING /DVMDB/SCRIPT/{SCRIPT}
fmgr_dvmdb_script_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
script: <value of string>
params:
-
data:
-
name: <value of string>
vdom: <value of string>
- name: REQUESTING /DVMDB/SCRIPT/{SCRIPT}
fmgr_dvmdb_script_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add]>
url_params:
adom: <value in [none, global, custom dom]>
script: <value of string>
params:
-
data:
-
name: <value of string>
vdom: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [delete, set, update]
- return values collection 0
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/script/{script}
- return values collection 1
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/script/{script}
- return values for method: [get]
- data
- No description for the parameter type: dict
- content - The full content of the script result log. type: str
- desc - No description for the parameter type: str
- filter_build - The value will be ignored in add/set/update requests if filter_ostype is not set. type: int
- filter_device - Name or id of an existing device in the database. type: int
- filter_hostname - The value has no effect if target is "adom_database". type: str
- filter_ostype - The value has no effect if target is "adom_database". type: str example: unknown
- filter_osver - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str example: unknown
- filter_platform - The value will be ignored in add/set/update requests if filter_ostype is not set. type: str
- filter_serial - The value has no effect if target is "adom_database". type: str
- modification_time - It is a read-only attribute indicating the time when the script was created or modified. type: str
- name - No description for the parameter type: str
- script_schedule - No description for the parameter type: array
- datetime - Indicates the date and time of the schedule. type: str
- day_of_week - No description for the parameter type: str example: sun
- device - Name or id of an existing device in the database. type: int
- name - No description for the parameter type: str
- run_on_db - Indicates if the scheduled script should be executed on device database. type: str example: disable
- type - No description for the parameter type: str
- target - No description for the parameter type: str example: device_database
- type - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/script/{script}
- return values for method: [add]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /dvmdb/adom/{adom}/script/{script}
fmgr_firewall_address – Configure IPv4 addresses.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/address
- /pm/config/global/obj/firewall/address
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure IPv4 addresses.
- data - No description for the parameter type: array
- allow-routing - Enable/disable use of this address in the static route configuration. type: str choices: [disable, enable]
- associated-interface - Network interface associated with address. type: str
- cache-ttl - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. type: int
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- country - IP addresses associated to a specific country. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str choices: [disable, enable]
- associated-interface - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- country - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- end-mac - No description for the parameter type: str
- epg-name - No description for the parameter type: str
- filter - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- interface - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- organization - No description for the parameter type: str
- policy-group - No description for the parameter type: str
- sdn - No description for the parameter type: str choices: [aci, aws, nsx, nuage, azure, gcp, oci, openstack]
- sdn-addr-type - No description for the parameter type: str choices: [private, public, all]
- sdn-tag - No description for the parameter type: str
- start-ip - No description for the parameter type: str
- start-mac - No description for the parameter type: str
- subnet - No description for the parameter type: str
- subnet-name - No description for the parameter type: str
- tags - No description for the parameter type: str
- tenant - No description for the parameter type: str
- type - No description for the parameter type: str choices: [ipmask, iprange, fqdn, wildcard, geography, url, wildcard-fqdn, nsx, aws, dynamic, interface-subnet, mac]
- url - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- wildcard - No description for the parameter type: str
- wildcard-fqdn - No description for the parameter type: str
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address. type: str
- epg-name - Endpoint group name. type: str
- filter - Match criteria filter. type: str
- fqdn - Fully Qualified Domain Name address. type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- organization - Organization domain name (Syntax: organization/domain). type: str
- policy-group - Policy group name. type: str
- sdn - SDN. type: str choices: [aci, aws, nsx, nuage, azure, gcp, oci, openstack]
- sdn-tag - SDN Tag. type: str
- start-ip - First IP address (inclusive) in the range for the address. type: str
- subnet - IP address and subnet mask of address. type: str
- subnet-name - Subnet name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- tenant - Tenant. type: str
- type - Type of address. type: str choices: [ipmask, iprange, fqdn, wildcard, geography, url, wildcard-fqdn, nsx, aws, dynamic, interface-subnet, mac]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str choices: [disable, enable]
- wildcard - IP address and wildcard netmask. type: str
- wildcard-fqdn - Fully Qualified Domain Name with wildcard characters. type: str
- parameters for method: [get] - Configure IPv4 addresses.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [allow-routing, associated-interface, cache-ttl, color, country, end-ip, epg-name, filter, fqdn, name, obj-id, organization, policy-group, sdn, sdn-tag, start-ip, subnet, subnet-name, tenant, type, uuid, visibility, wildcard, wildcard-fqdn]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS
fmgr_firewall_address:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
allow-routing: <value in [disable, enable]>
associated-interface: <value of string>
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
country: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
allow-routing: <value in [disable, enable]>
associated-interface: <value of string>
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
country: <value of string>
end-ip: <value of string>
end-mac: <value of string>
epg-name: <value of string>
filter: <value of string>
fqdn: <value of string>
interface: <value of string>
obj-id: <value of string>
organization: <value of string>
policy-group: <value of string>
sdn: <value in [aci, aws, nsx, ...]>
sdn-addr-type: <value in [private, public, all]>
sdn-tag: <value of string>
start-ip: <value of string>
start-mac: <value of string>
subnet: <value of string>
subnet-name: <value of string>
tags: <value of string>
tenant: <value of string>
type: <value in [ipmask, iprange, fqdn, ...]>
url: <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
wildcard: <value of string>
wildcard-fqdn: <value of string>
end-ip: <value of string>
epg-name: <value of string>
filter: <value of string>
fqdn: <value of string>
list:
-
ip: <value of string>
name: <value of string>
obj-id: <value of string>
organization: <value of string>
policy-group: <value of string>
sdn: <value in [aci, aws, nsx, ...]>
sdn-tag: <value of string>
start-ip: <value of string>
subnet: <value of string>
subnet-name: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
tenant: <value of string>
type: <value in [ipmask, iprange, fqdn, ...]>
uuid: <value of string>
visibility: <value in [disable, enable]>
wildcard: <value of string>
wildcard-fqdn: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS
fmgr_firewall_address:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [allow-routing, associated-interface, cache-ttl, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address
- return values for method: [get]
- data
- No description for the parameter type: array
- allow-routing - Enable/disable use of this address in the static route configuration. type: str
- associated-interface - Network interface associated with address. type: str
- cache-ttl - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. type: int
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- country - IP addresses associated to a specific country. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str
- associated-interface - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- country - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- end-mac - No description for the parameter type: str
- epg-name - No description for the parameter type: str
- filter - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- interface - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- organization - No description for the parameter type: str
- policy-group - No description for the parameter type: str
- sdn - No description for the parameter type: str
- sdn-addr-type - No description for the parameter type: str
- sdn-tag - No description for the parameter type: str
- start-ip - No description for the parameter type: str
- start-mac - No description for the parameter type: str
- subnet - No description for the parameter type: str
- subnet-name - No description for the parameter type: str
- tags - No description for the parameter type: str
- tenant - No description for the parameter type: str
- type - No description for the parameter type: str
- url - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- wildcard - No description for the parameter type: str
- wildcard-fqdn - No description for the parameter type: str
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address. type: str
- epg-name - Endpoint group name. type: str
- filter - Match criteria filter. type: str
- fqdn - Fully Qualified Domain Name address. type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- organization - Organization domain name (Syntax: organization/domain). type: str
- policy-group - Policy group name. type: str
- sdn - SDN. type: str
- sdn-tag - SDN Tag. type: str
- start-ip - First IP address (inclusive) in the range for the address. type: str
- subnet - IP address and subnet mask of address. type: str
- subnet-name - Subnet name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- tenant - Tenant. type: str
- type - Type of address. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str
- wildcard - IP address and wildcard netmask. type: str
- wildcard-fqdn - Fully Qualified Domain Name with wildcard characters. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address
fmgr_firewall_address6 – Configure IPv6 firewall addresses.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/address6
- /pm/config/global/obj/firewall/address6
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure IPv6 firewall addresses.
- data - No description for the parameter type: array
- cache-ttl - Minimal TTL of individual IPv6 addresses in FQDN cache. type: int
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- host - No description for the parameter type: str
- host-type - No description for the parameter type: str choices: [any, specific]
- ip6 - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- sdn - No description for the parameter type: str choices: [nsx]
- start-ip - No description for the parameter type: str
- tags - No description for the parameter type: str
- template - No description for the parameter type: str
- type - No description for the parameter type: str choices: [ipprefix, iprange, nsx, dynamic, fqdn, template]
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- fqdn - Fully qualified domain name. type: str
- host - Host Address. type: str
- host-type - Host type. type: str choices: [any, specific]
- ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- sdn - SDN. type: str choices: [nsx]
- start-ip - First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- subnet-segment - No description for the parameter type: array
- name - Name. type: str
- type - Subnet segment type. type: str choices: [any, specific]
- value - Subnet segment value. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- template - IPv6 address template. type: str
- type - Type of IPv6 address object (default = ipprefix). type: str choices: [ipprefix, iprange, nsx, dynamic, fqdn, template]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable the visibility of the object in the GUI. type: str choices: [disable, enable]
- parameters for method: [get] - Configure IPv6 firewall addresses.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [cache-ttl, color, comment, end-ip, fqdn, host, host-type, ip6, name, obj-id, sdn, start-ip, template, type, uuid, visibility]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS6
fmgr_firewall_address6:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
end-ip: <value of string>
fqdn: <value of string>
host: <value of string>
host-type: <value in [any, specific]>
ip6: <value of string>
obj-id: <value of string>
sdn: <value in [nsx]>
start-ip: <value of string>
tags: <value of string>
template: <value of string>
type: <value in [ipprefix, iprange, nsx, ...]>
uuid: <value of string>
visibility: <value in [disable, enable]>
end-ip: <value of string>
fqdn: <value of string>
host: <value of string>
host-type: <value in [any, specific]>
ip6: <value of string>
list:
-
ip: <value of string>
name: <value of string>
obj-id: <value of string>
sdn: <value in [nsx]>
start-ip: <value of string>
subnet-segment:
-
name: <value of string>
type: <value in [any, specific]>
value: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
template: <value of string>
type: <value in [ipprefix, iprange, nsx, ...]>
uuid: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS6
fmgr_firewall_address6:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [cache-ttl, color, comment, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address6
- return values for method: [get]
- data
- No description for the parameter type: array
- cache-ttl - Minimal TTL of individual IPv6 addresses in FQDN cache. type: int
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- host - No description for the parameter type: str
- host-type - No description for the parameter type: str
- ip6 - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- sdn - No description for the parameter type: str
- start-ip - No description for the parameter type: str
- tags - No description for the parameter type: str
- template - No description for the parameter type: str
- type - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- fqdn - Fully qualified domain name. type: str
- host - Host Address. type: str
- host-type - Host type. type: str
- ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- sdn - SDN. type: str
- start-ip - First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- subnet-segment - No description for the parameter type: array
- name - Name. type: str
- type - Subnet segment type. type: str
- value - Subnet segment value. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- template - IPv6 address template. type: str
- type - Type of IPv6 address object (default = ipprefix). type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable the visibility of the object in the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address6
fmgr_firewall_address6_obj – Configure IPv6 firewall addresses.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/address6/{address6}
- /pm/config/global/obj/firewall/address6/{address6}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- address6 - the object name type: str
- parameters for method: [clone, set, update] - Configure IPv6 firewall addresses.
- data - No description for the parameter type: dict
- cache-ttl - Minimal TTL of individual IPv6 addresses in FQDN cache. type: int
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- host - No description for the parameter type: str
- host-type - No description for the parameter type: str choices: [any, specific]
- ip6 - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- sdn - No description for the parameter type: str choices: [nsx]
- start-ip - No description for the parameter type: str
- tags - No description for the parameter type: str
- template - No description for the parameter type: str
- type - No description for the parameter type: str choices: [ipprefix, iprange, nsx, dynamic, fqdn, template]
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- fqdn - Fully qualified domain name. type: str
- host - Host Address. type: str
- host-type - Host type. type: str choices: [any, specific]
- ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- sdn - SDN. type: str choices: [nsx]
- start-ip - First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- subnet-segment - No description for the parameter type: array
- name - Name. type: str
- type - Subnet segment type. type: str choices: [any, specific]
- value - Subnet segment value. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- template - IPv6 address template. type: str
- type - Type of IPv6 address object (default = ipprefix). type: str choices: [ipprefix, iprange, nsx, dynamic, fqdn, template]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable the visibility of the object in the GUI. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure IPv6 firewall addresses.
- parameters for method: [get] - Configure IPv6 firewall addresses.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS6/{ADDRESS6}
fmgr_firewall_address6_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
address6: <value of string>
params:
-
data:
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
end-ip: <value of string>
fqdn: <value of string>
host: <value of string>
host-type: <value in [any, specific]>
ip6: <value of string>
obj-id: <value of string>
sdn: <value in [nsx]>
start-ip: <value of string>
tags: <value of string>
template: <value of string>
type: <value in [ipprefix, iprange, nsx, ...]>
uuid: <value of string>
visibility: <value in [disable, enable]>
end-ip: <value of string>
fqdn: <value of string>
host: <value of string>
host-type: <value in [any, specific]>
ip6: <value of string>
list:
-
ip: <value of string>
name: <value of string>
obj-id: <value of string>
sdn: <value in [nsx]>
start-ip: <value of string>
subnet-segment:
-
name: <value of string>
type: <value in [any, specific]>
value: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
template: <value of string>
type: <value in [ipprefix, iprange, nsx, ...]>
uuid: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS6/{ADDRESS6}
fmgr_firewall_address6_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
address6: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address6/{address6}
- return values for method: [get]
- data
- No description for the parameter type: dict
- cache-ttl - Minimal TTL of individual IPv6 addresses in FQDN cache. type: int
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- host - No description for the parameter type: str
- host-type - No description for the parameter type: str
- ip6 - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- sdn - No description for the parameter type: str
- start-ip - No description for the parameter type: str
- tags - No description for the parameter type: str
- template - No description for the parameter type: str
- type - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- fqdn - Fully qualified domain name. type: str
- host - Host Address. type: str
- host-type - Host type. type: str
- ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- sdn - SDN. type: str
- start-ip - First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- subnet-segment - No description for the parameter type: array
- name - Name. type: str
- type - Subnet segment type. type: str
- value - Subnet segment value. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- template - IPv6 address template. type: str
- type - Type of IPv6 address object (default = ipprefix). type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable the visibility of the object in the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address6/{address6}
fmgr_firewall_address_obj – Configure IPv4 addresses.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/address/{address}
- /pm/config/global/obj/firewall/address/{address}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- address - the object name type: str
- parameters for method: [clone, set, update] - Configure IPv4 addresses.
- data - No description for the parameter type: dict
- allow-routing - Enable/disable use of this address in the static route configuration. type: str choices: [disable, enable]
- associated-interface - Network interface associated with address. type: str
- cache-ttl - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. type: int
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- country - IP addresses associated to a specific country. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str choices: [disable, enable]
- associated-interface - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- country - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- end-mac - No description for the parameter type: str
- epg-name - No description for the parameter type: str
- filter - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- interface - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- organization - No description for the parameter type: str
- policy-group - No description for the parameter type: str
- sdn - No description for the parameter type: str choices: [aci, aws, nsx, nuage, azure, gcp, oci, openstack]
- sdn-addr-type - No description for the parameter type: str choices: [private, public, all]
- sdn-tag - No description for the parameter type: str
- start-ip - No description for the parameter type: str
- start-mac - No description for the parameter type: str
- subnet - No description for the parameter type: str
- subnet-name - No description for the parameter type: str
- tags - No description for the parameter type: str
- tenant - No description for the parameter type: str
- type - No description for the parameter type: str choices: [ipmask, iprange, fqdn, wildcard, geography, url, wildcard-fqdn, nsx, aws, dynamic, interface-subnet, mac]
- url - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- wildcard - No description for the parameter type: str
- wildcard-fqdn - No description for the parameter type: str
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address. type: str
- epg-name - Endpoint group name. type: str
- filter - Match criteria filter. type: str
- fqdn - Fully Qualified Domain Name address. type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- organization - Organization domain name (Syntax: organization/domain). type: str
- policy-group - Policy group name. type: str
- sdn - SDN. type: str choices: [aci, aws, nsx, nuage, azure, gcp, oci, openstack]
- sdn-tag - SDN Tag. type: str
- start-ip - First IP address (inclusive) in the range for the address. type: str
- subnet - IP address and subnet mask of address. type: str
- subnet-name - Subnet name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- tenant - Tenant. type: str
- type - Type of address. type: str choices: [ipmask, iprange, fqdn, wildcard, geography, url, wildcard-fqdn, nsx, aws, dynamic, interface-subnet, mac]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str choices: [disable, enable]
- wildcard - IP address and wildcard netmask. type: str
- wildcard-fqdn - Fully Qualified Domain Name with wildcard characters. type: str
- parameters for method: [delete] - Configure IPv4 addresses.
- parameters for method: [get] - Configure IPv4 addresses.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS/{ADDRESS}
fmgr_firewall_address_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
address: <value of string>
params:
-
data:
allow-routing: <value in [disable, enable]>
associated-interface: <value of string>
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
country: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
allow-routing: <value in [disable, enable]>
associated-interface: <value of string>
cache-ttl: <value of integer>
color: <value of integer>
comment: <value of string>
country: <value of string>
end-ip: <value of string>
end-mac: <value of string>
epg-name: <value of string>
filter: <value of string>
fqdn: <value of string>
interface: <value of string>
obj-id: <value of string>
organization: <value of string>
policy-group: <value of string>
sdn: <value in [aci, aws, nsx, ...]>
sdn-addr-type: <value in [private, public, all]>
sdn-tag: <value of string>
start-ip: <value of string>
start-mac: <value of string>
subnet: <value of string>
subnet-name: <value of string>
tags: <value of string>
tenant: <value of string>
type: <value in [ipmask, iprange, fqdn, ...]>
url: <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
wildcard: <value of string>
wildcard-fqdn: <value of string>
end-ip: <value of string>
epg-name: <value of string>
filter: <value of string>
fqdn: <value of string>
list:
-
ip: <value of string>
name: <value of string>
obj-id: <value of string>
organization: <value of string>
policy-group: <value of string>
sdn: <value in [aci, aws, nsx, ...]>
sdn-tag: <value of string>
start-ip: <value of string>
subnet: <value of string>
subnet-name: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
tenant: <value of string>
type: <value in [ipmask, iprange, fqdn, ...]>
uuid: <value of string>
visibility: <value in [disable, enable]>
wildcard: <value of string>
wildcard-fqdn: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRESS/{ADDRESS}
fmgr_firewall_address_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
address: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address/{address}
- return values for method: [get]
- data
- No description for the parameter type: dict
- allow-routing - Enable/disable use of this address in the static route configuration. type: str
- associated-interface - Network interface associated with address. type: str
- cache-ttl - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. type: int
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- country - IP addresses associated to a specific country. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str
- associated-interface - No description for the parameter type: str
- cache-ttl - No description for the parameter type: int
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- country - No description for the parameter type: str
- end-ip - No description for the parameter type: str
- end-mac - No description for the parameter type: str
- epg-name - No description for the parameter type: str
- filter - No description for the parameter type: str
- fqdn - No description for the parameter type: str
- interface - No description for the parameter type: str
- obj-id - No description for the parameter type: str
- organization - No description for the parameter type: str
- policy-group - No description for the parameter type: str
- sdn - No description for the parameter type: str
- sdn-addr-type - No description for the parameter type: str
- sdn-tag - No description for the parameter type: str
- start-ip - No description for the parameter type: str
- start-mac - No description for the parameter type: str
- subnet - No description for the parameter type: str
- subnet-name - No description for the parameter type: str
- tags - No description for the parameter type: str
- tenant - No description for the parameter type: str
- type - No description for the parameter type: str
- url - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- wildcard - No description for the parameter type: str
- wildcard-fqdn - No description for the parameter type: str
- _scope - No description for the parameter type: array
- end-ip - Final IP address (inclusive) in the range for the address. type: str
- epg-name - Endpoint group name. type: str
- filter - Match criteria filter. type: str
- fqdn - Fully Qualified Domain Name address. type: str
- list - No description for the parameter type: array
- ip - IP. type: str
- name - Address name. type: str
- obj-id - Object ID for NSX. type: str
- organization - Organization domain name (Syntax: organization/domain). type: str
- policy-group - Policy group name. type: str
- sdn - SDN. type: str
- sdn-tag - SDN Tag. type: str
- start-ip - First IP address (inclusive) in the range for the address. type: str
- subnet - IP address and subnet mask of address. type: str
- subnet-name - Subnet name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- tenant - Tenant. type: str
- type - Type of address. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str
- wildcard - IP address and wildcard netmask. type: str
- wildcard-fqdn - Fully Qualified Domain Name with wildcard characters. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/address/{address}
fmgr_firewall_addrgrp – Configure IPv4 address groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/addrgrp
- /pm/config/global/obj/firewall/addrgrp
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure IPv4 address groups.
- data - No description for the parameter type: array
- allow-routing - Enable/disable use of this group in the static route configuration. type: str choices: [disable, enable]
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str choices: [disable, enable]
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- exclude - No description for the parameter type: str choices: [disable, enable]
- exclude-member - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - Address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str choices: [disable, enable]
- parameters for method: [get] - Configure IPv4 address groups.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [allow-routing, color, member, name, uuid, visibility]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP
fmgr_firewall_addrgrp:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
allow-routing: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
allow-routing: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
exclude: <value in [disable, enable]>
exclude-member: <value of string>
member: <value of string>
tags: <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
member: <value of string>
name: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP
fmgr_firewall_addrgrp:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [allow-routing, color, member, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp
- return values for method: [get]
- data
- No description for the parameter type: array
- allow-routing - Enable/disable use of this group in the static route configuration. type: str
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- exclude - No description for the parameter type: str
- exclude-member - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - Address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp
fmgr_firewall_addrgrp6 – Configure IPv6 address groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/addrgrp6
- /pm/config/global/obj/firewall/addrgrp6
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure IPv6 address groups.
- data - No description for the parameter type: array
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - IPv6 address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address group6 visibility in the GUI. type: str choices: [disable, enable]
- parameters for method: [get] - Configure IPv6 address groups.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [color, comment, member, name, uuid, visibility]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP6
fmgr_firewall_addrgrp6:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
color: <value of integer>
comment: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
color: <value of integer>
comment: <value of string>
member: <value of string>
tags: <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
member: <value of string>
name: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP6
fmgr_firewall_addrgrp6:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [color, comment, member, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp6
- return values for method: [get]
- data
- No description for the parameter type: array
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - IPv6 address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address group6 visibility in the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp6
fmgr_firewall_addrgrp6_obj – Configure IPv6 address groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6}
- /pm/config/global/obj/firewall/addrgrp6/{addrgrp6}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- addrgrp6 - the object name type: str
- parameters for method: [clone, set, update] - Configure IPv6 address groups.
- data - No description for the parameter type: dict
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - IPv6 address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address group6 visibility in the GUI. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure IPv6 address groups.
- parameters for method: [get] - Configure IPv6 address groups.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP6/{ADDRGRP6}
fmgr_firewall_addrgrp6_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
addrgrp6: <value of string>
params:
-
data:
color: <value of integer>
comment: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
color: <value of integer>
comment: <value of string>
member: <value of string>
tags: <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
member: <value of string>
name: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP6/{ADDRGRP6}
fmgr_firewall_addrgrp6_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
addrgrp6: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6}
- return values for method: [get]
- data
- No description for the parameter type: dict
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets the value to 1). type: int
- comment - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - IPv6 address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address group6 visibility in the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6}
fmgr_firewall_addrgrp_obj – Configure IPv4 address groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp}
- /pm/config/global/obj/firewall/addrgrp/{addrgrp}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- addrgrp - the object name type: str
- parameters for method: [clone, set, update] - Configure IPv4 address groups.
- data - No description for the parameter type: dict
- allow-routing - Enable/disable use of this group in the static route configuration. type: str choices: [disable, enable]
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str choices: [disable, enable]
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- exclude - No description for the parameter type: str choices: [disable, enable]
- exclude-member - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - Address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure IPv4 address groups.
- parameters for method: [get] - Configure IPv4 address groups.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP/{ADDRGRP}
fmgr_firewall_addrgrp_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
addrgrp: <value of string>
params:
-
data:
allow-routing: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
allow-routing: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
exclude: <value in [disable, enable]>
exclude-member: <value of string>
member: <value of string>
tags: <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
member: <value of string>
name: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
uuid: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/ADDRGRP/{ADDRGRP}
fmgr_firewall_addrgrp_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
addrgrp: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp}
- return values for method: [get]
- data
- No description for the parameter type: dict
- allow-routing - Enable/disable use of this group in the static route configuration. type: str
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- allow-routing - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- exclude - No description for the parameter type: str
- exclude-member - No description for the parameter type: str
- member - No description for the parameter type: str
- tags - No description for the parameter type: str
- uuid - No description for the parameter type: str
- visibility - No description for the parameter type: str
- _scope - No description for the parameter type: array
- member - Address objects contained within the group. type: str
- name - Address group name. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp}
fmgr_firewall_ippool – Configure IPv4 IP pools.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/ippool
- /pm/config/global/obj/firewall/ippool
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure IPv4 IP pools.
- data - No description for the parameter type: array
- arp-intf - Select an interface from available options that will reply to ARP requests. type: str
- arp-reply - Enable/disable replying to ARP requests when an IP Pool is added to a policy (default = enable). type: str choices: [disable, enable]
- associated-interface - Associated interface name. type: str
- block-size - Number of addresses in a block (64 to 4096, default = 128). type: int
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-intf - No description for the parameter type: str
- arp-reply - No description for the parameter type: str choices: [disable, enable]
- associated-interface - No description for the parameter type: str
- block-size - No description for the parameter type: int
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- num-blocks-per-user - No description for the parameter type: int
- pba-timeout - No description for the parameter type: int
- permit-any-host - No description for the parameter type: str choices: [disable, enable]
- source-endip - No description for the parameter type: str
- source-startip - No description for the parameter type: str
- startip - No description for the parameter type: str
- type - No description for the parameter type: str choices: [overload, one-to-one, fixed-port-range, port-block-allocation]
- _scope - No description for the parameter type: array
- endip - Final IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- name - IP pool name. type: str
- num-blocks-per-user - Number of addresses blocks that can be used by a user (1 to 128, default = 8). type: int
- pba-timeout - Port block allocation timeout (seconds). type: int
- permit-any-host - Enable/disable full cone NAT. type: str choices: [disable, enable]
- source-endip - Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- source-startip - First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- startip - First IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- type - IP pool type (overload, one-to-one, fixed port range, or port block allocation). type: str choices: [overload, one-to-one, fixed-port-range, port-block-allocation]
- parameters for method: [get] - Configure IPv4 IP pools.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [arp-intf, arp-reply, associated-interface, block-size, comments, endip, name, num-blocks-per-user, pba-timeout, permit-any-host, source-endip, source-startip, startip, type]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL
fmgr_firewall_ippool:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
arp-intf: <value of string>
arp-reply: <value in [disable, enable]>
associated-interface: <value of string>
block-size: <value of integer>
comments: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
arp-intf: <value of string>
arp-reply: <value in [disable, enable]>
associated-interface: <value of string>
block-size: <value of integer>
comments: <value of string>
endip: <value of string>
num-blocks-per-user: <value of integer>
pba-timeout: <value of integer>
permit-any-host: <value in [disable, enable]>
source-endip: <value of string>
source-startip: <value of string>
startip: <value of string>
type: <value in [overload, one-to-one, fixed-port-range, ...]>
endip: <value of string>
name: <value of string>
num-blocks-per-user: <value of integer>
pba-timeout: <value of integer>
permit-any-host: <value in [disable, enable]>
source-endip: <value of string>
source-startip: <value of string>
startip: <value of string>
type: <value in [overload, one-to-one, fixed-port-range, ...]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL
fmgr_firewall_ippool:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [arp-intf, arp-reply, associated-interface, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool
- return values for method: [get]
- data
- No description for the parameter type: array
- arp-intf - Select an interface from available options that will reply to ARP requests. type: str
- arp-reply - Enable/disable replying to ARP requests when an IP Pool is added to a policy (default = enable). type: str
- associated-interface - Associated interface name. type: str
- block-size - Number of addresses in a block (64 to 4096, default = 128). type: int
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-intf - No description for the parameter type: str
- arp-reply - No description for the parameter type: str
- associated-interface - No description for the parameter type: str
- block-size - No description for the parameter type: int
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- num-blocks-per-user - No description for the parameter type: int
- pba-timeout - No description for the parameter type: int
- permit-any-host - No description for the parameter type: str
- source-endip - No description for the parameter type: str
- source-startip - No description for the parameter type: str
- startip - No description for the parameter type: str
- type - No description for the parameter type: str
- _scope - No description for the parameter type: array
- endip - Final IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- name - IP pool name. type: str
- num-blocks-per-user - Number of addresses blocks that can be used by a user (1 to 128, default = 8). type: int
- pba-timeout - Port block allocation timeout (seconds). type: int
- permit-any-host - Enable/disable full cone NAT. type: str
- source-endip - Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- source-startip - First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- startip - First IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- type - IP pool type (overload, one-to-one, fixed port range, or port block allocation). type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool
fmgr_firewall_ippool6 – Configure IPv6 IP pools.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/ippool6
- /pm/config/global/obj/firewall/ippool6
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure IPv6 IP pools.
- data - No description for the parameter type: array
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- startip - No description for the parameter type: str
- _scope - No description for the parameter type: array
- endip - Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- name - IPv6 IP pool name. type: str
- startip - First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- parameters for method: [get] - Configure IPv6 IP pools.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [comments, endip, name, startip]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL6
fmgr_firewall_ippool6:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
comments: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
comments: <value of string>
endip: <value of string>
startip: <value of string>
endip: <value of string>
name: <value of string>
startip: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL6
fmgr_firewall_ippool6:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [comments, endip, name, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool6
- return values for method: [get]
- data
- No description for the parameter type: array
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- startip - No description for the parameter type: str
- _scope - No description for the parameter type: array
- endip - Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- name - IPv6 IP pool name. type: str
- startip - First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool6
fmgr_firewall_ippool6_obj – Configure IPv6 IP pools.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/ippool6/{ippool6}
- /pm/config/global/obj/firewall/ippool6/{ippool6}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- ippool6 - the object name type: str
- parameters for method: [clone, set, update] - Configure IPv6 IP pools.
- data - No description for the parameter type: dict
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- startip - No description for the parameter type: str
- _scope - No description for the parameter type: array
- endip - Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- name - IPv6 IP pool name. type: str
- startip - First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- parameters for method: [delete] - Configure IPv6 IP pools.
- parameters for method: [get] - Configure IPv6 IP pools.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL6/{IPPOOL6}
fmgr_firewall_ippool6_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
ippool6: <value of string>
params:
-
data:
comments: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
comments: <value of string>
endip: <value of string>
startip: <value of string>
endip: <value of string>
name: <value of string>
startip: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL6/{IPPOOL6}
fmgr_firewall_ippool6_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
ippool6: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool6/{ippool6}
- return values for method: [get]
- data
- No description for the parameter type: dict
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- startip - No description for the parameter type: str
- _scope - No description for the parameter type: array
- endip - Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- name - IPv6 IP pool name. type: str
- startip - First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, Default: ::). type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool6/{ippool6}
fmgr_firewall_ippool_obj – Configure IPv4 IP pools.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/ippool/{ippool}
- /pm/config/global/obj/firewall/ippool/{ippool}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- ippool - the object name type: str
- parameters for method: [clone, set, update] - Configure IPv4 IP pools.
- data - No description for the parameter type: dict
- arp-intf - Select an interface from available options that will reply to ARP requests. type: str
- arp-reply - Enable/disable replying to ARP requests when an IP Pool is added to a policy (default = enable). type: str choices: [disable, enable]
- associated-interface - Associated interface name. type: str
- block-size - Number of addresses in a block (64 to 4096, default = 128). type: int
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-intf - No description for the parameter type: str
- arp-reply - No description for the parameter type: str choices: [disable, enable]
- associated-interface - No description for the parameter type: str
- block-size - No description for the parameter type: int
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- num-blocks-per-user - No description for the parameter type: int
- pba-timeout - No description for the parameter type: int
- permit-any-host - No description for the parameter type: str choices: [disable, enable]
- source-endip - No description for the parameter type: str
- source-startip - No description for the parameter type: str
- startip - No description for the parameter type: str
- type - No description for the parameter type: str choices: [overload, one-to-one, fixed-port-range, port-block-allocation]
- _scope - No description for the parameter type: array
- endip - Final IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- name - IP pool name. type: str
- num-blocks-per-user - Number of addresses blocks that can be used by a user (1 to 128, default = 8). type: int
- pba-timeout - Port block allocation timeout (seconds). type: int
- permit-any-host - Enable/disable full cone NAT. type: str choices: [disable, enable]
- source-endip - Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- source-startip - First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- startip - First IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- type - IP pool type (overload, one-to-one, fixed port range, or port block allocation). type: str choices: [overload, one-to-one, fixed-port-range, port-block-allocation]
- parameters for method: [delete] - Configure IPv4 IP pools.
- parameters for method: [get] - Configure IPv4 IP pools.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL/{IPPOOL}
fmgr_firewall_ippool_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
ippool: <value of string>
params:
-
data:
arp-intf: <value of string>
arp-reply: <value in [disable, enable]>
associated-interface: <value of string>
block-size: <value of integer>
comments: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
arp-intf: <value of string>
arp-reply: <value in [disable, enable]>
associated-interface: <value of string>
block-size: <value of integer>
comments: <value of string>
endip: <value of string>
num-blocks-per-user: <value of integer>
pba-timeout: <value of integer>
permit-any-host: <value in [disable, enable]>
source-endip: <value of string>
source-startip: <value of string>
startip: <value of string>
type: <value in [overload, one-to-one, fixed-port-range, ...]>
endip: <value of string>
name: <value of string>
num-blocks-per-user: <value of integer>
pba-timeout: <value of integer>
permit-any-host: <value in [disable, enable]>
source-endip: <value of string>
source-startip: <value of string>
startip: <value of string>
type: <value in [overload, one-to-one, fixed-port-range, ...]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/IPPOOL/{IPPOOL}
fmgr_firewall_ippool_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
ippool: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool/{ippool}
- return values for method: [get]
- data
- No description for the parameter type: dict
- arp-intf - Select an interface from available options that will reply to ARP requests. type: str
- arp-reply - Enable/disable replying to ARP requests when an IP Pool is added to a policy (default = enable). type: str
- associated-interface - Associated interface name. type: str
- block-size - Number of addresses in a block (64 to 4096, default = 128). type: int
- comments - Comment. type: str
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-intf - No description for the parameter type: str
- arp-reply - No description for the parameter type: str
- associated-interface - No description for the parameter type: str
- block-size - No description for the parameter type: int
- comments - No description for the parameter type: str
- endip - No description for the parameter type: str
- num-blocks-per-user - No description for the parameter type: int
- pba-timeout - No description for the parameter type: int
- permit-any-host - No description for the parameter type: str
- source-endip - No description for the parameter type: str
- source-startip - No description for the parameter type: str
- startip - No description for the parameter type: str
- type - No description for the parameter type: str
- _scope - No description for the parameter type: array
- endip - Final IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- name - IP pool name. type: str
- num-blocks-per-user - Number of addresses blocks that can be used by a user (1 to 128, default = 8). type: int
- pba-timeout - Port block allocation timeout (seconds). type: int
- permit-any-host - Enable/disable full cone NAT. type: str
- source-endip - Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- source-startip - First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx. type: str
- startip - First IPv4 address (inclusive) in the range for the address pool (format xxx. type: str
- type - IP pool type (overload, one-to-one, fixed port range, or port block allocation). type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ippool/{ippool}
fmgr_firewall_multicastaddress – Configure multicast addresses.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/multicast-address
- /pm/config/global/obj/firewall/multicast-address
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure multicast addresses.
- data - No description for the parameter type: array
- associated-interface - Interface associated with the address object. type: str
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets value to 1). type: int
- comment - Comment. type: str
- end-ip - Final IPv4 address (inclusive) in the range for the address. type: str
- name - Multicast address name. type: str
- start-ip - First IPv4 address (inclusive) in the range for the address. type: str
- subnet - Broadcast address and subnet. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- type - Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address. type: str choices: [multicastrange, broadcastmask]
- visibility - Enable/disable visibility of the multicast address on the GUI. type: str choices: [disable, enable]
- parameters for method: [get] - Configure multicast addresses.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [associated-interface, color, comment, end-ip, name, start-ip, subnet, type, visibility]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/MULTICAST-ADDRESS
fmgr_firewall_multicastaddress:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
associated-interface: <value of string>
color: <value of integer>
comment: <value of string>
end-ip: <value of string>
name: <value of string>
start-ip: <value of string>
subnet: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
type: <value in [multicastrange, broadcastmask]>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/MULTICAST-ADDRESS
fmgr_firewall_multicastaddress:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [associated-interface, color, comment, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/multicast-address
- return values for method: [get]
- data
- No description for the parameter type: array
- associated-interface - Interface associated with the address object. type: str
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets value to 1). type: int
- comment - Comment. type: str
- end-ip - Final IPv4 address (inclusive) in the range for the address. type: str
- name - Multicast address name. type: str
- start-ip - First IPv4 address (inclusive) in the range for the address. type: str
- subnet - Broadcast address and subnet. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- type - Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address. type: str
- visibility - Enable/disable visibility of the multicast address on the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/multicast-address
fmgr_firewall_multicastaddress_obj – Configure multicast addresses.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/multicast-address/{multicast-address}
- /pm/config/global/obj/firewall/multicast-address/{multicast-address}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- multicast-address - the object name type: str
- parameters for method: [clone, set, update] - Configure multicast addresses.
- data - No description for the parameter type: dict
- associated-interface - Interface associated with the address object. type: str
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets value to 1). type: int
- comment - Comment. type: str
- end-ip - Final IPv4 address (inclusive) in the range for the address. type: str
- name - Multicast address name. type: str
- start-ip - First IPv4 address (inclusive) in the range for the address. type: str
- subnet - Broadcast address and subnet. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- type - Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address. type: str choices: [multicastrange, broadcastmask]
- visibility - Enable/disable visibility of the multicast address on the GUI. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure multicast addresses.
- parameters for method: [get] - Configure multicast addresses.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/MULTICAST-ADDRESS/{MULTICAST-ADDRESS}
fmgr_firewall_multicastaddress_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
multicast-address: <value of string>
params:
-
data:
associated-interface: <value of string>
color: <value of integer>
comment: <value of string>
end-ip: <value of string>
name: <value of string>
start-ip: <value of string>
subnet: <value of string>
tagging:
-
category: <value of string>
name: <value of string>
tags:
- <value of string>
type: <value in [multicastrange, broadcastmask]>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/MULTICAST-ADDRESS/{MULTICAST-ADDRESS}
fmgr_firewall_multicastaddress_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
multicast-address: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/multicast-address/{multicast-address}
- return values for method: [get]
- data
- No description for the parameter type: dict
- associated-interface - Interface associated with the address object. type: str
- color - Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets value to 1). type: int
- comment - Comment. type: str
- end-ip - Final IPv4 address (inclusive) in the range for the address. type: str
- name - Multicast address name. type: str
- start-ip - First IPv4 address (inclusive) in the range for the address. type: str
- subnet - Broadcast address and subnet. type: str
- tagging - No description for the parameter type: array
- category - Tag category. type: str
- name - Tagging entry name. type: str
- tags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- type - Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address. type: str
- visibility - Enable/disable visibility of the multicast address on the GUI. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/multicast-address/{multicast-address}
fmgr_firewall_profilegroup – Configure profile groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/profile-group
- /pm/config/global/obj/firewall/profile-group
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure profile groups.
- data - No description for the parameter type: array
- application-list - Name of an existing Application list. type: str
- av-profile - Name of an existing Antivirus profile. type: str
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- ips-sensor - Name of an existing IPS sensor. type: str
- mms-profile - Name of an existing MMS profile. type: str
- name - Profile group name. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- ssh-filter-profile - Name of an existing SSH filter profile. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- voip-profile - Name of an existing VoIP profile. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- webfilter-profile - Name of an existing Web filter profile. type: str
- parameters for method: [get] - Configure profile groups.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [application-list, av-profile, dlp-sensor, dnsfilter-profile, icap-profile, ips-sensor, mms-profile, name, profile-protocol-options, spamfilter-profile, ssh-filter-profile, ssl-ssh-profile, voip-profile, waf-profile, webfilter-profile]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/PROFILE-GROUP
fmgr_firewall_profilegroup:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
application-list: <value of string>
av-profile: <value of string>
dlp-sensor: <value of string>
dnsfilter-profile: <value of string>
icap-profile: <value of string>
ips-sensor: <value of string>
mms-profile: <value of string>
name: <value of string>
profile-protocol-options: <value of string>
spamfilter-profile: <value of string>
ssh-filter-profile: <value of string>
ssl-ssh-profile: <value of string>
voip-profile: <value of string>
waf-profile: <value of string>
webfilter-profile: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/PROFILE-GROUP
fmgr_firewall_profilegroup:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [application-list, av-profile, dlp-sensor, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/profile-group
- return values for method: [get]
- data
- No description for the parameter type: array
- application-list - Name of an existing Application list. type: str
- av-profile - Name of an existing Antivirus profile. type: str
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- ips-sensor - Name of an existing IPS sensor. type: str
- mms-profile - Name of an existing MMS profile. type: str
- name - Profile group name. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- ssh-filter-profile - Name of an existing SSH filter profile. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- voip-profile - Name of an existing VoIP profile. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- webfilter-profile - Name of an existing Web filter profile. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/profile-group
fmgr_firewall_profilegroup_obj – Configure profile groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/profile-group/{profile-group}
- /pm/config/global/obj/firewall/profile-group/{profile-group}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile-group - the object name type: str
- parameters for method: [clone, set, update] - Configure profile groups.
- data - No description for the parameter type: dict
- application-list - Name of an existing Application list. type: str
- av-profile - Name of an existing Antivirus profile. type: str
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- ips-sensor - Name of an existing IPS sensor. type: str
- mms-profile - Name of an existing MMS profile. type: str
- name - Profile group name. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- ssh-filter-profile - Name of an existing SSH filter profile. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- voip-profile - Name of an existing VoIP profile. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- webfilter-profile - Name of an existing Web filter profile. type: str
- parameters for method: [delete] - Configure profile groups.
- parameters for method: [get] - Configure profile groups.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/PROFILE-GROUP/{PROFILE-GROUP}
fmgr_firewall_profilegroup_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile-group: <value of string>
params:
-
data:
application-list: <value of string>
av-profile: <value of string>
dlp-sensor: <value of string>
dnsfilter-profile: <value of string>
icap-profile: <value of string>
ips-sensor: <value of string>
mms-profile: <value of string>
name: <value of string>
profile-protocol-options: <value of string>
spamfilter-profile: <value of string>
ssh-filter-profile: <value of string>
ssl-ssh-profile: <value of string>
voip-profile: <value of string>
waf-profile: <value of string>
webfilter-profile: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/PROFILE-GROUP/{PROFILE-GROUP}
fmgr_firewall_profilegroup_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile-group: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/profile-group/{profile-group}
- return values for method: [get]
- data
- No description for the parameter type: dict
- application-list - Name of an existing Application list. type: str
- av-profile - Name of an existing Antivirus profile. type: str
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- ips-sensor - Name of an existing IPS sensor. type: str
- mms-profile - Name of an existing MMS profile. type: str
- name - Profile group name. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- ssh-filter-profile - Name of an existing SSH filter profile. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- voip-profile - Name of an existing VoIP profile. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- webfilter-profile - Name of an existing Web filter profile. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/profile-group/{profile-group}
fmgr_firewall_service_category – Configure service categories.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/service/category
- /pm/config/global/obj/firewall/service/category
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure service categories.
- data - No description for the parameter type: array
- comment - Comment. type: str
- name - Service category name. type: str
- parameters for method: [get] - Configure service categories.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [comment, name]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CATEGORY
fmgr_firewall_service_category:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
comment: <value of string>
name: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CATEGORY
fmgr_firewall_service_category:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [comment, name]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/category
- return values for method: [get]
- data
- No description for the parameter type: array
- comment - Comment. type: str
- name - Service category name. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/category
fmgr_firewall_service_category_obj – Configure service categories.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, move, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/service/category/{category}
- /pm/config/global/obj/firewall/service/category/{category}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- category - the object name type: str
- parameters for method: [clone, set, update] - Configure service categories.
- data - No description for the parameter type: dict
- comment - Comment. type: str
- name - Service category name. type: str
- parameters for method: [delete] - Configure service categories.
- parameters for method: [get] - Configure service categories.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [move] - Configure service categories.
- option - No description for the parameter type: str choices: [before, after]
- target - Key to the target entry. type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CATEGORY/{CATEGORY}
fmgr_firewall_service_category_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
category: <value of string>
params:
-
data:
comment: <value of string>
name: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CATEGORY/{CATEGORY}
fmgr_firewall_service_category_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
category: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CATEGORY/{CATEGORY}
fmgr_firewall_service_category_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [move]>
url_params:
adom: <value in [none, global, custom dom]>
category: <value of string>
params:
-
option: <value in [before, after]>
target: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, move, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/category/{category}
- return values for method: [get]
- data
- No description for the parameter type: dict
- comment - Comment. type: str
- name - Service category name. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/category/{category}
fmgr_firewall_service_custom – Configure custom services.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/service/custom
- /pm/config/global/obj/firewall/service/custom
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure custom services.
- data - No description for the parameter type: array
- app-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- app-service-type - Application service type. type: str choices: [disable, app-id, app-category]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- category - Service category. type: str
- check-reset-range - Configure the type of ICMP error message verification. type: str choices: [disable, default, strict]
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- fqdn - Fully qualified domain name. type: str
- helper - Helper name. type: str choices: [disable, auto, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b]
- icmpcode - ICMP code. type: int
- icmptype - ICMP type. type: int
- iprange - Start and end of the IP range associated with service. type: str
- name - Custom service name. type: str
- protocol - Protocol type based on IANA numbers. type: str choices: [ICMP, IP, TCP/UDP/SCTP, ICMP6, HTTP, FTP, CONNECT, SOCKS, ALL, SOCKS-TCP, SOCKS-UDP]
- protocol-number - IP protocol number. type: int
- proxy - Enable/disable web proxy service. type: str choices: [disable, enable]
- sctp-portrange - Multiple SCTP port ranges. type: str
- session-ttl - Session TTL (300 - 604800, 0 = default). type: int
- tcp-halfclose-timer - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). type: int
- tcp-halfopen-timer - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). type: int
- tcp-portrange - Multiple TCP port ranges. type: str
- tcp-timewait-timer - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). type: int
- udp-idle-timer - UDP half close timeout (0 - 86400 sec, 0 = default). type: int
- udp-portrange - Multiple UDP port ranges. type: str
- visibility - Enable/disable the visibility of the service on the GUI. type: str choices: [disable, enable]
- app-category - No description for the parameter type: array
- parameters for method: [get] - Configure custom services.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [app-category, app-service-type, application, category, check-reset-range, color, fqdn, helper, icmpcode, icmptype, iprange, name, protocol, protocol-number, proxy, sctp-portrange, session-ttl, tcp-halfclose-timer, tcp-halfopen-timer, tcp-portrange, tcp-timewait-timer, udp-idle-timer, udp-portrange, visibility]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CUSTOM
fmgr_firewall_service_custom:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
app-category:
- <value of integer>
app-service-type: <value in [disable, app-id, app-category]>
application:
- <value of integer>
category: <value of string>
check-reset-range: <value in [disable, default, strict]>
color: <value of integer>
comment: <value of string>
fqdn: <value of string>
helper: <value in [disable, auto, ftp, ...]>
icmpcode: <value of integer>
icmptype: <value of integer>
iprange: <value of string>
name: <value of string>
protocol: <value in [ICMP, IP, TCP/UDP/SCTP, ...]>
protocol-number: <value of integer>
proxy: <value in [disable, enable]>
sctp-portrange: <value of string>
session-ttl: <value of integer>
tcp-halfclose-timer: <value of integer>
tcp-halfopen-timer: <value of integer>
tcp-portrange: <value of string>
tcp-timewait-timer: <value of integer>
udp-idle-timer: <value of integer>
udp-portrange: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CUSTOM
fmgr_firewall_service_custom:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [app-category, app-service-type, application, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/custom
- return values for method: [get]
- data
- No description for the parameter type: array
- app-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- app-service-type - Application service type. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- category - Service category. type: str
- check-reset-range - Configure the type of ICMP error message verification. type: str
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- fqdn - Fully qualified domain name. type: str
- helper - Helper name. type: str
- icmpcode - ICMP code. type: int
- icmptype - ICMP type. type: int
- iprange - Start and end of the IP range associated with service. type: str
- name - Custom service name. type: str
- protocol - Protocol type based on IANA numbers. type: str
- protocol-number - IP protocol number. type: int
- proxy - Enable/disable web proxy service. type: str
- sctp-portrange - Multiple SCTP port ranges. type: str
- session-ttl - Session TTL (300 - 604800, 0 = default). type: int
- tcp-halfclose-timer - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). type: int
- tcp-halfopen-timer - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). type: int
- tcp-portrange - Multiple TCP port ranges. type: str
- tcp-timewait-timer - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). type: int
- udp-idle-timer - UDP half close timeout (0 - 86400 sec, 0 = default). type: int
- udp-portrange - Multiple UDP port ranges. type: str
- visibility - Enable/disable the visibility of the service on the GUI. type: str
- app-category - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/custom
fmgr_firewall_service_custom_obj – Configure custom services.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, move, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/service/custom/{custom}
- /pm/config/global/obj/firewall/service/custom/{custom}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- custom - the object name type: str
- parameters for method: [clone, set, update] - Configure custom services.
- data - No description for the parameter type: dict
- app-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- app-service-type - Application service type. type: str choices: [disable, app-id, app-category]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- category - Service category. type: str
- check-reset-range - Configure the type of ICMP error message verification. type: str choices: [disable, default, strict]
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- fqdn - Fully qualified domain name. type: str
- helper - Helper name. type: str choices: [disable, auto, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b]
- icmpcode - ICMP code. type: int
- icmptype - ICMP type. type: int
- iprange - Start and end of the IP range associated with service. type: str
- name - Custom service name. type: str
- protocol - Protocol type based on IANA numbers. type: str choices: [ICMP, IP, TCP/UDP/SCTP, ICMP6, HTTP, FTP, CONNECT, SOCKS, ALL, SOCKS-TCP, SOCKS-UDP]
- protocol-number - IP protocol number. type: int
- proxy - Enable/disable web proxy service. type: str choices: [disable, enable]
- sctp-portrange - Multiple SCTP port ranges. type: str
- session-ttl - Session TTL (300 - 604800, 0 = default). type: int
- tcp-halfclose-timer - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). type: int
- tcp-halfopen-timer - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). type: int
- tcp-portrange - Multiple TCP port ranges. type: str
- tcp-timewait-timer - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). type: int
- udp-idle-timer - UDP half close timeout (0 - 86400 sec, 0 = default). type: int
- udp-portrange - Multiple UDP port ranges. type: str
- visibility - Enable/disable the visibility of the service on the GUI. type: str choices: [disable, enable]
- app-category - No description for the parameter type: array
- parameters for method: [delete] - Configure custom services.
- parameters for method: [get] - Configure custom services.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [move] - Configure custom services.
- option - No description for the parameter type: str choices: [before, after]
- target - Key to the target entry. type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CUSTOM/{CUSTOM}
fmgr_firewall_service_custom_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
custom: <value of string>
params:
-
data:
app-category:
- <value of integer>
app-service-type: <value in [disable, app-id, app-category]>
application:
- <value of integer>
category: <value of string>
check-reset-range: <value in [disable, default, strict]>
color: <value of integer>
comment: <value of string>
fqdn: <value of string>
helper: <value in [disable, auto, ftp, ...]>
icmpcode: <value of integer>
icmptype: <value of integer>
iprange: <value of string>
name: <value of string>
protocol: <value in [ICMP, IP, TCP/UDP/SCTP, ...]>
protocol-number: <value of integer>
proxy: <value in [disable, enable]>
sctp-portrange: <value of string>
session-ttl: <value of integer>
tcp-halfclose-timer: <value of integer>
tcp-halfopen-timer: <value of integer>
tcp-portrange: <value of string>
tcp-timewait-timer: <value of integer>
udp-idle-timer: <value of integer>
udp-portrange: <value of string>
visibility: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CUSTOM/{CUSTOM}
fmgr_firewall_service_custom_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
custom: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/CUSTOM/{CUSTOM}
fmgr_firewall_service_custom_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [move]>
url_params:
adom: <value in [none, global, custom dom]>
custom: <value of string>
params:
-
option: <value in [before, after]>
target: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, move, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/custom/{custom}
- return values for method: [get]
- data
- No description for the parameter type: dict
- app-category - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- app-service-type - Application service type. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- category - Service category. type: str
- check-reset-range - Configure the type of ICMP error message verification. type: str
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- fqdn - Fully qualified domain name. type: str
- helper - Helper name. type: str
- icmpcode - ICMP code. type: int
- icmptype - ICMP type. type: int
- iprange - Start and end of the IP range associated with service. type: str
- name - Custom service name. type: str
- protocol - Protocol type based on IANA numbers. type: str
- protocol-number - IP protocol number. type: int
- proxy - Enable/disable web proxy service. type: str
- sctp-portrange - Multiple SCTP port ranges. type: str
- session-ttl - Session TTL (300 - 604800, 0 = default). type: int
- tcp-halfclose-timer - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). type: int
- tcp-halfopen-timer - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). type: int
- tcp-portrange - Multiple TCP port ranges. type: str
- tcp-timewait-timer - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). type: int
- udp-idle-timer - UDP half close timeout (0 - 86400 sec, 0 = default). type: int
- udp-portrange - Multiple UDP port ranges. type: str
- visibility - Enable/disable the visibility of the service on the GUI. type: str
- app-category - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/custom/{custom}
fmgr_firewall_service_group – Configure service groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/service/group
- /pm/config/global/obj/firewall/service/group
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure service groups.
- data - No description for the parameter type: array
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- member - Service objects contained within the group. type: str
- name - Address group name. type: str
- proxy - Enable/disable web proxy service group. type: str choices: [disable, enable]
- parameters for method: [get] - Configure service groups.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [color, member, name, proxy]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/GROUP
fmgr_firewall_service_group:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
color: <value of integer>
comment: <value of string>
member: <value of string>
name: <value of string>
proxy: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/GROUP
fmgr_firewall_service_group:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [color, member, name, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/group
- return values for method: [get]
- data
- No description for the parameter type: array
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- member - Service objects contained within the group. type: str
- name - Address group name. type: str
- proxy - Enable/disable web proxy service group. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/group
fmgr_firewall_service_group_obj – Configure service groups.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/service/group/{group}
- /pm/config/global/obj/firewall/service/group/{group}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- group - the object name type: str
- parameters for method: [clone, set, update] - Configure service groups.
- data - No description for the parameter type: dict
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- member - Service objects contained within the group. type: str
- name - Address group name. type: str
- proxy - Enable/disable web proxy service group. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure service groups.
- parameters for method: [get] - Configure service groups.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/GROUP/{GROUP}
fmgr_firewall_service_group_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
group: <value of string>
params:
-
data:
color: <value of integer>
comment: <value of string>
member: <value of string>
name: <value of string>
proxy: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SERVICE/GROUP/{GROUP}
fmgr_firewall_service_group_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
group: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/group/{group}
- return values for method: [get]
- data
- No description for the parameter type: dict
- color - Color of icon on the GUI. type: int
- comment - No description for the parameter type: str
- member - Service objects contained within the group. type: str
- name - Address group name. type: str
- proxy - Enable/disable web proxy service group. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/service/group/{group}
fmgr_firewall_sslsshprofile – Configure SSL/SSH protocol options.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile
- /pm/config/global/obj/firewall/ssl-ssh-profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure SSL/SSH protocol options.
- data - No description for the parameter type: array
- caname - CA certificate used by SSL Inspection. type: str
- comment - Optional comments. type: str
- mapi-over-https - Enable/disable inspection of MAPI over HTTPS. type: str choices: [disable, enable]
- name - Name. type: str
- rpc-over-https - Enable/disable inspection of RPC over HTTPS. type: str choices: [disable, enable]
- server-cert - Certificate used by SSL Inspection to replace server certificate. type: str
- server-cert-mode - Re-sign or replace the servers certificate. type: str choices: [re-sign, replace]
- ssl-anomalies-log - Enable/disable logging SSL anomalies. type: str choices: [disable, enable]
- ssl-exempt - No description for the parameter type: array
- address - IPv4 address object. type: str
- address6 - IPv6 address object. type: str
- fortiguard-category - FortiGuard category ID. type: str
- id - ID number. type: int
- regex - Exempt servers by regular expression. type: str
- type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str choices: [fortiguard-category, address, address6, wildcard-fqdn, regex]
- wildcard-fqdn - Exempt servers by wildcard FQDN. type: str
- ssl-exemptions-log - Enable/disable logging SSL exemptions. type: str choices: [disable, enable]
- ssl-server - No description for the parameter type: array
- ftps-client-cert-request - Action based on client certificate request during the FTPS handshake. type: str choices: [bypass, inspect, block]
- https-client-cert-request - Action based on client certificate request during the HTTPS handshake. type: str choices: [bypass, inspect, block]
- id - SSL server ID. type: int
- imaps-client-cert-request - Action based on client certificate request during the IMAPS handshake. type: str choices: [bypass, inspect, block]
- ip - IPv4 address of the SSL server. type: str
- pop3s-client-cert-request - Action based on client certificate request during the POP3S handshake. type: str choices: [bypass, inspect, block]
- smtps-client-cert-request - Action based on client certificate request during the SMTPS handshake. type: str choices: [bypass, inspect, block]
- ssl-other-client-cert-request - Action based on client certificate request during an SSL protocol handshake. type: str choices: [bypass, inspect, block]
- untrusted-caname - Untrusted CA certificate used by SSL Inspection. type: str
- use-ssl-server - Enable/disable the use of SSL server table for SSL offloading. type: str choices: [disable, enable]
- whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str choices: [disable, enable]
- parameters for method: [get] - Configure SSL/SSH protocol options.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [caname, comment, mapi-over-https, name, rpc-over-https, server-cert, server-cert-mode, ssl-anomalies-log, ssl-exemptions-log, untrusted-caname, use-ssl-server, whitelist]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE
fmgr_firewall_sslsshprofile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
caname: <value of string>
comment: <value of string>
mapi-over-https: <value in [disable, enable]>
name: <value of string>
rpc-over-https: <value in [disable, enable]>
server-cert: <value of string>
server-cert-mode: <value in [re-sign, replace]>
ssl-anomalies-log: <value in [disable, enable]>
ssl-exempt:
-
address: <value of string>
address6: <value of string>
fortiguard-category: <value of string>
id: <value of integer>
regex: <value of string>
type: <value in [fortiguard-category, address, address6, ...]>
wildcard-fqdn: <value of string>
ssl-exemptions-log: <value in [disable, enable]>
ssl-server:
-
ftps-client-cert-request: <value in [bypass, inspect, block]>
https-client-cert-request: <value in [bypass, inspect, block]>
id: <value of integer>
imaps-client-cert-request: <value in [bypass, inspect, block]>
ip: <value of string>
pop3s-client-cert-request: <value in [bypass, inspect, block]>
smtps-client-cert-request: <value in [bypass, inspect, block]>
ssl-other-client-cert-request: <value in [bypass, inspect, block]>
untrusted-caname: <value of string>
use-ssl-server: <value in [disable, enable]>
whitelist: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE
fmgr_firewall_sslsshprofile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [caname, comment, mapi-over-https, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile
- return values for method: [get]
- data
- No description for the parameter type: array
- caname - CA certificate used by SSL Inspection. type: str
- comment - Optional comments. type: str
- mapi-over-https - Enable/disable inspection of MAPI over HTTPS. type: str
- name - Name. type: str
- rpc-over-https - Enable/disable inspection of RPC over HTTPS. type: str
- server-cert - Certificate used by SSL Inspection to replace server certificate. type: str
- server-cert-mode - Re-sign or replace the servers certificate. type: str
- ssl-anomalies-log - Enable/disable logging SSL anomalies. type: str
- ssl-exempt - No description for the parameter type: array
- address - IPv4 address object. type: str
- address6 - IPv6 address object. type: str
- fortiguard-category - FortiGuard category ID. type: str
- id - ID number. type: int
- regex - Exempt servers by regular expression. type: str
- type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str
- wildcard-fqdn - Exempt servers by wildcard FQDN. type: str
- ssl-exemptions-log - Enable/disable logging SSL exemptions. type: str
- ssl-server - No description for the parameter type: array
- ftps-client-cert-request - Action based on client certificate request during the FTPS handshake. type: str
- https-client-cert-request - Action based on client certificate request during the HTTPS handshake. type: str
- id - SSL server ID. type: int
- imaps-client-cert-request - Action based on client certificate request during the IMAPS handshake. type: str
- ip - IPv4 address of the SSL server. type: str
- pop3s-client-cert-request - Action based on client certificate request during the POP3S handshake. type: str
- smtps-client-cert-request - Action based on client certificate request during the SMTPS handshake. type: str
- ssl-other-client-cert-request - Action based on client certificate request during an SSL protocol handshake. type: str
- untrusted-caname - Untrusted CA certificate used by SSL Inspection. type: str
- use-ssl-server - Enable/disable the use of SSL server table for SSL offloading. type: str
- whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile
fmgr_firewall_sslsshprofile_obj – Configure SSL/SSH protocol options.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile/{ssl-ssh-profile}
- /pm/config/global/obj/firewall/ssl-ssh-profile/{ssl-ssh-profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- ssl-ssh-profile - the object name type: str
- parameters for method: [clone, set, update] - Configure SSL/SSH protocol options.
- data - No description for the parameter type: dict
- caname - CA certificate used by SSL Inspection. type: str
- comment - Optional comments. type: str
- mapi-over-https - Enable/disable inspection of MAPI over HTTPS. type: str choices: [disable, enable]
- name - Name. type: str
- rpc-over-https - Enable/disable inspection of RPC over HTTPS. type: str choices: [disable, enable]
- server-cert - Certificate used by SSL Inspection to replace server certificate. type: str
- server-cert-mode - Re-sign or replace the servers certificate. type: str choices: [re-sign, replace]
- ssl-anomalies-log - Enable/disable logging SSL anomalies. type: str choices: [disable, enable]
- ssl-exempt - No description for the parameter type: array
- address - IPv4 address object. type: str
- address6 - IPv6 address object. type: str
- fortiguard-category - FortiGuard category ID. type: str
- id - ID number. type: int
- regex - Exempt servers by regular expression. type: str
- type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str choices: [fortiguard-category, address, address6, wildcard-fqdn, regex]
- wildcard-fqdn - Exempt servers by wildcard FQDN. type: str
- ssl-exemptions-log - Enable/disable logging SSL exemptions. type: str choices: [disable, enable]
- ssl-server - No description for the parameter type: array
- ftps-client-cert-request - Action based on client certificate request during the FTPS handshake. type: str choices: [bypass, inspect, block]
- https-client-cert-request - Action based on client certificate request during the HTTPS handshake. type: str choices: [bypass, inspect, block]
- id - SSL server ID. type: int
- imaps-client-cert-request - Action based on client certificate request during the IMAPS handshake. type: str choices: [bypass, inspect, block]
- ip - IPv4 address of the SSL server. type: str
- pop3s-client-cert-request - Action based on client certificate request during the POP3S handshake. type: str choices: [bypass, inspect, block]
- smtps-client-cert-request - Action based on client certificate request during the SMTPS handshake. type: str choices: [bypass, inspect, block]
- ssl-other-client-cert-request - Action based on client certificate request during an SSL protocol handshake. type: str choices: [bypass, inspect, block]
- untrusted-caname - Untrusted CA certificate used by SSL Inspection. type: str
- use-ssl-server - Enable/disable the use of SSL server table for SSL offloading. type: str choices: [disable, enable]
- whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure SSL/SSH protocol options.
- parameters for method: [get] - Configure SSL/SSH protocol options.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE/{SSL-SSH-PROFILE}
fmgr_firewall_sslsshprofile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
ssl-ssh-profile: <value of string>
params:
-
data:
caname: <value of string>
comment: <value of string>
mapi-over-https: <value in [disable, enable]>
name: <value of string>
rpc-over-https: <value in [disable, enable]>
server-cert: <value of string>
server-cert-mode: <value in [re-sign, replace]>
ssl-anomalies-log: <value in [disable, enable]>
ssl-exempt:
-
address: <value of string>
address6: <value of string>
fortiguard-category: <value of string>
id: <value of integer>
regex: <value of string>
type: <value in [fortiguard-category, address, address6, ...]>
wildcard-fqdn: <value of string>
ssl-exemptions-log: <value in [disable, enable]>
ssl-server:
-
ftps-client-cert-request: <value in [bypass, inspect, block]>
https-client-cert-request: <value in [bypass, inspect, block]>
id: <value of integer>
imaps-client-cert-request: <value in [bypass, inspect, block]>
ip: <value of string>
pop3s-client-cert-request: <value in [bypass, inspect, block]>
smtps-client-cert-request: <value in [bypass, inspect, block]>
ssl-other-client-cert-request: <value in [bypass, inspect, block]>
untrusted-caname: <value of string>
use-ssl-server: <value in [disable, enable]>
whitelist: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE/{SSL-SSH-PROFILE}
fmgr_firewall_sslsshprofile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
ssl-ssh-profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile/{ssl-ssh-profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- caname - CA certificate used by SSL Inspection. type: str
- comment - Optional comments. type: str
- mapi-over-https - Enable/disable inspection of MAPI over HTTPS. type: str
- name - Name. type: str
- rpc-over-https - Enable/disable inspection of RPC over HTTPS. type: str
- server-cert - Certificate used by SSL Inspection to replace server certificate. type: str
- server-cert-mode - Re-sign or replace the servers certificate. type: str
- ssl-anomalies-log - Enable/disable logging SSL anomalies. type: str
- ssl-exempt - No description for the parameter type: array
- address - IPv4 address object. type: str
- address6 - IPv6 address object. type: str
- fortiguard-category - FortiGuard category ID. type: str
- id - ID number. type: int
- regex - Exempt servers by regular expression. type: str
- type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str
- wildcard-fqdn - Exempt servers by wildcard FQDN. type: str
- ssl-exemptions-log - Enable/disable logging SSL exemptions. type: str
- ssl-server - No description for the parameter type: array
- ftps-client-cert-request - Action based on client certificate request during the FTPS handshake. type: str
- https-client-cert-request - Action based on client certificate request during the HTTPS handshake. type: str
- id - SSL server ID. type: int
- imaps-client-cert-request - Action based on client certificate request during the IMAPS handshake. type: str
- ip - IPv4 address of the SSL server. type: str
- pop3s-client-cert-request - Action based on client certificate request during the POP3S handshake. type: str
- smtps-client-cert-request - Action based on client certificate request during the SMTPS handshake. type: str
- ssl-other-client-cert-request - Action based on client certificate request during an SSL protocol handshake. type: str
- untrusted-caname - Untrusted CA certificate used by SSL Inspection. type: str
- use-ssl-server - Enable/disable the use of SSL server table for SSL offloading. type: str
- whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile/{ssl-ssh-profile}
fmgr_firewall_vip – Configure virtual IP for IPv4.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/vip
- /pm/config/global/obj/firewall/vip
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure virtual IP for IPv4.
- data - No description for the parameter type: array
- arp-reply - Enable to respond to ARP requests for this virtual IP address. type: str choices: [disable, enable]
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- dns-mapping-ttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0). type: int
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-reply - No description for the parameter type: str choices: [disable, enable]
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- dns-mapping-ttl - No description for the parameter type: int
- extaddr - No description for the parameter type: str
- extintf - No description for the parameter type: str
- extip - No description for the parameter type: str
- extport - No description for the parameter type: str
- gratuitous-arp-interval - No description for the parameter type: int
- http-cookie-age - No description for the parameter type: int
- http-cookie-domain - No description for the parameter type: str
- http-cookie-domain-from-host - No description for the parameter type: str choices: [disable, enable]
- http-cookie-generation - No description for the parameter type: int
- http-cookie-path - No description for the parameter type: str
- http-cookie-share - No description for the parameter type: str choices: [disable, same-ip]
- http-ip-header - No description for the parameter type: str choices: [disable, enable]
- http-ip-header-name - No description for the parameter type: str
- http-multiplex - No description for the parameter type: str choices: [disable, enable]
- https-cookie-secure - No description for the parameter type: str choices: [disable, enable]
- id - No description for the parameter type: int
- ldb-method - No description for the parameter type: str choices: [static, round-robin, weighted, least-session, least-rtt, first-alive, http-host]
- mapped-addr - No description for the parameter type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - No description for the parameter type: str
- max-embryonic-connections - No description for the parameter type: int
- monitor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- nat-source-vip - No description for the parameter type: str choices: [disable, enable]
- outlook-web-access - No description for the parameter type: str choices: [disable, enable]
- persistence - No description for the parameter type: str choices: [none, http-cookie, ssl-session-id]
- portforward - No description for the parameter type: str choices: [disable, enable]
- portmapping-type - No description for the parameter type: str choices: [1-to-1, m-to-n]
- protocol - No description for the parameter type: str choices: [tcp, udp, sctp, icmp]
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - No description for the parameter type: str choices: [disable, enable, vip]
- holddown-interval - No description for the parameter type: int
- http-host - No description for the parameter type: str
- ip - No description for the parameter type: str
- max-connections - No description for the parameter type: int
- monitor - No description for the parameter type: str
- port - No description for the parameter type: int
- seq - No description for the parameter type: int
- status - No description for the parameter type: str choices: [active, standby, disable]
- weight - No description for the parameter type: int
- client-ip - No description for the parameter type: array
- server-type - No description for the parameter type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps]
- service - No description for the parameter type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-algorithm - No description for the parameter type: str choices: [high, medium, low, custom]
- ssl-certificate - No description for the parameter type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - No description for the parameter type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA]
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-client-fallback - No description for the parameter type: str choices: [disable, enable]
- ssl-client-renegotiation - No description for the parameter type: str choices: [deny, allow, secure]
- ssl-client-session-state-max - No description for the parameter type: int
- ssl-client-session-state-timeout - No description for the parameter type: int
- ssl-client-session-state-type - No description for the parameter type: str choices: [disable, time, count, both]
- ssl-dh-bits - No description for the parameter type: str choices: [768, 1024, 1536, 2048, 3072, 4096]
- ssl-hpkp - No description for the parameter type: str choices: [disable, enable, report-only]
- ssl-hpkp-age - No description for the parameter type: int
- ssl-hpkp-backup - No description for the parameter type: str
- ssl-hpkp-include-subdomains - No description for the parameter type: str choices: [disable, enable]
- ssl-hpkp-primary - No description for the parameter type: str
- ssl-hpkp-report-uri - No description for the parameter type: str
- ssl-hsts - No description for the parameter type: str choices: [disable, enable]
- ssl-hsts-age - No description for the parameter type: int
- ssl-hsts-include-subdomains - No description for the parameter type: str choices: [disable, enable]
- ssl-http-location-conversion - No description for the parameter type: str choices: [disable, enable]
- ssl-http-match-host - No description for the parameter type: str choices: [disable, enable]
- ssl-max-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-min-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-mode - No description for the parameter type: str choices: [half, full]
- ssl-pfs - No description for the parameter type: str choices: [require, deny, allow]
- ssl-send-empty-frags - No description for the parameter type: str choices: [disable, enable]
- ssl-server-algorithm - No description for the parameter type: str choices: [high, low, medium, custom, client]
- ssl-server-max-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-min-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-session-state-max - No description for the parameter type: int
- ssl-server-session-state-timeout - No description for the parameter type: int
- ssl-server-session-state-type - No description for the parameter type: str choices: [disable, time, count, both]
- type - No description for the parameter type: str choices: [static-nat, load-balance, server-load-balance, dns-translation, fqdn]
- uuid - No description for the parameter type: str
- weblogic-server - No description for the parameter type: str choices: [disable, enable]
- websphere-server - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- extaddr - External FQDN address name. type: str
- extintf - Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: str
- extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
- extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
- gratuitous-arp-interval - Enable to have the VIP send gratuitous ARPs. type: int
- http-cookie-age - Time in minutes that client web browsers should keep a cookie. type: int
- http-cookie-domain - Domain that HTTP cookie persistence should apply to. type: str
- http-cookie-domain-from-host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: [disable, enable]
- http-cookie-generation - Generation of HTTP cookie to be accepted. type: int
- http-cookie-path - Limit HTTP cookie persistence to the specified path. type: str
- http-cookie-share - Control sharing of cookies across virtual servers. type: str choices: [disable, same-ip]
- http-ip-header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: [disable, enable]
- http-ip-header-name - For HTTP multiplexing, enter a custom HTTPS header name. type: str
- http-multiplex - Enable/disable HTTP multiplexing. type: str choices: [disable, enable]
- https-cookie-secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: [disable, enable]
- id - Custom defined ID. type: int
- ldb-method - Method used to distribute sessions to real servers. type: str choices: [static, round-robin, weighted, least-session, least-rtt, first-alive, http-host]
- mapped-addr - Mapped FQDN address name. type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
- max-embryonic-connections - Maximum number of incomplete connections. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- name - Virtual IP name. type: str
- nat-source-vip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str choices: [disable, enable]
- outlook-web-access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: [disable, enable]
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: [none, http-cookie, ssl-session-id]
- portforward - Enable/disable port forwarding. type: str choices: [disable, enable]
- portmapping-type - Port mapping type. type: str choices: [1-to-1, m-to-n]
- protocol - Protocol to use when forwarding packets. type: str choices: [tcp, udp, sctp, icmp]
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: [disable, enable, vip]
- holddown-interval - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int
- http-host - HTTP server domain name in HTTP header. type: str
- ip - IP address of the real server. type: str
- max-connections - Max number of active connections that can be directed to the real server. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- port - Port for communicating with the real server. type: int
- seq - No description for the parameter type: int
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: [active, standby, disable]
- weight - Weight of the real server. type: int
- client-ip - No description for the parameter type: array
- server-type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps]
- service - Service name. type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - Interfaces to which the VIP applies. type: str
- ssl-algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: [high, medium, low, custom]
- ssl-certificate - The name of the SSL certificate to use for SSL acceleration. type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA]
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-client-fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: [disable, enable]
- ssl-client-renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: [deny, allow, secure]
- ssl-client-session-state-max - Maximum number of client to FortiGate SSL session states to keep. type: int
- ssl-client-session-state-timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
- ssl-client-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: [disable, time, count, both]
- ssl-dh-bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: [768, 1024, 1536, 2048, 3072, 4096]
- ssl-hpkp - Enable/disable including HPKP header in response. type: str choices: [disable, enable, report-only]
- ssl-hpkp-age - Number of seconds the client should honour the HPKP setting. type: int
- ssl-hpkp-backup - Certificate to generate backup HPKP pin from. type: str
- ssl-hpkp-include-subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: [disable, enable]
- ssl-hpkp-primary - Certificate to generate primary HPKP pin from. type: str
- ssl-hpkp-report-uri - URL to report HPKP violations to. type: str
- ssl-hsts - Enable/disable including HSTS header in response. type: str choices: [disable, enable]
- ssl-hsts-age - Number of seconds the client should honour the HSTS setting. type: int
- ssl-hsts-include-subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: [disable, enable]
- ssl-http-location-conversion - Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str choices: [disable, enable]
- ssl-http-match-host - Enable/disable HTTP host matching for location conversion. type: str choices: [disable, enable]
- ssl-max-version - Highest SSL/TLS version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-min-version - Lowest SSL/TLS version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: [half, full]
- ssl-pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). type: str choices: [require, deny, allow]
- ssl-send-empty-frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3. type: str choices: [disable, enable]
- ssl-server-algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: [high, low, medium, custom, client]
- ssl-server-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA]
- priority - SSL/TLS cipher suites priority. type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-server-max-version - Highest SSL/TLS version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-min-version - Lowest SSL/TLS version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-session-state-max - Maximum number of FortiGate to Server SSL session states to keep. type: int
- ssl-server-session-state-timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
- ssl-server-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: [disable, time, count, both]
- type - Configure a static NAT, load balance, DNS translation, or FQDN VIP. type: str choices: [static-nat, load-balance, server-load-balance, dns-translation, fqdn]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- weblogic-server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: [disable, enable]
- websphere-server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: [disable, enable]
- parameters for method: [get] - Configure virtual IP for IPv4.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [arp-reply, color, comment, dns-mapping-ttl, extaddr, extintf, extip, extport, gratuitous-arp-interval, http-cookie-age, http-cookie-domain, http-cookie-domain-from-host, http-cookie-generation, http-cookie-path, http-cookie-share, http-ip-header, http-ip-header-name, http-multiplex, https-cookie-secure, id, ldb-method, mapped-addr, mappedip, mappedport, max-embryonic-connections, monitor, name, nat-source-vip, outlook-web-access, persistence, portforward, portmapping-type, protocol, server-type, service, src-filter, srcintf-filter, ssl-algorithm, ssl-certificate, ssl-client-fallback, ssl-client-renegotiation, ssl-client-session-state-max, ssl-client-session-state-timeout, ssl-client-session-state-type, ssl-dh-bits, ssl-hpkp, ssl-hpkp-age, ssl-hpkp-backup, ssl-hpkp-include-subdomains, ssl-hpkp-primary, ssl-hpkp-report-uri, ssl-hsts, ssl-hsts-age, ssl-hsts-include-subdomains, ssl-http-location-conversion, ssl-http-match-host, ssl-max-version, ssl-min-version, ssl-mode, ssl-pfs, ssl-send-empty-frags, ssl-server-algorithm, ssl-server-max-version, ssl-server-min-version, ssl-server-session-state-max, ssl-server-session-state-timeout, ssl-server-session-state-type, type, uuid, weblogic-server, websphere-server]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP
fmgr_firewall_vip:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
arp-reply: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
dns-mapping-ttl: <value of integer>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
arp-reply: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
dns-mapping-ttl: <value of integer>
extaddr: <value of string>
extintf: <value of string>
extip: <value of string>
extport: <value of string>
gratuitous-arp-interval: <value of integer>
http-cookie-age: <value of integer>
http-cookie-domain: <value of string>
http-cookie-domain-from-host: <value in [disable, enable]>
http-cookie-generation: <value of integer>
http-cookie-path: <value of string>
http-cookie-share: <value in [disable, same-ip]>
http-ip-header: <value in [disable, enable]>
http-ip-header-name: <value of string>
http-multiplex: <value in [disable, enable]>
https-cookie-secure: <value in [disable, enable]>
id: <value of integer>
ldb-method: <value in [static, round-robin, weighted, ...]>
mapped-addr: <value of string>
mappedip:
- <value of string>
mappedport: <value of string>
max-embryonic-connections: <value of integer>
monitor:
- <value of string>
nat-source-vip: <value in [disable, enable]>
outlook-web-access: <value in [disable, enable]>
persistence: <value in [none, http-cookie, ssl-session-id]>
portforward: <value in [disable, enable]>
portmapping-type: <value in [1-to-1, m-to-n]>
protocol: <value in [tcp, udp, sctp, ...]>
realservers:
-
client-ip:
- <value of string>
healthcheck: <value in [disable, enable, vip]>
holddown-interval: <value of integer>
http-host: <value of string>
ip: <value of string>
max-connections: <value of integer>
monitor: <value of string>
port: <value of integer>
seq: <value of integer>
status: <value in [active, standby, disable]>
weight: <value of integer>
server-type: <value in [http, https, ssl, ...]>
service: <value of string>
src-filter:
- <value of string>
srcintf-filter:
- <value of string>
ssl-algorithm: <value in [high, medium, low, ...]>
ssl-certificate: <value of string>
ssl-cipher-suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
id: <value of integer>
versions:
- <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-client-fallback: <value in [disable, enable]>
ssl-client-renegotiation: <value in [deny, allow, secure]>
ssl-client-session-state-max: <value of integer>
ssl-client-session-state-timeout: <value of integer>
ssl-client-session-state-type: <value in [disable, time, count, ...]>
ssl-dh-bits: <value in [768, 1024, 1536, ...]>
ssl-hpkp: <value in [disable, enable, report-only]>
ssl-hpkp-age: <value of integer>
ssl-hpkp-backup: <value of string>
ssl-hpkp-include-subdomains: <value in [disable, enable]>
ssl-hpkp-primary: <value of string>
ssl-hpkp-report-uri: <value of string>
ssl-hsts: <value in [disable, enable]>
ssl-hsts-age: <value of integer>
ssl-hsts-include-subdomains: <value in [disable, enable]>
ssl-http-location-conversion: <value in [disable, enable]>
ssl-http-match-host: <value in [disable, enable]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [half, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-algorithm: <value in [high, low, medium, ...]>
ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-session-state-max: <value of integer>
ssl-server-session-state-timeout: <value of integer>
ssl-server-session-state-type: <value in [disable, time, count, ...]>
type: <value in [static-nat, load-balance, server-load-balance, ...]>
uuid: <value of string>
weblogic-server: <value in [disable, enable]>
websphere-server: <value in [disable, enable]>
extaddr: <value of string>
extintf: <value of string>
extip: <value of string>
extport: <value of string>
gratuitous-arp-interval: <value of integer>
http-cookie-age: <value of integer>
http-cookie-domain: <value of string>
http-cookie-domain-from-host: <value in [disable, enable]>
http-cookie-generation: <value of integer>
http-cookie-path: <value of string>
http-cookie-share: <value in [disable, same-ip]>
http-ip-header: <value in [disable, enable]>
http-ip-header-name: <value of string>
http-multiplex: <value in [disable, enable]>
https-cookie-secure: <value in [disable, enable]>
id: <value of integer>
ldb-method: <value in [static, round-robin, weighted, ...]>
mapped-addr: <value of string>
mappedip:
- <value of string>
mappedport: <value of string>
max-embryonic-connections: <value of integer>
monitor: <value of string>
name: <value of string>
nat-source-vip: <value in [disable, enable]>
outlook-web-access: <value in [disable, enable]>
persistence: <value in [none, http-cookie, ssl-session-id]>
portforward: <value in [disable, enable]>
portmapping-type: <value in [1-to-1, m-to-n]>
protocol: <value in [tcp, udp, sctp, ...]>
realservers:
-
client-ip:
- <value of string>
healthcheck: <value in [disable, enable, vip]>
holddown-interval: <value of integer>
http-host: <value of string>
ip: <value of string>
max-connections: <value of integer>
monitor: <value of string>
port: <value of integer>
seq: <value of integer>
status: <value in [active, standby, disable]>
weight: <value of integer>
server-type: <value in [http, https, ssl, ...]>
service: <value of string>
src-filter:
- <value of string>
srcintf-filter: <value of string>
ssl-algorithm: <value in [high, medium, low, ...]>
ssl-certificate: <value of string>
ssl-cipher-suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
id: <value of integer>
versions:
- <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-client-fallback: <value in [disable, enable]>
ssl-client-renegotiation: <value in [deny, allow, secure]>
ssl-client-session-state-max: <value of integer>
ssl-client-session-state-timeout: <value of integer>
ssl-client-session-state-type: <value in [disable, time, count, ...]>
ssl-dh-bits: <value in [768, 1024, 1536, ...]>
ssl-hpkp: <value in [disable, enable, report-only]>
ssl-hpkp-age: <value of integer>
ssl-hpkp-backup: <value of string>
ssl-hpkp-include-subdomains: <value in [disable, enable]>
ssl-hpkp-primary: <value of string>
ssl-hpkp-report-uri: <value of string>
ssl-hsts: <value in [disable, enable]>
ssl-hsts-age: <value of integer>
ssl-hsts-include-subdomains: <value in [disable, enable]>
ssl-http-location-conversion: <value in [disable, enable]>
ssl-http-match-host: <value in [disable, enable]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [half, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-algorithm: <value in [high, low, medium, ...]>
ssl-server-cipher-suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
priority: <value of integer>
versions:
- <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-session-state-max: <value of integer>
ssl-server-session-state-timeout: <value of integer>
ssl-server-session-state-type: <value in [disable, time, count, ...]>
type: <value in [static-nat, load-balance, server-load-balance, ...]>
uuid: <value of string>
weblogic-server: <value in [disable, enable]>
websphere-server: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP
fmgr_firewall_vip:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [arp-reply, color, comment, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/vip
- return values for method: [get]
- data
- No description for the parameter type: array
- arp-reply - Enable to respond to ARP requests for this virtual IP address. type: str
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- dns-mapping-ttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0). type: int
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-reply - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- dns-mapping-ttl - No description for the parameter type: int
- extaddr - No description for the parameter type: str
- extintf - No description for the parameter type: str
- extip - No description for the parameter type: str
- extport - No description for the parameter type: str
- gratuitous-arp-interval - No description for the parameter type: int
- http-cookie-age - No description for the parameter type: int
- http-cookie-domain - No description for the parameter type: str
- http-cookie-domain-from-host - No description for the parameter type: str
- http-cookie-generation - No description for the parameter type: int
- http-cookie-path - No description for the parameter type: str
- http-cookie-share - No description for the parameter type: str
- http-ip-header - No description for the parameter type: str
- http-ip-header-name - No description for the parameter type: str
- http-multiplex - No description for the parameter type: str
- https-cookie-secure - No description for the parameter type: str
- id - No description for the parameter type: int
- ldb-method - No description for the parameter type: str
- mapped-addr - No description for the parameter type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - No description for the parameter type: str
- max-embryonic-connections - No description for the parameter type: int
- monitor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- nat-source-vip - No description for the parameter type: str
- outlook-web-access - No description for the parameter type: str
- persistence - No description for the parameter type: str
- portforward - No description for the parameter type: str
- portmapping-type - No description for the parameter type: str
- protocol - No description for the parameter type: str
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - No description for the parameter type: str
- holddown-interval - No description for the parameter type: int
- http-host - No description for the parameter type: str
- ip - No description for the parameter type: str
- max-connections - No description for the parameter type: int
- monitor - No description for the parameter type: str
- port - No description for the parameter type: int
- seq - No description for the parameter type: int
- status - No description for the parameter type: str
- weight - No description for the parameter type: int
- client-ip - No description for the parameter type: array
- server-type - No description for the parameter type: str
- service - No description for the parameter type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-algorithm - No description for the parameter type: str
- ssl-certificate - No description for the parameter type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - No description for the parameter type: str
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-client-fallback - No description for the parameter type: str
- ssl-client-renegotiation - No description for the parameter type: str
- ssl-client-session-state-max - No description for the parameter type: int
- ssl-client-session-state-timeout - No description for the parameter type: int
- ssl-client-session-state-type - No description for the parameter type: str
- ssl-dh-bits - No description for the parameter type: str
- ssl-hpkp - No description for the parameter type: str
- ssl-hpkp-age - No description for the parameter type: int
- ssl-hpkp-backup - No description for the parameter type: str
- ssl-hpkp-include-subdomains - No description for the parameter type: str
- ssl-hpkp-primary - No description for the parameter type: str
- ssl-hpkp-report-uri - No description for the parameter type: str
- ssl-hsts - No description for the parameter type: str
- ssl-hsts-age - No description for the parameter type: int
- ssl-hsts-include-subdomains - No description for the parameter type: str
- ssl-http-location-conversion - No description for the parameter type: str
- ssl-http-match-host - No description for the parameter type: str
- ssl-max-version - No description for the parameter type: str
- ssl-min-version - No description for the parameter type: str
- ssl-mode - No description for the parameter type: str
- ssl-pfs - No description for the parameter type: str
- ssl-send-empty-frags - No description for the parameter type: str
- ssl-server-algorithm - No description for the parameter type: str
- ssl-server-max-version - No description for the parameter type: str
- ssl-server-min-version - No description for the parameter type: str
- ssl-server-session-state-max - No description for the parameter type: int
- ssl-server-session-state-timeout - No description for the parameter type: int
- ssl-server-session-state-type - No description for the parameter type: str
- type - No description for the parameter type: str
- uuid - No description for the parameter type: str
- weblogic-server - No description for the parameter type: str
- websphere-server - No description for the parameter type: str
- _scope - No description for the parameter type: array
- extaddr - External FQDN address name. type: str
- extintf - Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: str
- extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
- extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
- gratuitous-arp-interval - Enable to have the VIP send gratuitous ARPs. type: int
- http-cookie-age - Time in minutes that client web browsers should keep a cookie. type: int
- http-cookie-domain - Domain that HTTP cookie persistence should apply to. type: str
- http-cookie-domain-from-host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str
- http-cookie-generation - Generation of HTTP cookie to be accepted. type: int
- http-cookie-path - Limit HTTP cookie persistence to the specified path. type: str
- http-cookie-share - Control sharing of cookies across virtual servers. type: str
- http-ip-header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str
- http-ip-header-name - For HTTP multiplexing, enter a custom HTTPS header name. type: str
- http-multiplex - Enable/disable HTTP multiplexing. type: str
- https-cookie-secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str
- id - Custom defined ID. type: int
- ldb-method - Method used to distribute sessions to real servers. type: str
- mapped-addr - Mapped FQDN address name. type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
- max-embryonic-connections - Maximum number of incomplete connections. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- name - Virtual IP name. type: str
- nat-source-vip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str
- outlook-web-access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str
- portforward - Enable/disable port forwarding. type: str
- portmapping-type - Port mapping type. type: str
- protocol - Protocol to use when forwarding packets. type: str
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str
- holddown-interval - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int
- http-host - HTTP server domain name in HTTP header. type: str
- ip - IP address of the real server. type: str
- max-connections - Max number of active connections that can be directed to the real server. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- port - Port for communicating with the real server. type: int
- seq - No description for the parameter type: int
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str
- weight - Weight of the real server. type: int
- client-ip - No description for the parameter type: array
- server-type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str
- service - Service name. type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - Interfaces to which the VIP applies. type: str
- ssl-algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str
- ssl-certificate - The name of the SSL certificate to use for SSL acceleration. type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-client-fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str
- ssl-client-renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str
- ssl-client-session-state-max - Maximum number of client to FortiGate SSL session states to keep. type: int
- ssl-client-session-state-timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
- ssl-client-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str
- ssl-dh-bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str
- ssl-hpkp - Enable/disable including HPKP header in response. type: str
- ssl-hpkp-age - Number of seconds the client should honour the HPKP setting. type: int
- ssl-hpkp-backup - Certificate to generate backup HPKP pin from. type: str
- ssl-hpkp-include-subdomains - Indicate that HPKP header applies to all subdomains. type: str
- ssl-hpkp-primary - Certificate to generate primary HPKP pin from. type: str
- ssl-hpkp-report-uri - URL to report HPKP violations to. type: str
- ssl-hsts - Enable/disable including HSTS header in response. type: str
- ssl-hsts-age - Number of seconds the client should honour the HSTS setting. type: int
- ssl-hsts-include-subdomains - Indicate that HSTS header applies to all subdomains. type: str
- ssl-http-location-conversion - Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str
- ssl-http-match-host - Enable/disable HTTP host matching for location conversion. type: str
- ssl-max-version - Highest SSL/TLS version acceptable from a client. type: str
- ssl-min-version - Lowest SSL/TLS version acceptable from a client. type: str
- ssl-mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str
- ssl-pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). type: str
- ssl-send-empty-frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3. type: str
- ssl-server-algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str
- ssl-server-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str
- priority - SSL/TLS cipher suites priority. type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-server-max-version - Highest SSL/TLS version acceptable from a server. type: str
- ssl-server-min-version - Lowest SSL/TLS version acceptable from a server. type: str
- ssl-server-session-state-max - Maximum number of FortiGate to Server SSL session states to keep. type: int
- ssl-server-session-state-timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
- ssl-server-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str
- type - Configure a static NAT, load balance, DNS translation, or FQDN VIP. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- weblogic-server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str
- websphere-server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/vip
fmgr_firewall_vip_obj – Configure virtual IP for IPv4.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, move, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/firewall/vip/{vip}
- /pm/config/global/obj/firewall/vip/{vip}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- vip - the object name type: str
- parameters for method: [clone, set, update] - Configure virtual IP for IPv4.
- data - No description for the parameter type: dict
- arp-reply - Enable to respond to ARP requests for this virtual IP address. type: str choices: [disable, enable]
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- dns-mapping-ttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0). type: int
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-reply - No description for the parameter type: str choices: [disable, enable]
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- dns-mapping-ttl - No description for the parameter type: int
- extaddr - No description for the parameter type: str
- extintf - No description for the parameter type: str
- extip - No description for the parameter type: str
- extport - No description for the parameter type: str
- gratuitous-arp-interval - No description for the parameter type: int
- http-cookie-age - No description for the parameter type: int
- http-cookie-domain - No description for the parameter type: str
- http-cookie-domain-from-host - No description for the parameter type: str choices: [disable, enable]
- http-cookie-generation - No description for the parameter type: int
- http-cookie-path - No description for the parameter type: str
- http-cookie-share - No description for the parameter type: str choices: [disable, same-ip]
- http-ip-header - No description for the parameter type: str choices: [disable, enable]
- http-ip-header-name - No description for the parameter type: str
- http-multiplex - No description for the parameter type: str choices: [disable, enable]
- https-cookie-secure - No description for the parameter type: str choices: [disable, enable]
- id - No description for the parameter type: int
- ldb-method - No description for the parameter type: str choices: [static, round-robin, weighted, least-session, least-rtt, first-alive, http-host]
- mapped-addr - No description for the parameter type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - No description for the parameter type: str
- max-embryonic-connections - No description for the parameter type: int
- monitor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- nat-source-vip - No description for the parameter type: str choices: [disable, enable]
- outlook-web-access - No description for the parameter type: str choices: [disable, enable]
- persistence - No description for the parameter type: str choices: [none, http-cookie, ssl-session-id]
- portforward - No description for the parameter type: str choices: [disable, enable]
- portmapping-type - No description for the parameter type: str choices: [1-to-1, m-to-n]
- protocol - No description for the parameter type: str choices: [tcp, udp, sctp, icmp]
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - No description for the parameter type: str choices: [disable, enable, vip]
- holddown-interval - No description for the parameter type: int
- http-host - No description for the parameter type: str
- ip - No description for the parameter type: str
- max-connections - No description for the parameter type: int
- monitor - No description for the parameter type: str
- port - No description for the parameter type: int
- seq - No description for the parameter type: int
- status - No description for the parameter type: str choices: [active, standby, disable]
- weight - No description for the parameter type: int
- client-ip - No description for the parameter type: array
- server-type - No description for the parameter type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps]
- service - No description for the parameter type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-algorithm - No description for the parameter type: str choices: [high, medium, low, custom]
- ssl-certificate - No description for the parameter type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - No description for the parameter type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA]
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-client-fallback - No description for the parameter type: str choices: [disable, enable]
- ssl-client-renegotiation - No description for the parameter type: str choices: [deny, allow, secure]
- ssl-client-session-state-max - No description for the parameter type: int
- ssl-client-session-state-timeout - No description for the parameter type: int
- ssl-client-session-state-type - No description for the parameter type: str choices: [disable, time, count, both]
- ssl-dh-bits - No description for the parameter type: str choices: [768, 1024, 1536, 2048, 3072, 4096]
- ssl-hpkp - No description for the parameter type: str choices: [disable, enable, report-only]
- ssl-hpkp-age - No description for the parameter type: int
- ssl-hpkp-backup - No description for the parameter type: str
- ssl-hpkp-include-subdomains - No description for the parameter type: str choices: [disable, enable]
- ssl-hpkp-primary - No description for the parameter type: str
- ssl-hpkp-report-uri - No description for the parameter type: str
- ssl-hsts - No description for the parameter type: str choices: [disable, enable]
- ssl-hsts-age - No description for the parameter type: int
- ssl-hsts-include-subdomains - No description for the parameter type: str choices: [disable, enable]
- ssl-http-location-conversion - No description for the parameter type: str choices: [disable, enable]
- ssl-http-match-host - No description for the parameter type: str choices: [disable, enable]
- ssl-max-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-min-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-mode - No description for the parameter type: str choices: [half, full]
- ssl-pfs - No description for the parameter type: str choices: [require, deny, allow]
- ssl-send-empty-frags - No description for the parameter type: str choices: [disable, enable]
- ssl-server-algorithm - No description for the parameter type: str choices: [high, low, medium, custom, client]
- ssl-server-max-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-min-version - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-session-state-max - No description for the parameter type: int
- ssl-server-session-state-timeout - No description for the parameter type: int
- ssl-server-session-state-type - No description for the parameter type: str choices: [disable, time, count, both]
- type - No description for the parameter type: str choices: [static-nat, load-balance, server-load-balance, dns-translation, fqdn]
- uuid - No description for the parameter type: str
- weblogic-server - No description for the parameter type: str choices: [disable, enable]
- websphere-server - No description for the parameter type: str choices: [disable, enable]
- _scope - No description for the parameter type: array
- extaddr - External FQDN address name. type: str
- extintf - Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: str
- extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
- extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
- gratuitous-arp-interval - Enable to have the VIP send gratuitous ARPs. type: int
- http-cookie-age - Time in minutes that client web browsers should keep a cookie. type: int
- http-cookie-domain - Domain that HTTP cookie persistence should apply to. type: str
- http-cookie-domain-from-host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: [disable, enable]
- http-cookie-generation - Generation of HTTP cookie to be accepted. type: int
- http-cookie-path - Limit HTTP cookie persistence to the specified path. type: str
- http-cookie-share - Control sharing of cookies across virtual servers. type: str choices: [disable, same-ip]
- http-ip-header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: [disable, enable]
- http-ip-header-name - For HTTP multiplexing, enter a custom HTTPS header name. type: str
- http-multiplex - Enable/disable HTTP multiplexing. type: str choices: [disable, enable]
- https-cookie-secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: [disable, enable]
- id - Custom defined ID. type: int
- ldb-method - Method used to distribute sessions to real servers. type: str choices: [static, round-robin, weighted, least-session, least-rtt, first-alive, http-host]
- mapped-addr - Mapped FQDN address name. type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
- max-embryonic-connections - Maximum number of incomplete connections. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- name - Virtual IP name. type: str
- nat-source-vip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str choices: [disable, enable]
- outlook-web-access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: [disable, enable]
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: [none, http-cookie, ssl-session-id]
- portforward - Enable/disable port forwarding. type: str choices: [disable, enable]
- portmapping-type - Port mapping type. type: str choices: [1-to-1, m-to-n]
- protocol - Protocol to use when forwarding packets. type: str choices: [tcp, udp, sctp, icmp]
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: [disable, enable, vip]
- holddown-interval - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int
- http-host - HTTP server domain name in HTTP header. type: str
- ip - IP address of the real server. type: str
- max-connections - Max number of active connections that can be directed to the real server. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- port - Port for communicating with the real server. type: int
- seq - No description for the parameter type: int
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: [active, standby, disable]
- weight - Weight of the real server. type: int
- client-ip - No description for the parameter type: array
- server-type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: [http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps]
- service - Service name. type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - Interfaces to which the VIP applies. type: str
- ssl-algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: [high, medium, low, custom]
- ssl-certificate - The name of the SSL certificate to use for SSL acceleration. type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA]
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-client-fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: [disable, enable]
- ssl-client-renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: [deny, allow, secure]
- ssl-client-session-state-max - Maximum number of client to FortiGate SSL session states to keep. type: int
- ssl-client-session-state-timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
- ssl-client-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: [disable, time, count, both]
- ssl-dh-bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: [768, 1024, 1536, 2048, 3072, 4096]
- ssl-hpkp - Enable/disable including HPKP header in response. type: str choices: [disable, enable, report-only]
- ssl-hpkp-age - Number of seconds the client should honour the HPKP setting. type: int
- ssl-hpkp-backup - Certificate to generate backup HPKP pin from. type: str
- ssl-hpkp-include-subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: [disable, enable]
- ssl-hpkp-primary - Certificate to generate primary HPKP pin from. type: str
- ssl-hpkp-report-uri - URL to report HPKP violations to. type: str
- ssl-hsts - Enable/disable including HSTS header in response. type: str choices: [disable, enable]
- ssl-hsts-age - Number of seconds the client should honour the HSTS setting. type: int
- ssl-hsts-include-subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: [disable, enable]
- ssl-http-location-conversion - Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str choices: [disable, enable]
- ssl-http-match-host - Enable/disable HTTP host matching for location conversion. type: str choices: [disable, enable]
- ssl-max-version - Highest SSL/TLS version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-min-version - Lowest SSL/TLS version acceptable from a client. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: [half, full]
- ssl-pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). type: str choices: [require, deny, allow]
- ssl-send-empty-frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3. type: str choices: [disable, enable]
- ssl-server-algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: [high, low, medium, custom, client]
- ssl-server-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA]
- priority - SSL/TLS cipher suites priority. type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2]
- ssl-server-max-version - Highest SSL/TLS version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-min-version - Lowest SSL/TLS version acceptable from a server. type: str choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client]
- ssl-server-session-state-max - Maximum number of FortiGate to Server SSL session states to keep. type: int
- ssl-server-session-state-timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
- ssl-server-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: [disable, time, count, both]
- type - Configure a static NAT, load balance, DNS translation, or FQDN VIP. type: str choices: [static-nat, load-balance, server-load-balance, dns-translation, fqdn]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- weblogic-server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: [disable, enable]
- websphere-server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure virtual IP for IPv4.
- parameters for method: [get] - Configure virtual IP for IPv4.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [move] - Configure virtual IP for IPv4.
- option - No description for the parameter type: str choices: [before, after]
- target - Key to the target entry. type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP/{VIP}
fmgr_firewall_vip_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
vip: <value of string>
params:
-
data:
arp-reply: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
dns-mapping-ttl: <value of integer>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
arp-reply: <value in [disable, enable]>
color: <value of integer>
comment: <value of string>
dns-mapping-ttl: <value of integer>
extaddr: <value of string>
extintf: <value of string>
extip: <value of string>
extport: <value of string>
gratuitous-arp-interval: <value of integer>
http-cookie-age: <value of integer>
http-cookie-domain: <value of string>
http-cookie-domain-from-host: <value in [disable, enable]>
http-cookie-generation: <value of integer>
http-cookie-path: <value of string>
http-cookie-share: <value in [disable, same-ip]>
http-ip-header: <value in [disable, enable]>
http-ip-header-name: <value of string>
http-multiplex: <value in [disable, enable]>
https-cookie-secure: <value in [disable, enable]>
id: <value of integer>
ldb-method: <value in [static, round-robin, weighted, ...]>
mapped-addr: <value of string>
mappedip:
- <value of string>
mappedport: <value of string>
max-embryonic-connections: <value of integer>
monitor:
- <value of string>
nat-source-vip: <value in [disable, enable]>
outlook-web-access: <value in [disable, enable]>
persistence: <value in [none, http-cookie, ssl-session-id]>
portforward: <value in [disable, enable]>
portmapping-type: <value in [1-to-1, m-to-n]>
protocol: <value in [tcp, udp, sctp, ...]>
realservers:
-
client-ip:
- <value of string>
healthcheck: <value in [disable, enable, vip]>
holddown-interval: <value of integer>
http-host: <value of string>
ip: <value of string>
max-connections: <value of integer>
monitor: <value of string>
port: <value of integer>
seq: <value of integer>
status: <value in [active, standby, disable]>
weight: <value of integer>
server-type: <value in [http, https, ssl, ...]>
service: <value of string>
src-filter:
- <value of string>
srcintf-filter:
- <value of string>
ssl-algorithm: <value in [high, medium, low, ...]>
ssl-certificate: <value of string>
ssl-cipher-suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
id: <value of integer>
versions:
- <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-client-fallback: <value in [disable, enable]>
ssl-client-renegotiation: <value in [deny, allow, secure]>
ssl-client-session-state-max: <value of integer>
ssl-client-session-state-timeout: <value of integer>
ssl-client-session-state-type: <value in [disable, time, count, ...]>
ssl-dh-bits: <value in [768, 1024, 1536, ...]>
ssl-hpkp: <value in [disable, enable, report-only]>
ssl-hpkp-age: <value of integer>
ssl-hpkp-backup: <value of string>
ssl-hpkp-include-subdomains: <value in [disable, enable]>
ssl-hpkp-primary: <value of string>
ssl-hpkp-report-uri: <value of string>
ssl-hsts: <value in [disable, enable]>
ssl-hsts-age: <value of integer>
ssl-hsts-include-subdomains: <value in [disable, enable]>
ssl-http-location-conversion: <value in [disable, enable]>
ssl-http-match-host: <value in [disable, enable]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [half, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-algorithm: <value in [high, low, medium, ...]>
ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-session-state-max: <value of integer>
ssl-server-session-state-timeout: <value of integer>
ssl-server-session-state-type: <value in [disable, time, count, ...]>
type: <value in [static-nat, load-balance, server-load-balance, ...]>
uuid: <value of string>
weblogic-server: <value in [disable, enable]>
websphere-server: <value in [disable, enable]>
extaddr: <value of string>
extintf: <value of string>
extip: <value of string>
extport: <value of string>
gratuitous-arp-interval: <value of integer>
http-cookie-age: <value of integer>
http-cookie-domain: <value of string>
http-cookie-domain-from-host: <value in [disable, enable]>
http-cookie-generation: <value of integer>
http-cookie-path: <value of string>
http-cookie-share: <value in [disable, same-ip]>
http-ip-header: <value in [disable, enable]>
http-ip-header-name: <value of string>
http-multiplex: <value in [disable, enable]>
https-cookie-secure: <value in [disable, enable]>
id: <value of integer>
ldb-method: <value in [static, round-robin, weighted, ...]>
mapped-addr: <value of string>
mappedip:
- <value of string>
mappedport: <value of string>
max-embryonic-connections: <value of integer>
monitor: <value of string>
name: <value of string>
nat-source-vip: <value in [disable, enable]>
outlook-web-access: <value in [disable, enable]>
persistence: <value in [none, http-cookie, ssl-session-id]>
portforward: <value in [disable, enable]>
portmapping-type: <value in [1-to-1, m-to-n]>
protocol: <value in [tcp, udp, sctp, ...]>
realservers:
-
client-ip:
- <value of string>
healthcheck: <value in [disable, enable, vip]>
holddown-interval: <value of integer>
http-host: <value of string>
ip: <value of string>
max-connections: <value of integer>
monitor: <value of string>
port: <value of integer>
seq: <value of integer>
status: <value in [active, standby, disable]>
weight: <value of integer>
server-type: <value in [http, https, ssl, ...]>
service: <value of string>
src-filter:
- <value of string>
srcintf-filter: <value of string>
ssl-algorithm: <value in [high, medium, low, ...]>
ssl-certificate: <value of string>
ssl-cipher-suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
id: <value of integer>
versions:
- <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-client-fallback: <value in [disable, enable]>
ssl-client-renegotiation: <value in [deny, allow, secure]>
ssl-client-session-state-max: <value of integer>
ssl-client-session-state-timeout: <value of integer>
ssl-client-session-state-type: <value in [disable, time, count, ...]>
ssl-dh-bits: <value in [768, 1024, 1536, ...]>
ssl-hpkp: <value in [disable, enable, report-only]>
ssl-hpkp-age: <value of integer>
ssl-hpkp-backup: <value of string>
ssl-hpkp-include-subdomains: <value in [disable, enable]>
ssl-hpkp-primary: <value of string>
ssl-hpkp-report-uri: <value of string>
ssl-hsts: <value in [disable, enable]>
ssl-hsts-age: <value of integer>
ssl-hsts-include-subdomains: <value in [disable, enable]>
ssl-http-location-conversion: <value in [disable, enable]>
ssl-http-match-host: <value in [disable, enable]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [half, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-algorithm: <value in [high, low, medium, ...]>
ssl-server-cipher-suites:
-
cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
priority: <value of integer>
versions:
- <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-server-session-state-max: <value of integer>
ssl-server-session-state-timeout: <value of integer>
ssl-server-session-state-type: <value in [disable, time, count, ...]>
type: <value in [static-nat, load-balance, server-load-balance, ...]>
uuid: <value of string>
weblogic-server: <value in [disable, enable]>
websphere-server: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP/{VIP}
fmgr_firewall_vip_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
vip: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/VIP/{VIP}
fmgr_firewall_vip_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [move]>
url_params:
adom: <value in [none, global, custom dom]>
vip: <value of string>
params:
-
option: <value in [before, after]>
target: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, move, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/vip/{vip}
- return values for method: [get]
- data
- No description for the parameter type: dict
- arp-reply - Enable to respond to ARP requests for this virtual IP address. type: str
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- dns-mapping-ttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0). type: int
- dynamic_mapping - No description for the parameter type: array
- _scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- arp-reply - No description for the parameter type: str
- color - No description for the parameter type: int
- comment - No description for the parameter type: str
- dns-mapping-ttl - No description for the parameter type: int
- extaddr - No description for the parameter type: str
- extintf - No description for the parameter type: str
- extip - No description for the parameter type: str
- extport - No description for the parameter type: str
- gratuitous-arp-interval - No description for the parameter type: int
- http-cookie-age - No description for the parameter type: int
- http-cookie-domain - No description for the parameter type: str
- http-cookie-domain-from-host - No description for the parameter type: str
- http-cookie-generation - No description for the parameter type: int
- http-cookie-path - No description for the parameter type: str
- http-cookie-share - No description for the parameter type: str
- http-ip-header - No description for the parameter type: str
- http-ip-header-name - No description for the parameter type: str
- http-multiplex - No description for the parameter type: str
- https-cookie-secure - No description for the parameter type: str
- id - No description for the parameter type: int
- ldb-method - No description for the parameter type: str
- mapped-addr - No description for the parameter type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - No description for the parameter type: str
- max-embryonic-connections - No description for the parameter type: int
- monitor - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- nat-source-vip - No description for the parameter type: str
- outlook-web-access - No description for the parameter type: str
- persistence - No description for the parameter type: str
- portforward - No description for the parameter type: str
- portmapping-type - No description for the parameter type: str
- protocol - No description for the parameter type: str
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - No description for the parameter type: str
- holddown-interval - No description for the parameter type: int
- http-host - No description for the parameter type: str
- ip - No description for the parameter type: str
- max-connections - No description for the parameter type: int
- monitor - No description for the parameter type: str
- port - No description for the parameter type: int
- seq - No description for the parameter type: int
- status - No description for the parameter type: str
- weight - No description for the parameter type: int
- client-ip - No description for the parameter type: array
- server-type - No description for the parameter type: str
- service - No description for the parameter type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-algorithm - No description for the parameter type: str
- ssl-certificate - No description for the parameter type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - No description for the parameter type: str
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-client-fallback - No description for the parameter type: str
- ssl-client-renegotiation - No description for the parameter type: str
- ssl-client-session-state-max - No description for the parameter type: int
- ssl-client-session-state-timeout - No description for the parameter type: int
- ssl-client-session-state-type - No description for the parameter type: str
- ssl-dh-bits - No description for the parameter type: str
- ssl-hpkp - No description for the parameter type: str
- ssl-hpkp-age - No description for the parameter type: int
- ssl-hpkp-backup - No description for the parameter type: str
- ssl-hpkp-include-subdomains - No description for the parameter type: str
- ssl-hpkp-primary - No description for the parameter type: str
- ssl-hpkp-report-uri - No description for the parameter type: str
- ssl-hsts - No description for the parameter type: str
- ssl-hsts-age - No description for the parameter type: int
- ssl-hsts-include-subdomains - No description for the parameter type: str
- ssl-http-location-conversion - No description for the parameter type: str
- ssl-http-match-host - No description for the parameter type: str
- ssl-max-version - No description for the parameter type: str
- ssl-min-version - No description for the parameter type: str
- ssl-mode - No description for the parameter type: str
- ssl-pfs - No description for the parameter type: str
- ssl-send-empty-frags - No description for the parameter type: str
- ssl-server-algorithm - No description for the parameter type: str
- ssl-server-max-version - No description for the parameter type: str
- ssl-server-min-version - No description for the parameter type: str
- ssl-server-session-state-max - No description for the parameter type: int
- ssl-server-session-state-timeout - No description for the parameter type: int
- ssl-server-session-state-type - No description for the parameter type: str
- type - No description for the parameter type: str
- uuid - No description for the parameter type: str
- weblogic-server - No description for the parameter type: str
- websphere-server - No description for the parameter type: str
- _scope - No description for the parameter type: array
- extaddr - External FQDN address name. type: str
- extintf - Interface connected to the source network that receives the packets that will be forwarded to the destination network. type: str
- extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
- extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
- gratuitous-arp-interval - Enable to have the VIP send gratuitous ARPs. type: int
- http-cookie-age - Time in minutes that client web browsers should keep a cookie. type: int
- http-cookie-domain - Domain that HTTP cookie persistence should apply to. type: str
- http-cookie-domain-from-host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str
- http-cookie-generation - Generation of HTTP cookie to be accepted. type: int
- http-cookie-path - Limit HTTP cookie persistence to the specified path. type: str
- http-cookie-share - Control sharing of cookies across virtual servers. type: str
- http-ip-header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str
- http-ip-header-name - For HTTP multiplexing, enter a custom HTTPS header name. type: str
- http-multiplex - Enable/disable HTTP multiplexing. type: str
- https-cookie-secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str
- id - Custom defined ID. type: int
- ldb-method - Method used to distribute sessions to real servers. type: str
- mapped-addr - Mapped FQDN address name. type: str
- mappedip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
- max-embryonic-connections - Maximum number of incomplete connections. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- name - Virtual IP name. type: str
- nat-source-vip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str
- outlook-web-access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str
- portforward - Enable/disable port forwarding. type: str
- portmapping-type - Port mapping type. type: str
- protocol - Protocol to use when forwarding packets. type: str
- realservers - No description for the parameter type: array
- client-ip - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str
- holddown-interval - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int
- http-host - HTTP server domain name in HTTP header. type: str
- ip - IP address of the real server. type: str
- max-connections - Max number of active connections that can be directed to the real server. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual servers connectivity status. type: str
- port - Port for communicating with the real server. type: int
- seq - No description for the parameter type: int
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str
- weight - Weight of the real server. type: int
- client-ip - No description for the parameter type: array
- server-type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str
- service - Service name. type: str
- src-filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- srcintf-filter - Interfaces to which the VIP applies. type: str
- ssl-algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str
- ssl-certificate - The name of the SSL certificate to use for SSL acceleration. type: str
- ssl-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str
- id - No description for the parameter type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-client-fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str
- ssl-client-renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str
- ssl-client-session-state-max - Maximum number of client to FortiGate SSL session states to keep. type: int
- ssl-client-session-state-timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
- ssl-client-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str
- ssl-dh-bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str
- ssl-hpkp - Enable/disable including HPKP header in response. type: str
- ssl-hpkp-age - Number of seconds the client should honour the HPKP setting. type: int
- ssl-hpkp-backup - Certificate to generate backup HPKP pin from. type: str
- ssl-hpkp-include-subdomains - Indicate that HPKP header applies to all subdomains. type: str
- ssl-hpkp-primary - Certificate to generate primary HPKP pin from. type: str
- ssl-hpkp-report-uri - URL to report HPKP violations to. type: str
- ssl-hsts - Enable/disable including HSTS header in response. type: str
- ssl-hsts-age - Number of seconds the client should honour the HSTS setting. type: int
- ssl-hsts-include-subdomains - Indicate that HSTS header applies to all subdomains. type: str
- ssl-http-location-conversion - Enable to replace HTTP with HTTPS in the replys Location HTTP header field. type: str
- ssl-http-match-host - Enable/disable HTTP host matching for location conversion. type: str
- ssl-max-version - Highest SSL/TLS version acceptable from a client. type: str
- ssl-min-version - Lowest SSL/TLS version acceptable from a client. type: str
- ssl-mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str
- ssl-pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). type: str
- ssl-send-empty-frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3. type: str
- ssl-server-algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str
- ssl-server-cipher-suites - No description for the parameter type: array
- cipher - Cipher suite name. type: str
- priority - SSL/TLS cipher suites priority. type: int
- versions - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-server-max-version - Highest SSL/TLS version acceptable from a server. type: str
- ssl-server-min-version - Lowest SSL/TLS version acceptable from a server. type: str
- ssl-server-session-state-max - Maximum number of FortiGate to Server SSL session states to keep. type: int
- ssl-server-session-state-timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
- ssl-server-session-state-type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str
- type - Configure a static NAT, load balance, DNS translation, or FQDN VIP. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- weblogic-server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str
- websphere-server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/firewall/vip/{vip}
fmgr_ips_sensor – Configure IPS sensor.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/ips/sensor
- /pm/config/global/obj/ips/sensor
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure IPS sensor.
- data - No description for the parameter type: array
- block-malicious-url - Enable/disable malicious URL blocking. type: str choices: [disable, enable]
- comment - Comment. type: str
- entries - No description for the parameter type: array
- action - Action taken with traffic in which signatures are detected. type: str choices: [pass, block, reset, default]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- id - Rule ID in IPS database (0 - 4294967295). type: int
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of signatures included in filter. type: str choices: [disable, enable]
- log-attack-context - Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. type: str choices: [disable, enable]
- log-packet - Enable/disable packet logging. type: str choices: [disable, enable]
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str choices: [none, attacker, both, interface]
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str choices: [disable, enable]
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str choices: [periodical, continuous]
- rate-track - Track the packet protocol field. type: str choices: [none, src-ip, dest-ip, dhcp-client-mac, dns-domain]
- rule - Identifies the predefined or custom IPS signatures to add to the sensor. type: str
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Status of the signatures included in filter. type: str choices: [disable, enable, default]
- extended-log - Enable/disable extended logging. type: str choices: [disable, enable]
- filter - No description for the parameter type: array
- action - Action of selected rules. type: str choices: [pass, block, default, reset]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of selected rules. type: str choices: [disable, enable, default]
- log-packet - Enable/disable packet logging of selected rules. type: str choices: [disable, enable, default]
- name - Filter name. type: str
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine IP or interface. type: str choices: [none, attacker, both, interface]
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str choices: [disable, enable]
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Selected rules status. type: str choices: [disable, enable, default]
- name - Sensor name. type: str
- override - No description for the parameter type: array
- action - Action of override rule. type: str choices: [pass, block, reset]
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- log - Enable/disable logging. type: str choices: [disable, enable]
- log-packet - Enable/disable packet logging. type: str choices: [disable, enable]
- quarantine - Quarantine IP or interface. type: str choices: [none, attacker, both, interface]
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str choices: [disable, enable]
- rule-id - Override rule ID. type: int
- status - Enable/disable status of override rule. type: str choices: [disable, enable]
- replacemsg-group - Replacement message group. type: str
- parameters for method: [get] - Configure IPS sensor.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [block-malicious-url, comment, extended-log, name, replacemsg-group]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/IPS/SENSOR
fmgr_ips_sensor:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
block-malicious-url: <value in [disable, enable]>
comment: <value of string>
entries:
-
action: <value in [pass, block, reset, ...]>
application:
- <value of string>
exempt-ip:
-
dst-ip: <value of string>
id: <value of integer>
src-ip: <value of string>
id: <value of integer>
location:
- <value of string>
log: <value in [disable, enable]>
log-attack-context: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
os:
- <value of string>
protocol:
- <value of string>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of string>
quarantine-log: <value in [disable, enable]>
rate-count: <value of integer>
rate-duration: <value of integer>
rate-mode: <value in [periodical, continuous]>
rate-track: <value in [none, src-ip, dest-ip, ...]>
rule: <value of string>
severity:
- <value of string>
status: <value in [disable, enable, default]>
extended-log: <value in [disable, enable]>
filter:
-
action: <value in [pass, block, default, ...]>
application:
- <value of string>
location:
- <value of string>
log: <value in [disable, enable, default]>
log-packet: <value in [disable, enable, default]>
name: <value of string>
os:
- <value of string>
protocol:
- <value of string>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of integer>
quarantine-log: <value in [disable, enable]>
severity:
- <value of string>
status: <value in [disable, enable, default]>
name: <value of string>
override:
-
action: <value in [pass, block, reset]>
exempt-ip:
-
dst-ip: <value of string>
id: <value of integer>
src-ip: <value of string>
log: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of integer>
quarantine-log: <value in [disable, enable]>
rule-id: <value of integer>
status: <value in [disable, enable]>
replacemsg-group: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/IPS/SENSOR
fmgr_ips_sensor:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [block-malicious-url, comment, extended-log, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/ips/sensor
- return values for method: [get]
- data
- No description for the parameter type: array
- block-malicious-url - Enable/disable malicious URL blocking. type: str
- comment - Comment. type: str
- entries - No description for the parameter type: array
- action - Action taken with traffic in which signatures are detected. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- id - Rule ID in IPS database (0 - 4294967295). type: int
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of signatures included in filter. type: str
- log-attack-context - Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. type: str
- log-packet - Enable/disable packet logging. type: str
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str
- rate-track - Track the packet protocol field. type: str
- rule - Identifies the predefined or custom IPS signatures to add to the sensor. type: str
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Status of the signatures included in filter. type: str
- extended-log - Enable/disable extended logging. type: str
- filter - No description for the parameter type: array
- action - Action of selected rules. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of selected rules. type: str
- log-packet - Enable/disable packet logging of selected rules. type: str
- name - Filter name. type: str
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine IP or interface. type: str
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Selected rules status. type: str
- name - Sensor name. type: str
- override - No description for the parameter type: array
- action - Action of override rule. type: str
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- log - Enable/disable logging. type: str
- log-packet - Enable/disable packet logging. type: str
- quarantine - Quarantine IP or interface. type: str
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str
- rule-id - Override rule ID. type: int
- status - Enable/disable status of override rule. type: str
- replacemsg-group - Replacement message group. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/ips/sensor
fmgr_ips_sensor_obj – Configure IPS sensor.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/ips/sensor/{sensor}
- /pm/config/global/obj/ips/sensor/{sensor}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- sensor - the object name type: str
- parameters for method: [clone, set, update] - Configure IPS sensor.
- data - No description for the parameter type: dict
- block-malicious-url - Enable/disable malicious URL blocking. type: str choices: [disable, enable]
- comment - Comment. type: str
- entries - No description for the parameter type: array
- action - Action taken with traffic in which signatures are detected. type: str choices: [pass, block, reset, default]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- id - Rule ID in IPS database (0 - 4294967295). type: int
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of signatures included in filter. type: str choices: [disable, enable]
- log-attack-context - Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. type: str choices: [disable, enable]
- log-packet - Enable/disable packet logging. type: str choices: [disable, enable]
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str choices: [none, attacker, both, interface]
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str choices: [disable, enable]
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str choices: [periodical, continuous]
- rate-track - Track the packet protocol field. type: str choices: [none, src-ip, dest-ip, dhcp-client-mac, dns-domain]
- rule - Identifies the predefined or custom IPS signatures to add to the sensor. type: str
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Status of the signatures included in filter. type: str choices: [disable, enable, default]
- extended-log - Enable/disable extended logging. type: str choices: [disable, enable]
- filter - No description for the parameter type: array
- action - Action of selected rules. type: str choices: [pass, block, default, reset]
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of selected rules. type: str choices: [disable, enable, default]
- log-packet - Enable/disable packet logging of selected rules. type: str choices: [disable, enable, default]
- name - Filter name. type: str
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine IP or interface. type: str choices: [none, attacker, both, interface]
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str choices: [disable, enable]
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Selected rules status. type: str choices: [disable, enable, default]
- name - Sensor name. type: str
- override - No description for the parameter type: array
- action - Action of override rule. type: str choices: [pass, block, reset]
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- log - Enable/disable logging. type: str choices: [disable, enable]
- log-packet - Enable/disable packet logging. type: str choices: [disable, enable]
- quarantine - Quarantine IP or interface. type: str choices: [none, attacker, both, interface]
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str choices: [disable, enable]
- rule-id - Override rule ID. type: int
- status - Enable/disable status of override rule. type: str choices: [disable, enable]
- replacemsg-group - Replacement message group. type: str
- parameters for method: [delete] - Configure IPS sensor.
- parameters for method: [get] - Configure IPS sensor.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/IPS/SENSOR/{SENSOR}
fmgr_ips_sensor_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
sensor: <value of string>
params:
-
data:
block-malicious-url: <value in [disable, enable]>
comment: <value of string>
entries:
-
action: <value in [pass, block, reset, ...]>
application:
- <value of string>
exempt-ip:
-
dst-ip: <value of string>
id: <value of integer>
src-ip: <value of string>
id: <value of integer>
location:
- <value of string>
log: <value in [disable, enable]>
log-attack-context: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
os:
- <value of string>
protocol:
- <value of string>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of string>
quarantine-log: <value in [disable, enable]>
rate-count: <value of integer>
rate-duration: <value of integer>
rate-mode: <value in [periodical, continuous]>
rate-track: <value in [none, src-ip, dest-ip, ...]>
rule: <value of string>
severity:
- <value of string>
status: <value in [disable, enable, default]>
extended-log: <value in [disable, enable]>
filter:
-
action: <value in [pass, block, default, ...]>
application:
- <value of string>
location:
- <value of string>
log: <value in [disable, enable, default]>
log-packet: <value in [disable, enable, default]>
name: <value of string>
os:
- <value of string>
protocol:
- <value of string>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of integer>
quarantine-log: <value in [disable, enable]>
severity:
- <value of string>
status: <value in [disable, enable, default]>
name: <value of string>
override:
-
action: <value in [pass, block, reset]>
exempt-ip:
-
dst-ip: <value of string>
id: <value of integer>
src-ip: <value of string>
log: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of integer>
quarantine-log: <value in [disable, enable]>
rule-id: <value of integer>
status: <value in [disable, enable]>
replacemsg-group: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/IPS/SENSOR/{SENSOR}
fmgr_ips_sensor_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
sensor: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/ips/sensor/{sensor}
- return values for method: [get]
- data
- No description for the parameter type: dict
- block-malicious-url - Enable/disable malicious URL blocking. type: str
- comment - Comment. type: str
- entries - No description for the parameter type: array
- action - Action taken with traffic in which signatures are detected. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- id - Rule ID in IPS database (0 - 4294967295). type: int
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of signatures included in filter. type: str
- log-attack-context - Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. type: str
- log-packet - Enable/disable packet logging. type: str
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine method. type: str
- quarantine-expiry - Duration of quarantine. type: str
- quarantine-log - Enable/disable quarantine logging. type: str
- rate-count - Count of the rate. type: int
- rate-duration - Duration (sec) of the rate. type: int
- rate-mode - Rate limit mode. type: str
- rate-track - Track the packet protocol field. type: str
- rule - Identifies the predefined or custom IPS signatures to add to the sensor. type: str
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Status of the signatures included in filter. type: str
- extended-log - Enable/disable extended logging. type: str
- filter - No description for the parameter type: array
- action - Action of selected rules. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- location - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- log - Enable/disable logging of selected rules. type: str
- log-packet - Enable/disable packet logging of selected rules. type: str
- name - Filter name. type: str
- os - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- quarantine - Quarantine IP or interface. type: str
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str
- severity - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- status - Selected rules status. type: str
- name - Sensor name. type: str
- override - No description for the parameter type: array
- action - Action of override rule. type: str
- exempt-ip - No description for the parameter type: array
- dst-ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int
- src-ip - Source IP address and netmask. type: str
- log - Enable/disable logging. type: str
- log-packet - Enable/disable packet logging. type: str
- quarantine - Quarantine IP or interface. type: str
- quarantine-expiry - Duration of quarantine in minute. type: int
- quarantine-log - Enable/disable logging of selected quarantine. type: str
- rule-id - Override rule ID. type: int
- status - Enable/disable status of override rule. type: str
- replacemsg-group - Replacement message group. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/ips/sensor/{sensor}
fmgr_pkg_firewall_policy – Configure IPv4 policies.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- pkg - the object name type: str
- parameters for method: [add, set, update] - Configure IPv4 policies.
- data - No description for the parameter type: array
- action - Policy action (allow/deny/ipsec). type: str choices: [deny, accept, ipsec, ssl-vpn]
- app-category - Application category ID list. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- application-list - Name of an existing Application list. type: str
- auth-cert - HTTPS server certificate for policy authentication. type: str
- auth-path - Enable/disable authentication-based routing. type: str choices: [disable, enable]
- auth-redirect-addr - HTTP-to-HTTPS redirect address for firewall authentication. type: str
- auto-asic-offload - Enable/disable offloading security profile processing to CP processors. type: str choices: [disable, enable]
- av-profile - Name of an existing Antivirus profile. type: str
- block-notification - Enable/disable block notification. type: str choices: [disable, enable]
- captive-portal-exempt - Enable to exempt some users from the captive portal. type: str choices: [disable, enable]
- capture-packet - Enable/disable capture packets. type: str choices: [disable, enable]
- comments - No description for the parameter type: str
- custom-log-fields - Custom fields to append to log messages for this policy. type: str
- delay-tcp-npu-session - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. type: str choices: [disable, enable]
- devices - Names of devices or device groups that can be matched by the policy. type: str
- diffserv-forward - Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str choices: [disable, enable]
- diffserv-reverse - Enable to change packets reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: [disable, enable]
- diffservcode-forward - Change packets DiffServ to this value. type: str
- diffservcode-rev - Change packets reverse (reply) DiffServ to this value. type: str
- disclaimer - Enable/disable user authentication disclaimer. type: str choices: [disable, enable]
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- dscp-match - Enable DSCP check. type: str choices: [disable, enable]
- dscp-negate - Enable negated DSCP match. type: str choices: [disable, enable]
- dscp-value - DSCP value. type: str
- dsri - Enable DSRI to ignore HTTP server responses. type: str choices: [disable, enable]
- dstaddr - Destination address and address group names. type: str
- dstaddr-negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: [disable, enable]
- dstintf - Outgoing (egress) interface. type: str
- firewall-session-dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: [check-all, check-new]
- fixedport - Enable to prevent source NAT from changing a sessions source port. type: str choices: [disable, enable]
- fsso - Enable/disable Fortinet Single Sign-On. type: str choices: [disable, enable]
- fsso-agent-for-ntlm - FSSO agent to use for NTLM authentication. type: str
- global-label - Label for the policy that appears when the GUI is in Global View mode. type: str
- groups - Names of user groups that can authenticate with this policy. type: str
- gtp-profile - GTP profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- identity-based-route - Name of identity-based routing rule. type: str
- inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: [disable, enable]
- internet-service - Enable/disable use of Internet Services for this policy. type: str choices: [disable, enable]
- internet-service-custom - Custom Internet Service Name. type: str
- internet-service-id - Internet Service ID. type: str
- internet-service-negate - When enabled internet-service specifies what the service must NOT be. type: str choices: [disable, enable]
- ippool - Enable to use IP Pools for source NAT. type: str choices: [disable, enable]
- ips-sensor - Name of an existing IPS sensor. type: str
- label - Label for the policy that appears when the GUI is in Section View mode. type: str
- learning-mode - Enable to allow everything, but log all of the meaningful data for security information gathering. type: str choices: [disable, enable]
- logtraffic - Enable or disable logging. type: str choices: [disable, enable, all, utm]
- logtraffic-start - Record logs when a session starts and ends. type: str choices: [disable, enable]
- match-vip - Enable to match packets that have had their destination addresses changed by a VIP. type: str choices: [disable, enable]
- mms-profile - Name of an existing MMS profile. type: str
- name - Policy name. type: str
- nat - Enable/disable source NAT. type: str choices: [disable, enable]
- natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: [disable, enable]
- natip - Policy-based IPsec VPN: source NAT IP address for outgoing traffic. type: str
- natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: [disable, enable]
- ntlm - Enable/disable NTLM authentication. type: str choices: [disable, enable]
- ntlm-enabled-browsers - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ntlm-guest - Enable/disable NTLM guest user access. type: str choices: [disable, enable]
- outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: [disable, enable]
- per-ip-shaper - Per-IP traffic shaper. type: str
- permit-any-host - Accept UDP packets from any host. type: str choices: [disable, enable]
- permit-stun-host - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. type: str choices: [disable, enable]
- policyid - Policy ID. type: int
- poolname - IP Pool names. type: str
- profile-group - Name of profile group. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- profile-type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: [single, group]
- radius-mac-auth-bypass - Enable MAC authentication bypass. type: str choices: [disable, enable]
- redirect-url - URL users are directed to after seeing and accepting the disclaimer or authenticating. type: str
- replacemsg-override-group - Override the default replacement message group for this policy. type: str
- rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: [disable, enable]
- rtp-addr - Address names if this is an RTP NAT policy. type: str
- rtp-nat - Enable Real Time Protocol (RTP) NAT. type: str choices: [disable, enable]
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: [disable, block, monitor]
- schedule - Schedule name. type: str
- schedule-timeout - Enable to force current sessions to end when the schedule object times out. type: str choices: [disable, enable]
- send-deny-packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str choices: [disable, enable]
- service - Service and service group names. type: str
- service-negate - When enabled service specifies what the service must NOT be. type: str choices: [disable, enable]
- session-ttl - Session TTL in seconds for sessions accepted by this policy. type: int
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- srcaddr - Source address and address group names. type: str
- srcaddr-negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: [disable, enable]
- srcintf - Incoming (ingress) interface. type: str
- ssl-mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: [disable, enable]
- ssl-mirror-intf - SSL mirror interface name. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- status - Enable or disable this policy. type: str choices: [disable, enable]
- tags - Names of object-tags applied to this policy. type: str
- tcp-mss-receiver - Receiver TCP maximum segment size (MSS). type: int
- tcp-mss-sender - Sender TCP maximum segment size (MSS). type: int
- tcp-session-without-syn - Enable/disable creation of TCP session without SYN flag. type: str choices: [all, data-only, disable]
- timeout-send-rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: [disable, enable]
- traffic-shaper - Traffic shaper. type: str
- traffic-shaper-reverse - Reverse traffic shaper. type: str
- url-category - URL category ID list. type: str
- users - Names of individual users that can authenticate with this policy. type: str
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str choices: [disable, enable]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- vlan-cos-fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- vlan-cos-rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- voip-profile - Name of an existing VoIP profile. type: str
- vpn_dst_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpn_src_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- wanopt - Enable/disable WAN optimization. type: str choices: [disable, enable]
- wanopt-detection - WAN optimization auto-detection mode. type: str choices: [active, passive, off]
- wanopt-passive-opt - WAN optimization passive mode options. type: str choices: [default, transparent, non-transparent]
- wanopt-peer - WAN optimization peer. type: str
- wanopt-profile - WAN optimization profile. type: str
- wccp - Enable/disable forwarding traffic matching this policy to a configured WCCP server. type: str choices: [disable, enable]
- webcache - Enable/disable web cache. type: str choices: [disable, enable]
- webcache-https - Enable/disable web cache for HTTPS. type: str choices: [disable, ssl-server, any, enable]
- webfilter-profile - Name of an existing Web filter profile. type: str
- wsso - Enable/disable WiFi Single Sign On (WSSO). type: str choices: [disable, enable]
- parameters for method: [get] - Configure IPv4 policies.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [action, app-category, application, application-list, auth-cert, auth-path, auth-redirect-addr, auto-asic-offload, av-profile, block-notification, captive-portal-exempt, capture-packet, custom-log-fields, delay-tcp-npu-session, devices, diffserv-forward, diffserv-reverse, diffservcode-forward, diffservcode-rev, disclaimer, dlp-sensor, dnsfilter-profile, dscp-match, dscp-negate, dscp-value, dsri, dstaddr, dstaddr-negate, dstintf, firewall-session-dirty, fixedport, fsso, fsso-agent-for-ntlm, global-label, groups, gtp-profile, icap-profile, identity-based-route, inbound, internet-service, internet-service-custom, internet-service-id, internet-service-negate, ippool, ips-sensor, label, learning-mode, logtraffic, logtraffic-start, match-vip, mms-profile, name, nat, natinbound, natip, natoutbound, ntlm, ntlm-enabled-browsers, ntlm-guest, outbound, per-ip-shaper, permit-any-host, permit-stun-host, policyid, poolname, profile-group, profile-protocol-options, profile-type, radius-mac-auth-bypass, redirect-url, replacemsg-override-group, rsso, rtp-addr, rtp-nat, scan-botnet-connections, schedule, schedule-timeout, send-deny-packet, service, service-negate, session-ttl, spamfilter-profile, srcaddr, srcaddr-negate, srcintf, ssl-mirror, ssl-mirror-intf, ssl-ssh-profile, status, tags, tcp-mss-receiver, tcp-mss-sender, tcp-session-without-syn, timeout-send-rst, traffic-shaper, traffic-shaper-reverse, url-category, users, utm-status, uuid, vlan-cos-fwd, vlan-cos-rev, voip-profile, vpntunnel, waf-profile, wanopt, wanopt-detection, wanopt-passive-opt, wanopt-peer, wanopt-profile, wccp, webcache, webcache-https, webfilter-profile, wsso]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY
fmgr_pkg_firewall_policy:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
params:
-
data:
-
action: <value in [deny, accept, ipsec, ...]>
app-category: <value of string>
application:
- <value of integer>
application-list: <value of string>
auth-cert: <value of string>
auth-path: <value in [disable, enable]>
auth-redirect-addr: <value of string>
auto-asic-offload: <value in [disable, enable]>
av-profile: <value of string>
block-notification: <value in [disable, enable]>
captive-portal-exempt: <value in [disable, enable]>
capture-packet: <value in [disable, enable]>
comments: <value of string>
custom-log-fields: <value of string>
delay-tcp-npu-session: <value in [disable, enable]>
devices: <value of string>
diffserv-forward: <value in [disable, enable]>
diffserv-reverse: <value in [disable, enable]>
diffservcode-forward: <value of string>
diffservcode-rev: <value of string>
disclaimer: <value in [disable, enable]>
dlp-sensor: <value of string>
dnsfilter-profile: <value of string>
dscp-match: <value in [disable, enable]>
dscp-negate: <value in [disable, enable]>
dscp-value: <value of string>
dsri: <value in [disable, enable]>
dstaddr: <value of string>
dstaddr-negate: <value in [disable, enable]>
dstintf: <value of string>
firewall-session-dirty: <value in [check-all, check-new]>
fixedport: <value in [disable, enable]>
fsso: <value in [disable, enable]>
fsso-agent-for-ntlm: <value of string>
global-label: <value of string>
groups: <value of string>
gtp-profile: <value of string>
icap-profile: <value of string>
identity-based-route: <value of string>
inbound: <value in [disable, enable]>
internet-service: <value in [disable, enable]>
internet-service-custom: <value of string>
internet-service-id: <value of string>
internet-service-negate: <value in [disable, enable]>
ippool: <value in [disable, enable]>
ips-sensor: <value of string>
label: <value of string>
learning-mode: <value in [disable, enable]>
logtraffic: <value in [disable, enable, all, ...]>
logtraffic-start: <value in [disable, enable]>
match-vip: <value in [disable, enable]>
mms-profile: <value of string>
name: <value of string>
nat: <value in [disable, enable]>
natinbound: <value in [disable, enable]>
natip: <value of string>
natoutbound: <value in [disable, enable]>
ntlm: <value in [disable, enable]>
ntlm-enabled-browsers:
- <value of string>
ntlm-guest: <value in [disable, enable]>
outbound: <value in [disable, enable]>
per-ip-shaper: <value of string>
permit-any-host: <value in [disable, enable]>
permit-stun-host: <value in [disable, enable]>
policyid: <value of integer>
poolname: <value of string>
profile-group: <value of string>
profile-protocol-options: <value of string>
profile-type: <value in [single, group]>
radius-mac-auth-bypass: <value in [disable, enable]>
redirect-url: <value of string>
replacemsg-override-group: <value of string>
rsso: <value in [disable, enable]>
rtp-addr: <value of string>
rtp-nat: <value in [disable, enable]>
scan-botnet-connections: <value in [disable, block, monitor]>
schedule: <value of string>
schedule-timeout: <value in [disable, enable]>
send-deny-packet: <value in [disable, enable]>
service: <value of string>
service-negate: <value in [disable, enable]>
session-ttl: <value of integer>
spamfilter-profile: <value of string>
srcaddr: <value of string>
srcaddr-negate: <value in [disable, enable]>
srcintf: <value of string>
ssl-mirror: <value in [disable, enable]>
ssl-mirror-intf: <value of string>
ssl-ssh-profile: <value of string>
status: <value in [disable, enable]>
tags: <value of string>
tcp-mss-receiver: <value of integer>
tcp-mss-sender: <value of integer>
tcp-session-without-syn: <value in [all, data-only, disable]>
timeout-send-rst: <value in [disable, enable]>
traffic-shaper: <value of string>
traffic-shaper-reverse: <value of string>
url-category: <value of string>
users: <value of string>
utm-status: <value in [disable, enable]>
uuid: <value of string>
vlan-cos-fwd: <value of integer>
vlan-cos-rev: <value of integer>
voip-profile: <value of string>
vpn_dst_node:
-
host: <value of string>
seq: <value of integer>
subnet: <value of string>
vpn_src_node:
-
host: <value of string>
seq: <value of integer>
subnet: <value of string>
vpntunnel: <value of string>
waf-profile: <value of string>
wanopt: <value in [disable, enable]>
wanopt-detection: <value in [active, passive, off]>
wanopt-passive-opt: <value in [default, transparent, non-transparent]>
wanopt-peer: <value of string>
wanopt-profile: <value of string>
wccp: <value in [disable, enable]>
webcache: <value in [disable, enable]>
webcache-https: <value in [disable, ssl-server, any, ...]>
webfilter-profile: <value of string>
wsso: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY
fmgr_pkg_firewall_policy:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
params:
-
attr: <value of string>
fields:
-
- <value in [action, app-category, application, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- data
- No description for the parameter type: array
- policyid - Policy ID. type: int
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy
- return values for method: [get]
- data
- No description for the parameter type: array
- action - Policy action (allow/deny/ipsec). type: str
- app-category - Application category ID list. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- application-list - Name of an existing Application list. type: str
- auth-cert - HTTPS server certificate for policy authentication. type: str
- auth-path - Enable/disable authentication-based routing. type: str
- auth-redirect-addr - HTTP-to-HTTPS redirect address for firewall authentication. type: str
- auto-asic-offload - Enable/disable offloading security profile processing to CP processors. type: str
- av-profile - Name of an existing Antivirus profile. type: str
- block-notification - Enable/disable block notification. type: str
- captive-portal-exempt - Enable to exempt some users from the captive portal. type: str
- capture-packet - Enable/disable capture packets. type: str
- comments - No description for the parameter type: str
- custom-log-fields - Custom fields to append to log messages for this policy. type: str
- delay-tcp-npu-session - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. type: str
- devices - Names of devices or device groups that can be matched by the policy. type: str
- diffserv-forward - Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str
- diffserv-reverse - Enable to change packets reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str
- diffservcode-forward - Change packets DiffServ to this value. type: str
- diffservcode-rev - Change packets reverse (reply) DiffServ to this value. type: str
- disclaimer - Enable/disable user authentication disclaimer. type: str
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- dscp-match - Enable DSCP check. type: str
- dscp-negate - Enable negated DSCP match. type: str
- dscp-value - DSCP value. type: str
- dsri - Enable DSRI to ignore HTTP server responses. type: str
- dstaddr - Destination address and address group names. type: str
- dstaddr-negate - When enabled dstaddr specifies what the destination address must NOT be. type: str
- dstintf - Outgoing (egress) interface. type: str
- firewall-session-dirty - How to handle sessions if the configuration of this firewall policy changes. type: str
- fixedport - Enable to prevent source NAT from changing a sessions source port. type: str
- fsso - Enable/disable Fortinet Single Sign-On. type: str
- fsso-agent-for-ntlm - FSSO agent to use for NTLM authentication. type: str
- global-label - Label for the policy that appears when the GUI is in Global View mode. type: str
- groups - Names of user groups that can authenticate with this policy. type: str
- gtp-profile - GTP profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- identity-based-route - Name of identity-based routing rule. type: str
- inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str
- internet-service - Enable/disable use of Internet Services for this policy. type: str
- internet-service-custom - Custom Internet Service Name. type: str
- internet-service-id - Internet Service ID. type: str
- internet-service-negate - When enabled internet-service specifies what the service must NOT be. type: str
- ippool - Enable to use IP Pools for source NAT. type: str
- ips-sensor - Name of an existing IPS sensor. type: str
- label - Label for the policy that appears when the GUI is in Section View mode. type: str
- learning-mode - Enable to allow everything, but log all of the meaningful data for security information gathering. type: str
- logtraffic - Enable or disable logging. type: str
- logtraffic-start - Record logs when a session starts and ends. type: str
- match-vip - Enable to match packets that have had their destination addresses changed by a VIP. type: str
- mms-profile - Name of an existing MMS profile. type: str
- name - Policy name. type: str
- nat - Enable/disable source NAT. type: str
- natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str
- natip - Policy-based IPsec VPN: source NAT IP address for outgoing traffic. type: str
- natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str
- ntlm - Enable/disable NTLM authentication. type: str
- ntlm-enabled-browsers - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ntlm-guest - Enable/disable NTLM guest user access. type: str
- outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str
- per-ip-shaper - Per-IP traffic shaper. type: str
- permit-any-host - Accept UDP packets from any host. type: str
- permit-stun-host - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. type: str
- policyid - Policy ID. type: int
- poolname - IP Pool names. type: str
- profile-group - Name of profile group. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- profile-type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str
- radius-mac-auth-bypass - Enable MAC authentication bypass. type: str
- redirect-url - URL users are directed to after seeing and accepting the disclaimer or authenticating. type: str
- replacemsg-override-group - Override the default replacement message group for this policy. type: str
- rsso - Enable/disable RADIUS single sign-on (RSSO). type: str
- rtp-addr - Address names if this is an RTP NAT policy. type: str
- rtp-nat - Enable Real Time Protocol (RTP) NAT. type: str
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str
- schedule - Schedule name. type: str
- schedule-timeout - Enable to force current sessions to end when the schedule object times out. type: str
- send-deny-packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str
- service - Service and service group names. type: str
- service-negate - When enabled service specifies what the service must NOT be. type: str
- session-ttl - Session TTL in seconds for sessions accepted by this policy. type: int
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- srcaddr - Source address and address group names. type: str
- srcaddr-negate - When enabled srcaddr specifies what the source address must NOT be. type: str
- srcintf - Incoming (ingress) interface. type: str
- ssl-mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str
- ssl-mirror-intf - SSL mirror interface name. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- status - Enable or disable this policy. type: str
- tags - Names of object-tags applied to this policy. type: str
- tcp-mss-receiver - Receiver TCP maximum segment size (MSS). type: int
- tcp-mss-sender - Sender TCP maximum segment size (MSS). type: int
- tcp-session-without-syn - Enable/disable creation of TCP session without SYN flag. type: str
- timeout-send-rst - Enable/disable sending RST packets when TCP sessions expire. type: str
- traffic-shaper - Traffic shaper. type: str
- traffic-shaper-reverse - Reverse traffic shaper. type: str
- url-category - URL category ID list. type: str
- users - Names of individual users that can authenticate with this policy. type: str
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- vlan-cos-fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- vlan-cos-rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- voip-profile - Name of an existing VoIP profile. type: str
- vpn_dst_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpn_src_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- wanopt - Enable/disable WAN optimization. type: str
- wanopt-detection - WAN optimization auto-detection mode. type: str
- wanopt-passive-opt - WAN optimization passive mode options. type: str
- wanopt-peer - WAN optimization peer. type: str
- wanopt-profile - WAN optimization profile. type: str
- wccp - Enable/disable forwarding traffic matching this policy to a configured WCCP server. type: str
- webcache - Enable/disable web cache. type: str
- webcache-https - Enable/disable web cache for HTTPS. type: str
- webfilter-profile - Name of an existing Web filter profile. type: str
- wsso - Enable/disable WiFi Single Sign On (WSSO). type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy
fmgr_pkg_firewall_policy_obj – Configure IPv4 policies.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, move, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy/{policy}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- pkg - the object name type: str
- policy - the object name type: str
- parameters for method: [clone, update] - Configure IPv4 policies.
- data - No description for the parameter type: dict
- action - Policy action (allow/deny/ipsec). type: str choices: [deny, accept, ipsec, ssl-vpn]
- app-category - Application category ID list. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- application-list - Name of an existing Application list. type: str
- auth-cert - HTTPS server certificate for policy authentication. type: str
- auth-path - Enable/disable authentication-based routing. type: str choices: [disable, enable]
- auth-redirect-addr - HTTP-to-HTTPS redirect address for firewall authentication. type: str
- auto-asic-offload - Enable/disable offloading security profile processing to CP processors. type: str choices: [disable, enable]
- av-profile - Name of an existing Antivirus profile. type: str
- block-notification - Enable/disable block notification. type: str choices: [disable, enable]
- captive-portal-exempt - Enable to exempt some users from the captive portal. type: str choices: [disable, enable]
- capture-packet - Enable/disable capture packets. type: str choices: [disable, enable]
- comments - No description for the parameter type: str
- custom-log-fields - Custom fields to append to log messages for this policy. type: str
- delay-tcp-npu-session - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. type: str choices: [disable, enable]
- devices - Names of devices or device groups that can be matched by the policy. type: str
- diffserv-forward - Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str choices: [disable, enable]
- diffserv-reverse - Enable to change packets reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: [disable, enable]
- diffservcode-forward - Change packets DiffServ to this value. type: str
- diffservcode-rev - Change packets reverse (reply) DiffServ to this value. type: str
- disclaimer - Enable/disable user authentication disclaimer. type: str choices: [disable, enable]
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- dscp-match - Enable DSCP check. type: str choices: [disable, enable]
- dscp-negate - Enable negated DSCP match. type: str choices: [disable, enable]
- dscp-value - DSCP value. type: str
- dsri - Enable DSRI to ignore HTTP server responses. type: str choices: [disable, enable]
- dstaddr - Destination address and address group names. type: str
- dstaddr-negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: [disable, enable]
- dstintf - Outgoing (egress) interface. type: str
- firewall-session-dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: [check-all, check-new]
- fixedport - Enable to prevent source NAT from changing a sessions source port. type: str choices: [disable, enable]
- fsso - Enable/disable Fortinet Single Sign-On. type: str choices: [disable, enable]
- fsso-agent-for-ntlm - FSSO agent to use for NTLM authentication. type: str
- global-label - Label for the policy that appears when the GUI is in Global View mode. type: str
- groups - Names of user groups that can authenticate with this policy. type: str
- gtp-profile - GTP profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- identity-based-route - Name of identity-based routing rule. type: str
- inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: [disable, enable]
- internet-service - Enable/disable use of Internet Services for this policy. type: str choices: [disable, enable]
- internet-service-custom - Custom Internet Service Name. type: str
- internet-service-id - Internet Service ID. type: str
- internet-service-negate - When enabled internet-service specifies what the service must NOT be. type: str choices: [disable, enable]
- ippool - Enable to use IP Pools for source NAT. type: str choices: [disable, enable]
- ips-sensor - Name of an existing IPS sensor. type: str
- label - Label for the policy that appears when the GUI is in Section View mode. type: str
- learning-mode - Enable to allow everything, but log all of the meaningful data for security information gathering. type: str choices: [disable, enable]
- logtraffic - Enable or disable logging. type: str choices: [disable, enable, all, utm]
- logtraffic-start - Record logs when a session starts and ends. type: str choices: [disable, enable]
- match-vip - Enable to match packets that have had their destination addresses changed by a VIP. type: str choices: [disable, enable]
- mms-profile - Name of an existing MMS profile. type: str
- name - Policy name. type: str
- nat - Enable/disable source NAT. type: str choices: [disable, enable]
- natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: [disable, enable]
- natip - Policy-based IPsec VPN: source NAT IP address for outgoing traffic. type: str
- natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: [disable, enable]
- ntlm - Enable/disable NTLM authentication. type: str choices: [disable, enable]
- ntlm-enabled-browsers - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ntlm-guest - Enable/disable NTLM guest user access. type: str choices: [disable, enable]
- outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: [disable, enable]
- per-ip-shaper - Per-IP traffic shaper. type: str
- permit-any-host - Accept UDP packets from any host. type: str choices: [disable, enable]
- permit-stun-host - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. type: str choices: [disable, enable]
- policyid - Policy ID. type: int
- poolname - IP Pool names. type: str
- profile-group - Name of profile group. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- profile-type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: [single, group]
- radius-mac-auth-bypass - Enable MAC authentication bypass. type: str choices: [disable, enable]
- redirect-url - URL users are directed to after seeing and accepting the disclaimer or authenticating. type: str
- replacemsg-override-group - Override the default replacement message group for this policy. type: str
- rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: [disable, enable]
- rtp-addr - Address names if this is an RTP NAT policy. type: str
- rtp-nat - Enable Real Time Protocol (RTP) NAT. type: str choices: [disable, enable]
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: [disable, block, monitor]
- schedule - Schedule name. type: str
- schedule-timeout - Enable to force current sessions to end when the schedule object times out. type: str choices: [disable, enable]
- send-deny-packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str choices: [disable, enable]
- service - Service and service group names. type: str
- service-negate - When enabled service specifies what the service must NOT be. type: str choices: [disable, enable]
- session-ttl - Session TTL in seconds for sessions accepted by this policy. type: int
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- srcaddr - Source address and address group names. type: str
- srcaddr-negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: [disable, enable]
- srcintf - Incoming (ingress) interface. type: str
- ssl-mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: [disable, enable]
- ssl-mirror-intf - SSL mirror interface name. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- status - Enable or disable this policy. type: str choices: [disable, enable]
- tags - Names of object-tags applied to this policy. type: str
- tcp-mss-receiver - Receiver TCP maximum segment size (MSS). type: int
- tcp-mss-sender - Sender TCP maximum segment size (MSS). type: int
- tcp-session-without-syn - Enable/disable creation of TCP session without SYN flag. type: str choices: [all, data-only, disable]
- timeout-send-rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: [disable, enable]
- traffic-shaper - Traffic shaper. type: str
- traffic-shaper-reverse - Reverse traffic shaper. type: str
- url-category - URL category ID list. type: str
- users - Names of individual users that can authenticate with this policy. type: str
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str choices: [disable, enable]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- vlan-cos-fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- vlan-cos-rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- voip-profile - Name of an existing VoIP profile. type: str
- vpn_dst_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpn_src_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- wanopt - Enable/disable WAN optimization. type: str choices: [disable, enable]
- wanopt-detection - WAN optimization auto-detection mode. type: str choices: [active, passive, off]
- wanopt-passive-opt - WAN optimization passive mode options. type: str choices: [default, transparent, non-transparent]
- wanopt-peer - WAN optimization peer. type: str
- wanopt-profile - WAN optimization profile. type: str
- wccp - Enable/disable forwarding traffic matching this policy to a configured WCCP server. type: str choices: [disable, enable]
- webcache - Enable/disable web cache. type: str choices: [disable, enable]
- webcache-https - Enable/disable web cache for HTTPS. type: str choices: [disable, ssl-server, any, enable]
- webfilter-profile - Name of an existing Web filter profile. type: str
- wsso - Enable/disable WiFi Single Sign On (WSSO). type: str choices: [disable, enable]
- parameters for method: [delete] - Configure IPv4 policies.
- parameter collection 0
- parameter collection 1
- data - No description for the parameter type: dict
- attr - No description for the parameter type: str choices: [label, global-label]
- name - No description for the parameter type: str
- parameters for method: [get] - Configure IPv4 policies.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
- parameters for method: [move] - Configure IPv4 policies.
- option - No description for the parameter type: str choices: [before, after]
- target - Key to the target entry. type: str
- parameters for method: [set] - Configure IPv4 policies.
- parameter collection 0
- data - No description for the parameter type: dict
- action - Policy action (allow/deny/ipsec). type: str choices: [deny, accept, ipsec, ssl-vpn]
- app-category - Application category ID list. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- application-list - Name of an existing Application list. type: str
- auth-cert - HTTPS server certificate for policy authentication. type: str
- auth-path - Enable/disable authentication-based routing. type: str choices: [disable, enable]
- auth-redirect-addr - HTTP-to-HTTPS redirect address for firewall authentication. type: str
- auto-asic-offload - Enable/disable offloading security profile processing to CP processors. type: str choices: [disable, enable]
- av-profile - Name of an existing Antivirus profile. type: str
- block-notification - Enable/disable block notification. type: str choices: [disable, enable]
- captive-portal-exempt - Enable to exempt some users from the captive portal. type: str choices: [disable, enable]
- capture-packet - Enable/disable capture packets. type: str choices: [disable, enable]
- comments - No description for the parameter type: str
- custom-log-fields - Custom fields to append to log messages for this policy. type: str
- delay-tcp-npu-session - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. type: str choices: [disable, enable]
- devices - Names of devices or device groups that can be matched by the policy. type: str
- diffserv-forward - Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str choices: [disable, enable]
- diffserv-reverse - Enable to change packets reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: [disable, enable]
- diffservcode-forward - Change packets DiffServ to this value. type: str
- diffservcode-rev - Change packets reverse (reply) DiffServ to this value. type: str
- disclaimer - Enable/disable user authentication disclaimer. type: str choices: [disable, enable]
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- dscp-match - Enable DSCP check. type: str choices: [disable, enable]
- dscp-negate - Enable negated DSCP match. type: str choices: [disable, enable]
- dscp-value - DSCP value. type: str
- dsri - Enable DSRI to ignore HTTP server responses. type: str choices: [disable, enable]
- dstaddr - Destination address and address group names. type: str
- dstaddr-negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: [disable, enable]
- dstintf - Outgoing (egress) interface. type: str
- firewall-session-dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: [check-all, check-new]
- fixedport - Enable to prevent source NAT from changing a sessions source port. type: str choices: [disable, enable]
- fsso - Enable/disable Fortinet Single Sign-On. type: str choices: [disable, enable]
- fsso-agent-for-ntlm - FSSO agent to use for NTLM authentication. type: str
- global-label - Label for the policy that appears when the GUI is in Global View mode. type: str
- groups - Names of user groups that can authenticate with this policy. type: str
- gtp-profile - GTP profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- identity-based-route - Name of identity-based routing rule. type: str
- inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: [disable, enable]
- internet-service - Enable/disable use of Internet Services for this policy. type: str choices: [disable, enable]
- internet-service-custom - Custom Internet Service Name. type: str
- internet-service-id - Internet Service ID. type: str
- internet-service-negate - When enabled internet-service specifies what the service must NOT be. type: str choices: [disable, enable]
- ippool - Enable to use IP Pools for source NAT. type: str choices: [disable, enable]
- ips-sensor - Name of an existing IPS sensor. type: str
- label - Label for the policy that appears when the GUI is in Section View mode. type: str
- learning-mode - Enable to allow everything, but log all of the meaningful data for security information gathering. type: str choices: [disable, enable]
- logtraffic - Enable or disable logging. type: str choices: [disable, enable, all, utm]
- logtraffic-start - Record logs when a session starts and ends. type: str choices: [disable, enable]
- match-vip - Enable to match packets that have had their destination addresses changed by a VIP. type: str choices: [disable, enable]
- mms-profile - Name of an existing MMS profile. type: str
- name - Policy name. type: str
- nat - Enable/disable source NAT. type: str choices: [disable, enable]
- natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: [disable, enable]
- natip - Policy-based IPsec VPN: source NAT IP address for outgoing traffic. type: str
- natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: [disable, enable]
- ntlm - Enable/disable NTLM authentication. type: str choices: [disable, enable]
- ntlm-enabled-browsers - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ntlm-guest - Enable/disable NTLM guest user access. type: str choices: [disable, enable]
- outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: [disable, enable]
- per-ip-shaper - Per-IP traffic shaper. type: str
- permit-any-host - Accept UDP packets from any host. type: str choices: [disable, enable]
- permit-stun-host - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. type: str choices: [disable, enable]
- policyid - Policy ID. type: int
- poolname - IP Pool names. type: str
- profile-group - Name of profile group. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- profile-type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: [single, group]
- radius-mac-auth-bypass - Enable MAC authentication bypass. type: str choices: [disable, enable]
- redirect-url - URL users are directed to after seeing and accepting the disclaimer or authenticating. type: str
- replacemsg-override-group - Override the default replacement message group for this policy. type: str
- rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: [disable, enable]
- rtp-addr - Address names if this is an RTP NAT policy. type: str
- rtp-nat - Enable Real Time Protocol (RTP) NAT. type: str choices: [disable, enable]
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: [disable, block, monitor]
- schedule - Schedule name. type: str
- schedule-timeout - Enable to force current sessions to end when the schedule object times out. type: str choices: [disable, enable]
- send-deny-packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str choices: [disable, enable]
- service - Service and service group names. type: str
- service-negate - When enabled service specifies what the service must NOT be. type: str choices: [disable, enable]
- session-ttl - Session TTL in seconds for sessions accepted by this policy. type: int
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- srcaddr - Source address and address group names. type: str
- srcaddr-negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: [disable, enable]
- srcintf - Incoming (ingress) interface. type: str
- ssl-mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: [disable, enable]
- ssl-mirror-intf - SSL mirror interface name. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- status - Enable or disable this policy. type: str choices: [disable, enable]
- tags - Names of object-tags applied to this policy. type: str
- tcp-mss-receiver - Receiver TCP maximum segment size (MSS). type: int
- tcp-mss-sender - Sender TCP maximum segment size (MSS). type: int
- tcp-session-without-syn - Enable/disable creation of TCP session without SYN flag. type: str choices: [all, data-only, disable]
- timeout-send-rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: [disable, enable]
- traffic-shaper - Traffic shaper. type: str
- traffic-shaper-reverse - Reverse traffic shaper. type: str
- url-category - URL category ID list. type: str
- users - Names of individual users that can authenticate with this policy. type: str
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str choices: [disable, enable]
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- vlan-cos-fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- vlan-cos-rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- voip-profile - Name of an existing VoIP profile. type: str
- vpn_dst_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpn_src_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- wanopt - Enable/disable WAN optimization. type: str choices: [disable, enable]
- wanopt-detection - WAN optimization auto-detection mode. type: str choices: [active, passive, off]
- wanopt-passive-opt - WAN optimization passive mode options. type: str choices: [default, transparent, non-transparent]
- wanopt-peer - WAN optimization peer. type: str
- wanopt-profile - WAN optimization profile. type: str
- wccp - Enable/disable forwarding traffic matching this policy to a configured WCCP server. type: str choices: [disable, enable]
- webcache - Enable/disable web cache. type: str choices: [disable, enable]
- webcache-https - Enable/disable web cache for HTTPS. type: str choices: [disable, ssl-server, any, enable]
- webfilter-profile - Name of an existing Web filter profile. type: str
- wsso - Enable/disable WiFi Single Sign On (WSSO). type: str choices: [disable, enable]
- parameter collection 1
- data - No description for the parameter type: dict
- attr - No description for the parameter type: str choices: [label, global-label]
- name - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY/{POLICY}
fmgr_pkg_firewall_policy_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, update]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
policy: <value of string>
params:
-
data:
action: <value in [deny, accept, ipsec, ...]>
app-category: <value of string>
application:
- <value of integer>
application-list: <value of string>
auth-cert: <value of string>
auth-path: <value in [disable, enable]>
auth-redirect-addr: <value of string>
auto-asic-offload: <value in [disable, enable]>
av-profile: <value of string>
block-notification: <value in [disable, enable]>
captive-portal-exempt: <value in [disable, enable]>
capture-packet: <value in [disable, enable]>
comments: <value of string>
custom-log-fields: <value of string>
delay-tcp-npu-session: <value in [disable, enable]>
devices: <value of string>
diffserv-forward: <value in [disable, enable]>
diffserv-reverse: <value in [disable, enable]>
diffservcode-forward: <value of string>
diffservcode-rev: <value of string>
disclaimer: <value in [disable, enable]>
dlp-sensor: <value of string>
dnsfilter-profile: <value of string>
dscp-match: <value in [disable, enable]>
dscp-negate: <value in [disable, enable]>
dscp-value: <value of string>
dsri: <value in [disable, enable]>
dstaddr: <value of string>
dstaddr-negate: <value in [disable, enable]>
dstintf: <value of string>
firewall-session-dirty: <value in [check-all, check-new]>
fixedport: <value in [disable, enable]>
fsso: <value in [disable, enable]>
fsso-agent-for-ntlm: <value of string>
global-label: <value of string>
groups: <value of string>
gtp-profile: <value of string>
icap-profile: <value of string>
identity-based-route: <value of string>
inbound: <value in [disable, enable]>
internet-service: <value in [disable, enable]>
internet-service-custom: <value of string>
internet-service-id: <value of string>
internet-service-negate: <value in [disable, enable]>
ippool: <value in [disable, enable]>
ips-sensor: <value of string>
label: <value of string>
learning-mode: <value in [disable, enable]>
logtraffic: <value in [disable, enable, all, ...]>
logtraffic-start: <value in [disable, enable]>
match-vip: <value in [disable, enable]>
mms-profile: <value of string>
name: <value of string>
nat: <value in [disable, enable]>
natinbound: <value in [disable, enable]>
natip: <value of string>
natoutbound: <value in [disable, enable]>
ntlm: <value in [disable, enable]>
ntlm-enabled-browsers:
- <value of string>
ntlm-guest: <value in [disable, enable]>
outbound: <value in [disable, enable]>
per-ip-shaper: <value of string>
permit-any-host: <value in [disable, enable]>
permit-stun-host: <value in [disable, enable]>
policyid: <value of integer>
poolname: <value of string>
profile-group: <value of string>
profile-protocol-options: <value of string>
profile-type: <value in [single, group]>
radius-mac-auth-bypass: <value in [disable, enable]>
redirect-url: <value of string>
replacemsg-override-group: <value of string>
rsso: <value in [disable, enable]>
rtp-addr: <value of string>
rtp-nat: <value in [disable, enable]>
scan-botnet-connections: <value in [disable, block, monitor]>
schedule: <value of string>
schedule-timeout: <value in [disable, enable]>
send-deny-packet: <value in [disable, enable]>
service: <value of string>
service-negate: <value in [disable, enable]>
session-ttl: <value of integer>
spamfilter-profile: <value of string>
srcaddr: <value of string>
srcaddr-negate: <value in [disable, enable]>
srcintf: <value of string>
ssl-mirror: <value in [disable, enable]>
ssl-mirror-intf: <value of string>
ssl-ssh-profile: <value of string>
status: <value in [disable, enable]>
tags: <value of string>
tcp-mss-receiver: <value of integer>
tcp-mss-sender: <value of integer>
tcp-session-without-syn: <value in [all, data-only, disable]>
timeout-send-rst: <value in [disable, enable]>
traffic-shaper: <value of string>
traffic-shaper-reverse: <value of string>
url-category: <value of string>
users: <value of string>
utm-status: <value in [disable, enable]>
uuid: <value of string>
vlan-cos-fwd: <value of integer>
vlan-cos-rev: <value of integer>
voip-profile: <value of string>
vpn_dst_node:
-
host: <value of string>
seq: <value of integer>
subnet: <value of string>
vpn_src_node:
-
host: <value of string>
seq: <value of integer>
subnet: <value of string>
vpntunnel: <value of string>
waf-profile: <value of string>
wanopt: <value in [disable, enable]>
wanopt-detection: <value in [active, passive, off]>
wanopt-passive-opt: <value in [default, transparent, non-transparent]>
wanopt-peer: <value of string>
wanopt-profile: <value of string>
wccp: <value in [disable, enable]>
webcache: <value in [disable, enable]>
webcache-https: <value in [disable, ssl-server, any, ...]>
webfilter-profile: <value of string>
wsso: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY/{POLICY}
fmgr_pkg_firewall_policy_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [delete]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
policy: <value of string>
params:
-
data:
attr: <value in [label, global-label]>
name: <value of string>
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY/{POLICY}
fmgr_pkg_firewall_policy_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
policy: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY/{POLICY}
fmgr_pkg_firewall_policy_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [move]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
policy: <value of string>
params:
-
option: <value in [before, after]>
target: <value of string>
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY/{POLICY}
fmgr_pkg_firewall_policy_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
policy: <value of string>
params:
-
data:
action: <value in [deny, accept, ipsec, ...]>
app-category: <value of string>
application:
- <value of integer>
application-list: <value of string>
auth-cert: <value of string>
auth-path: <value in [disable, enable]>
auth-redirect-addr: <value of string>
auto-asic-offload: <value in [disable, enable]>
av-profile: <value of string>
block-notification: <value in [disable, enable]>
captive-portal-exempt: <value in [disable, enable]>
capture-packet: <value in [disable, enable]>
comments: <value of string>
custom-log-fields: <value of string>
delay-tcp-npu-session: <value in [disable, enable]>
devices: <value of string>
diffserv-forward: <value in [disable, enable]>
diffserv-reverse: <value in [disable, enable]>
diffservcode-forward: <value of string>
diffservcode-rev: <value of string>
disclaimer: <value in [disable, enable]>
dlp-sensor: <value of string>
dnsfilter-profile: <value of string>
dscp-match: <value in [disable, enable]>
dscp-negate: <value in [disable, enable]>
dscp-value: <value of string>
dsri: <value in [disable, enable]>
dstaddr: <value of string>
dstaddr-negate: <value in [disable, enable]>
dstintf: <value of string>
firewall-session-dirty: <value in [check-all, check-new]>
fixedport: <value in [disable, enable]>
fsso: <value in [disable, enable]>
fsso-agent-for-ntlm: <value of string>
global-label: <value of string>
groups: <value of string>
gtp-profile: <value of string>
icap-profile: <value of string>
identity-based-route: <value of string>
inbound: <value in [disable, enable]>
internet-service: <value in [disable, enable]>
internet-service-custom: <value of string>
internet-service-id: <value of string>
internet-service-negate: <value in [disable, enable]>
ippool: <value in [disable, enable]>
ips-sensor: <value of string>
label: <value of string>
learning-mode: <value in [disable, enable]>
logtraffic: <value in [disable, enable, all, ...]>
logtraffic-start: <value in [disable, enable]>
match-vip: <value in [disable, enable]>
mms-profile: <value of string>
name: <value of string>
nat: <value in [disable, enable]>
natinbound: <value in [disable, enable]>
natip: <value of string>
natoutbound: <value in [disable, enable]>
ntlm: <value in [disable, enable]>
ntlm-enabled-browsers:
- <value of string>
ntlm-guest: <value in [disable, enable]>
outbound: <value in [disable, enable]>
per-ip-shaper: <value of string>
permit-any-host: <value in [disable, enable]>
permit-stun-host: <value in [disable, enable]>
policyid: <value of integer>
poolname: <value of string>
profile-group: <value of string>
profile-protocol-options: <value of string>
profile-type: <value in [single, group]>
radius-mac-auth-bypass: <value in [disable, enable]>
redirect-url: <value of string>
replacemsg-override-group: <value of string>
rsso: <value in [disable, enable]>
rtp-addr: <value of string>
rtp-nat: <value in [disable, enable]>
scan-botnet-connections: <value in [disable, block, monitor]>
schedule: <value of string>
schedule-timeout: <value in [disable, enable]>
send-deny-packet: <value in [disable, enable]>
service: <value of string>
service-negate: <value in [disable, enable]>
session-ttl: <value of integer>
spamfilter-profile: <value of string>
srcaddr: <value of string>
srcaddr-negate: <value in [disable, enable]>
srcintf: <value of string>
ssl-mirror: <value in [disable, enable]>
ssl-mirror-intf: <value of string>
ssl-ssh-profile: <value of string>
status: <value in [disable, enable]>
tags: <value of string>
tcp-mss-receiver: <value of integer>
tcp-mss-sender: <value of integer>
tcp-session-without-syn: <value in [all, data-only, disable]>
timeout-send-rst: <value in [disable, enable]>
traffic-shaper: <value of string>
traffic-shaper-reverse: <value of string>
url-category: <value of string>
users: <value of string>
utm-status: <value in [disable, enable]>
uuid: <value of string>
vlan-cos-fwd: <value of integer>
vlan-cos-rev: <value of integer>
voip-profile: <value of string>
vpn_dst_node:
-
host: <value of string>
seq: <value of integer>
subnet: <value of string>
vpn_src_node:
-
host: <value of string>
seq: <value of integer>
subnet: <value of string>
vpntunnel: <value of string>
waf-profile: <value of string>
wanopt: <value in [disable, enable]>
wanopt-detection: <value in [active, passive, off]>
wanopt-passive-opt: <value in [default, transparent, non-transparent]>
wanopt-peer: <value of string>
wanopt-profile: <value of string>
wccp: <value in [disable, enable]>
webcache: <value in [disable, enable]>
webcache-https: <value in [disable, ssl-server, any, ...]>
webfilter-profile: <value of string>
wsso: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY/{POLICY}
fmgr_pkg_firewall_policy_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set]>
url_params:
adom: <value in [none, global, custom dom]>
pkg: <value of string>
policy: <value of string>
params:
-
data:
attr: <value in [label, global-label]>
name: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, move, update]
- data
- No description for the parameter type: dict
- policyid - Policy ID. type: int
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy/{policy}
- return values for method: [delete]
- return values collection 0
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy/{policy}
- return values collection 1
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy/{policy}
- return values for method: [get]
- data
- No description for the parameter type: dict
- action - Policy action (allow/deny/ipsec). type: str
- app-category - Application category ID list. type: str
- application - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- application-list - Name of an existing Application list. type: str
- auth-cert - HTTPS server certificate for policy authentication. type: str
- auth-path - Enable/disable authentication-based routing. type: str
- auth-redirect-addr - HTTP-to-HTTPS redirect address for firewall authentication. type: str
- auto-asic-offload - Enable/disable offloading security profile processing to CP processors. type: str
- av-profile - Name of an existing Antivirus profile. type: str
- block-notification - Enable/disable block notification. type: str
- captive-portal-exempt - Enable to exempt some users from the captive portal. type: str
- capture-packet - Enable/disable capture packets. type: str
- comments - No description for the parameter type: str
- custom-log-fields - Custom fields to append to log messages for this policy. type: str
- delay-tcp-npu-session - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. type: str
- devices - Names of devices or device groups that can be matched by the policy. type: str
- diffserv-forward - Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str
- diffserv-reverse - Enable to change packets reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str
- diffservcode-forward - Change packets DiffServ to this value. type: str
- diffservcode-rev - Change packets reverse (reply) DiffServ to this value. type: str
- disclaimer - Enable/disable user authentication disclaimer. type: str
- dlp-sensor - Name of an existing DLP sensor. type: str
- dnsfilter-profile - Name of an existing DNS filter profile. type: str
- dscp-match - Enable DSCP check. type: str
- dscp-negate - Enable negated DSCP match. type: str
- dscp-value - DSCP value. type: str
- dsri - Enable DSRI to ignore HTTP server responses. type: str
- dstaddr - Destination address and address group names. type: str
- dstaddr-negate - When enabled dstaddr specifies what the destination address must NOT be. type: str
- dstintf - Outgoing (egress) interface. type: str
- firewall-session-dirty - How to handle sessions if the configuration of this firewall policy changes. type: str
- fixedport - Enable to prevent source NAT from changing a sessions source port. type: str
- fsso - Enable/disable Fortinet Single Sign-On. type: str
- fsso-agent-for-ntlm - FSSO agent to use for NTLM authentication. type: str
- global-label - Label for the policy that appears when the GUI is in Global View mode. type: str
- groups - Names of user groups that can authenticate with this policy. type: str
- gtp-profile - GTP profile. type: str
- icap-profile - Name of an existing ICAP profile. type: str
- identity-based-route - Name of identity-based routing rule. type: str
- inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str
- internet-service - Enable/disable use of Internet Services for this policy. type: str
- internet-service-custom - Custom Internet Service Name. type: str
- internet-service-id - Internet Service ID. type: str
- internet-service-negate - When enabled internet-service specifies what the service must NOT be. type: str
- ippool - Enable to use IP Pools for source NAT. type: str
- ips-sensor - Name of an existing IPS sensor. type: str
- label - Label for the policy that appears when the GUI is in Section View mode. type: str
- learning-mode - Enable to allow everything, but log all of the meaningful data for security information gathering. type: str
- logtraffic - Enable or disable logging. type: str
- logtraffic-start - Record logs when a session starts and ends. type: str
- match-vip - Enable to match packets that have had their destination addresses changed by a VIP. type: str
- mms-profile - Name of an existing MMS profile. type: str
- name - Policy name. type: str
- nat - Enable/disable source NAT. type: str
- natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str
- natip - Policy-based IPsec VPN: source NAT IP address for outgoing traffic. type: str
- natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str
- ntlm - Enable/disable NTLM authentication. type: str
- ntlm-enabled-browsers - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ntlm-guest - Enable/disable NTLM guest user access. type: str
- outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str
- per-ip-shaper - Per-IP traffic shaper. type: str
- permit-any-host - Accept UDP packets from any host. type: str
- permit-stun-host - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. type: str
- policyid - Policy ID. type: int
- poolname - IP Pool names. type: str
- profile-group - Name of profile group. type: str
- profile-protocol-options - Name of an existing Protocol options profile. type: str
- profile-type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str
- radius-mac-auth-bypass - Enable MAC authentication bypass. type: str
- redirect-url - URL users are directed to after seeing and accepting the disclaimer or authenticating. type: str
- replacemsg-override-group - Override the default replacement message group for this policy. type: str
- rsso - Enable/disable RADIUS single sign-on (RSSO). type: str
- rtp-addr - Address names if this is an RTP NAT policy. type: str
- rtp-nat - Enable Real Time Protocol (RTP) NAT. type: str
- scan-botnet-connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str
- schedule - Schedule name. type: str
- schedule-timeout - Enable to force current sessions to end when the schedule object times out. type: str
- send-deny-packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str
- service - Service and service group names. type: str
- service-negate - When enabled service specifies what the service must NOT be. type: str
- session-ttl - Session TTL in seconds for sessions accepted by this policy. type: int
- spamfilter-profile - Name of an existing Spam filter profile. type: str
- srcaddr - Source address and address group names. type: str
- srcaddr-negate - When enabled srcaddr specifies what the source address must NOT be. type: str
- srcintf - Incoming (ingress) interface. type: str
- ssl-mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str
- ssl-mirror-intf - SSL mirror interface name. type: str
- ssl-ssh-profile - Name of an existing SSL SSH profile. type: str
- status - Enable or disable this policy. type: str
- tags - Names of object-tags applied to this policy. type: str
- tcp-mss-receiver - Receiver TCP maximum segment size (MSS). type: int
- tcp-mss-sender - Sender TCP maximum segment size (MSS). type: int
- tcp-session-without-syn - Enable/disable creation of TCP session without SYN flag. type: str
- timeout-send-rst - Enable/disable sending RST packets when TCP sessions expire. type: str
- traffic-shaper - Traffic shaper. type: str
- traffic-shaper-reverse - Reverse traffic shaper. type: str
- url-category - URL category ID list. type: str
- users - Names of individual users that can authenticate with this policy. type: str
- utm-status - Enable to add one or more security profiles (AV, IPS, etc. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- vlan-cos-fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- vlan-cos-rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- voip-profile - Name of an existing VoIP profile. type: str
- vpn_dst_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpn_src_node - No description for the parameter type: array
- host - No description for the parameter type: str
- seq - No description for the parameter type: int
- subnet - No description for the parameter type: str
- vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. type: str
- waf-profile - Name of an existing Web application firewall profile. type: str
- wanopt - Enable/disable WAN optimization. type: str
- wanopt-detection - WAN optimization auto-detection mode. type: str
- wanopt-passive-opt - WAN optimization passive mode options. type: str
- wanopt-peer - WAN optimization peer. type: str
- wanopt-profile - WAN optimization profile. type: str
- wccp - Enable/disable forwarding traffic matching this policy to a configured WCCP server. type: str
- webcache - Enable/disable web cache. type: str
- webcache-https - Enable/disable web cache for HTTPS. type: str
- webfilter-profile - Name of an existing Web filter profile. type: str
- wsso - Enable/disable WiFi Single Sign On (WSSO). type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy/{policy}
- return values for method: [set]
- return values collection 0
- data
- No description for the parameter type: dict
- policyid - Policy ID. type: int
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy/{policy}
- return values collection 1
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy/{policy}
fmgr_pm_devprof_adom_obj¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/devprof/adom/{adom}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] -
- data - No description for the parameter type: array
- description - No description for the parameter type: str
- enabled options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [none, dns, ntp, email, admin, snmp, repmsg, ftgd, log]
- name - No description for the parameter type: str
- oid - No description for the parameter type: int
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str choices: [devprof]
- parameters for method: [get] -
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [description, enabled options, name, oid, scope member, type]
- {no-name} - No description for the parameter type: array
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/DEVPROF/ADOM/{ADOM}
fmgr_pm_devprof_adom_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
description: <value of string>
enabled options:
- <value in [none, dns, ntp, ...]>
name: <value of string>
oid: <value of integer>
scope member:
-
name: <value of string>
vdom: <value of string>
type: <value in [devprof]>
- name: REQUESTING /PM/DEVPROF/ADOM/{ADOM}
fmgr_pm_devprof_adom_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
fields:
-
- <value in [description, enabled options, name, ...]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/devprof/adom/{adom}
- return values for method: [get]
- data
- No description for the parameter type: array
- description - No description for the parameter type: str
- enabled options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- name - No description for the parameter type: str
- oid - No description for the parameter type: int
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/devprof/adom/{adom}
fmgr_pm_devprof_obj¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/devprof/adom/{adom}/{pkg_path}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- pkg_path - the object name type: str
- parameters for method: [delete] -
- parameters for method: [get] -
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [description, enabled options, name, oid, scope member, type]
- {no-name} - No description for the parameter type: array
- parameters for method: [set, update] -
- data - No description for the parameter type: dict
- description - No description for the parameter type: str
- enabled options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [none, dns, ntp, email, admin, snmp, repmsg, ftgd, log]
- name - No description for the parameter type: str
- oid - No description for the parameter type: int
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str choices: [devprof]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/DEVPROF/{PKG_PATH}
fmgr_pm_devprof_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
pkg_path: <value of string>
params:
-
fields:
-
- <value in [description, enabled options, name, ...]>
- name: REQUESTING /PM/DEVPROF/{PKG_PATH}
fmgr_pm_devprof_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
pkg_path: <value of string>
params:
-
data:
description: <value of string>
enabled options:
- <value in [none, dns, ntp, ...]>
name: <value of string>
oid: <value of integer>
scope member:
-
name: <value of string>
vdom: <value of string>
type: <value in [devprof]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/devprof/adom/{adom}/{pkg_path}
- return values for method: [get]
- data
- No description for the parameter type: dict
- description - No description for the parameter type: str
- enabled options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- name - No description for the parameter type: str
- oid - No description for the parameter type: int
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/devprof/adom/{adom}/{pkg_path}
fmgr_pm_pkg_adom_obj¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/pkg/adom/{adom}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] -
- data - No description for the parameter type: array
- name - No description for the parameter type: str
- obj ver - No description for the parameter type: int
- oid - No description for the parameter type: int
- package setting
- central-nat - No description for the parameter type: str choices: [disable, enable]
- consolidated-firewall-mode - No description for the parameter type: str choices: [disable, enable]
- fwpolicy-implicit-log - No description for the parameter type: str choices: [disable, enable]
- fwpolicy6-implicit-log - No description for the parameter type: str choices: [disable, enable]
- inspection-mode - No description for the parameter type: str choices: [proxy, flow]
- ngfw-mode - No description for the parameter type: str choices: [profile-based, policy-based]
- ssl-ssh-profile - No description for the parameter type: str
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str choices: [pkg, folder]
- parameters for method: [get] -
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [name, obj ver, oid, scope member, type]
- {no-name} - No description for the parameter type: array
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/PKG/ADOM/{ADOM}
fmgr_pm_pkg_adom_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
name: <value of string>
obj ver: <value of integer>
oid: <value of integer>
package setting:
central-nat: <value in [disable, enable]>
consolidated-firewall-mode: <value in [disable, enable]>
fwpolicy-implicit-log: <value in [disable, enable]>
fwpolicy6-implicit-log: <value in [disable, enable]>
inspection-mode: <value in [proxy, flow]>
ngfw-mode: <value in [profile-based, policy-based]>
ssl-ssh-profile: <value of string>
scope member:
-
name: <value of string>
vdom: <value of string>
type: <value in [pkg, folder]>
- name: REQUESTING /PM/PKG/ADOM/{ADOM}
fmgr_pm_pkg_adom_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
fields:
-
- <value in [name, obj ver, oid, ...]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/pkg/adom/{adom}
- return values for method: [get]
- data
- No description for the parameter type: array
- name - No description for the parameter type: str
- obj ver - No description for the parameter type: int
- oid - No description for the parameter type: int
- package setting
- central-nat - No description for the parameter type: str
- consolidated-firewall-mode - No description for the parameter type: str
- fwpolicy-implicit-log - No description for the parameter type: str
- fwpolicy6-implicit-log - No description for the parameter type: str
- inspection-mode - No description for the parameter type: str
- ngfw-mode - No description for the parameter type: str
- ssl-ssh-profile - No description for the parameter type: str
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/pkg/adom/{adom}
fmgr_pm_pkg_obj¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/pkg/adom/{adom}/{pkg_path}
- /pm/pkg/global/{pkg_path}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- pkg_path - the object name type: str
- parameters for method: [delete] -
- parameters for method: [get] -
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [name, obj ver, oid, scope member, type]
- {no-name} - No description for the parameter type: array
- parameters for method: [set, update] -
- data - No description for the parameter type: dict
- name - No description for the parameter type: str
- obj ver - No description for the parameter type: int
- oid - No description for the parameter type: int
- package setting
- central-nat - No description for the parameter type: str choices: [disable, enable]
- consolidated-firewall-mode - No description for the parameter type: str choices: [disable, enable]
- fwpolicy-implicit-log - No description for the parameter type: str choices: [disable, enable]
- fwpolicy6-implicit-log - No description for the parameter type: str choices: [disable, enable]
- inspection-mode - No description for the parameter type: str choices: [proxy, flow]
- ngfw-mode - No description for the parameter type: str choices: [profile-based, policy-based]
- ssl-ssh-profile - No description for the parameter type: str
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str choices: [pkg, folder]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/PKG/{PKG_PATH}
fmgr_pm_pkg_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
pkg_path: <value of string>
params:
-
fields:
-
- <value in [name, obj ver, oid, ...]>
- name: REQUESTING /PM/PKG/{PKG_PATH}
fmgr_pm_pkg_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
adom: <value in [none, global, custom dom]>
pkg_path: <value of string>
params:
-
data:
name: <value of string>
obj ver: <value of integer>
oid: <value of integer>
package setting:
central-nat: <value in [disable, enable]>
consolidated-firewall-mode: <value in [disable, enable]>
fwpolicy-implicit-log: <value in [disable, enable]>
fwpolicy6-implicit-log: <value in [disable, enable]>
inspection-mode: <value in [proxy, flow]>
ngfw-mode: <value in [profile-based, policy-based]>
ssl-ssh-profile: <value of string>
scope member:
-
name: <value of string>
vdom: <value of string>
type: <value in [pkg, folder]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/pkg/adom/{adom}/{pkg_path}
- return values for method: [get]
- data
- No description for the parameter type: dict
- name - No description for the parameter type: str
- obj ver - No description for the parameter type: int
- oid - No description for the parameter type: int
- package setting
- central-nat - No description for the parameter type: str
- consolidated-firewall-mode - No description for the parameter type: str
- fwpolicy-implicit-log - No description for the parameter type: str
- fwpolicy6-implicit-log - No description for the parameter type: str
- inspection-mode - No description for the parameter type: str
- ngfw-mode - No description for the parameter type: str
- ssl-ssh-profile - No description for the parameter type: str
- scope member - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
- type - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/pkg/adom/{adom}/{pkg_path}
fmgr_securityconsole_install_device¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [exec] the following FortiManager json-rpc urls.
- /securityconsole/install/device
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [exec] -
- data - No description for the parameter type: dict
- adom - Source ADOM name. type: str
- dev_rev_comments - No description for the parameter type: str
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [none, preview, auto_lock_ws]
- scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /SECURITYCONSOLE/INSTALL/DEVICE
fmgr_securityconsole_install_device:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [exec]>
params:
-
data:
adom: <value of string>
dev_rev_comments: <value of string>
flags:
- <value in [none, preview, auto_lock_ws]>
scope:
-
name: <value of string>
vdom: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [exec]
- data
- No description for the parameter type: dict
- task - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /securityconsole/install/device
fmgr_securityconsole_install_package – Copy and install a policy package to devices.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [exec] the following FortiManager json-rpc urls.
- /securityconsole/install/package
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [exec] - Copy and install a policy package to devices.
- data - No description for the parameter type: dict
- adom - Source ADOM name. type: str
- adom_rev_comments - If "generate_rev" flag is set, the comment for the new ADOM revision. type: str
- adom_rev_name - If "generate_rev" flag is set, the name for the new ADOM revision. type: str
- dev_rev_comments - Comments for the device configuration revision that will be generated during install. type: str
- flags - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [none, cp_all_objs, preview, generate_rev, copy_assigned_pkg, unassign, ifpolicy_only, no_ifpolicy, objs_only, auto_lock_ws, check_pkg_st, copy_only]
- pkg - Source package path and name. type: str
- scope - No description for the parameter type: array
- name - No description for the parameter type: str
- vdom - No description for the parameter type: str
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /SECURITYCONSOLE/INSTALL/PACKAGE
fmgr_securityconsole_install_package:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [exec]>
params:
-
data:
adom: <value of string>
adom_rev_comments: <value of string>
adom_rev_name: <value of string>
dev_rev_comments: <value of string>
flags:
- <value in [none, cp_all_objs, preview, ...]>
pkg: <value of string>
scope:
-
name: <value of string>
vdom: <value of string>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [exec]
- data
- No description for the parameter type: dict
- task - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /securityconsole/install/package
fmgr_spamfilter_profile – Configure AntiSpam profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/spamfilter/profile
- /pm/config/global/obj/spamfilter/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure AntiSpam profiles.
- data - No description for the parameter type: array
- comment - Comment. type: str
- external - Enable/disable external Email inspection. type: str choices: [disable, enable]
- flow-based - Enable/disable flow-based spam filtering. type: str choices: [disable, enable]
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [bannedword, spamemailbwl, spamfsip, spamfssubmit, spamfschksum, spamfsurl, spamhelodns, spamipbwl, spamraddrdns, spamrbl, spamhdrcheck, spamfsphish, spambwl]
- replacemsg-group - Replacement message group. type: str
- spam-bwl-table - Anti-spam black/white list table ID. type: str
- spam-bword-table - Anti-spam banned word table ID. type: str
- spam-bword-threshold - Spam banned word threshold. type: int
- spam-filtering - Enable/disable spam filtering. type: str choices: [disable, enable]
- spam-iptrust-table - Anti-spam IP trust table ID. type: str
- spam-log - Enable/disable spam logging for email filtering. type: str choices: [disable, enable]
- spam-log-fortiguard-response - Enable/disable logging FortiGuard spam response. type: str choices: [disable, enable]
- spam-mheader-table - Anti-spam MIME header table ID. type: str
- spam-rbl-table - Anti-spam DNSBL table ID. type: str
- parameters for method: [get] - Configure AntiSpam profiles.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [comment, external, flow-based, name, options, replacemsg-group, spam-bwl-table, spam-bword-table, spam-bword-threshold, spam-filtering, spam-iptrust-table, spam-log, spam-log-fortiguard-response, spam-mheader-table, spam-rbl-table]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/SPAMFILTER/PROFILE
fmgr_spamfilter_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
comment: <value of string>
external: <value in [disable, enable]>
flow-based: <value in [disable, enable]>
name: <value of string>
options:
- <value in [bannedword, spamemailbwl, spamfsip, ...]>
replacemsg-group: <value of string>
spam-bwl-table: <value of string>
spam-bword-table: <value of string>
spam-bword-threshold: <value of integer>
spam-filtering: <value in [disable, enable]>
spam-iptrust-table: <value of string>
spam-log: <value in [disable, enable]>
spam-log-fortiguard-response: <value in [disable, enable]>
spam-mheader-table: <value of string>
spam-rbl-table: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/SPAMFILTER/PROFILE
fmgr_spamfilter_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [comment, external, flow-based, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/spamfilter/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- comment - Comment. type: str
- external - Enable/disable external Email inspection. type: str
- flow-based - Enable/disable flow-based spam filtering. type: str
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- replacemsg-group - Replacement message group. type: str
- spam-bwl-table - Anti-spam black/white list table ID. type: str
- spam-bword-table - Anti-spam banned word table ID. type: str
- spam-bword-threshold - Spam banned word threshold. type: int
- spam-filtering - Enable/disable spam filtering. type: str
- spam-iptrust-table - Anti-spam IP trust table ID. type: str
- spam-log - Enable/disable spam logging for email filtering. type: str
- spam-log-fortiguard-response - Enable/disable logging FortiGuard spam response. type: str
- spam-mheader-table - Anti-spam MIME header table ID. type: str
- spam-rbl-table - Anti-spam DNSBL table ID. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/spamfilter/profile
fmgr_spamfilter_profile_obj – Configure AntiSpam profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/spamfilter/profile/{profile}
- /pm/config/global/obj/spamfilter/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Configure AntiSpam profiles.
- data - No description for the parameter type: dict
- comment - Comment. type: str
- external - Enable/disable external Email inspection. type: str choices: [disable, enable]
- flow-based - Enable/disable flow-based spam filtering. type: str choices: [disable, enable]
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [bannedword, spamemailbwl, spamfsip, spamfssubmit, spamfschksum, spamfsurl, spamhelodns, spamipbwl, spamraddrdns, spamrbl, spamhdrcheck, spamfsphish, spambwl]
- replacemsg-group - Replacement message group. type: str
- spam-bwl-table - Anti-spam black/white list table ID. type: str
- spam-bword-table - Anti-spam banned word table ID. type: str
- spam-bword-threshold - Spam banned word threshold. type: int
- spam-filtering - Enable/disable spam filtering. type: str choices: [disable, enable]
- spam-iptrust-table - Anti-spam IP trust table ID. type: str
- spam-log - Enable/disable spam logging for email filtering. type: str choices: [disable, enable]
- spam-log-fortiguard-response - Enable/disable logging FortiGuard spam response. type: str choices: [disable, enable]
- spam-mheader-table - Anti-spam MIME header table ID. type: str
- spam-rbl-table - Anti-spam DNSBL table ID. type: str
- parameters for method: [delete] - Configure AntiSpam profiles.
- parameters for method: [get] - Configure AntiSpam profiles.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/SPAMFILTER/PROFILE/{PROFILE}
fmgr_spamfilter_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
comment: <value of string>
external: <value in [disable, enable]>
flow-based: <value in [disable, enable]>
name: <value of string>
options:
- <value in [bannedword, spamemailbwl, spamfsip, ...]>
replacemsg-group: <value of string>
spam-bwl-table: <value of string>
spam-bword-table: <value of string>
spam-bword-threshold: <value of integer>
spam-filtering: <value in [disable, enable]>
spam-iptrust-table: <value of string>
spam-log: <value in [disable, enable]>
spam-log-fortiguard-response: <value in [disable, enable]>
spam-mheader-table: <value of string>
spam-rbl-table: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/SPAMFILTER/PROFILE/{PROFILE}
fmgr_spamfilter_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/spamfilter/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- comment - Comment. type: str
- external - Enable/disable external Email inspection. type: str
- flow-based - Enable/disable flow-based spam filtering. type: str
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- replacemsg-group - Replacement message group. type: str
- spam-bwl-table - Anti-spam black/white list table ID. type: str
- spam-bword-table - Anti-spam banned word table ID. type: str
- spam-bword-threshold - Spam banned word threshold. type: int
- spam-filtering - Enable/disable spam filtering. type: str
- spam-iptrust-table - Anti-spam IP trust table ID. type: str
- spam-log - Enable/disable spam logging for email filtering. type: str
- spam-log-fortiguard-response - Enable/disable logging FortiGuard spam response. type: str
- spam-mheader-table - Anti-spam MIME header table ID. type: str
- spam-rbl-table - Anti-spam DNSBL table ID. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/spamfilter/profile/{profile}
fmgr_system_global – Global range attributes.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /cli/global/system/global
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [get] - Global range attributes.
- parameters for method: [set, update] - Global range attributes.
- data - No description for the parameter type: dict
- admin-lockout-duration - Lockout duration(sec) for administration. type: int default: 60
- admin-lockout-threshold - Lockout threshold for administration. type: int default: 3
- adom-mode - ADOM mode. type: str choices: [normal, advanced] default: normal
- adom-rev-auto-delete - Auto delete features for old ADOM revisions. type: str choices: [disable, by-revisions, by-days] default: by-revisions
- adom-rev-max-backup-revisions - Maximum number of ADOM revisions to backup. type: int default: 5
- adom-rev-max-days - Number of days to keep old ADOM revisions. type: int default: 30
- adom-rev-max-revisions - Maximum number of ADOM revisions to keep. type: int default: 120
- adom-select - Enable/disable select ADOM after login. type: str choices: [disable, enable] default: enable
- adom-status - ADOM status. type: str choices: [disable, enable] default: disable
- clt-cert-req - Require client certificate for GUI login. type: str choices: [disable, enable, optional] default: disable
- console-output - Console output mode. type: str choices: [standard, more] default: standard
- country-flag - Country flag Status. type: str choices: [disable, enable] default: enable
- create-revision - Enable/disable create revision by default. type: str choices: [disable, enable] default: disable
- daylightsavetime - Enable/disable daylight saving time. type: str choices: [disable, enable] default: enable
- default-disk-quota - Default disk quota for registered device (MB). type: int default: 1000
- detect-unregistered-log-device - Detect unregistered logging device from log message. type: str choices: [disable, enable] default: enable
- device-view-mode - Set devices/groups view mode. type: str choices: [regular, tree] default: regular
- dh-params - Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). type: str choices: [1024, 1536, 2048, 3072, 4096, 6144, 8192] default: 2048
- disable-module - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [fortiview-noc]
- enc-algorithm - SSL communication encryption algorithms. type: str choices: [low, medium, high] default: high
- faz-status - FAZ status. type: str choices: [disable, enable] default: disable
- fgfm-local-cert - set the fgfm local certificate. type: str
- fgfm-ssl-protocol - set the lowest SSL protocols for fgfmsd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2] default: tlsv1.2
- ha-member-auto-grouping - Enable/disable automatically group HA members feature type: str choices: [disable, enable] default: enable
- hitcount_concurrent - The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int default: 100
- hitcount_interval - The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). type: int default: 300
- hostname - System hostname. type: str default: FMG-VM64
- import-ignore-addr-cmt - Enable/Disable import ignore of address comments. type: str choices: [disable, enable] default: disable
- language - System global language. type: str choices: [english, simch, japanese, korean, spanish, trach] default: english
- latitude - fmg location latitude type: str
- ldap-cache-timeout - LDAP browser cache timeout (seconds). type: int default: 86400
- ldapconntimeout - LDAP connection timeout (msec). type: int default: 60000
- lock-preempt - Enable/disable ADOM lock override. type: str choices: [disable, enable] default: disable
- log-checksum - Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str choices: [none, md5, md5-auth] default: none
- log-forward-cache-size - Log forwarding disk cache size (GB). type: int default: 0
- longitude - fmg location longitude type: str
- max-log-forward - Maximum number of log-forward and aggregation settings. type: int default: 5
- max-running-reports - Maximum number of reports generating at one time. type: int default: 1
- oftp-ssl-protocol - set the lowest SSL protocols for oftpd. type: str choices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2] default: tlsv1.2
- partial-install - Enable/Disable partial install (install some objects). type: str choices: [disable, enable] default: disable
- partial-install-force - Enable/Disable partial install when devdb is modified. type: str choices: [disable, enable] default: disable
- partial-install-rev - Enable/Disable auto creating adom revision for partial install. type: str choices: [disable, enable] default: disable
- perform-improve-by-ha - Enable/Disable performance improvement by distributing tasks to HA slaves. type: str choices: [disable, enable] default: disable
- policy-hit-count - show policy hit count. type: str choices: [disable, enable] default: disable
- policy-object-in-dual-pane - show policies and objects in dual pane. type: str choices: [disable, enable] default: disable
- pre-login-banner - Enable/disable pre-login banner. type: str choices: [disable, enable] default: disable
- pre-login-banner-message - Pre-login banner message. type: str
- remoteauthtimeout - Remote authentication (RADIUS/LDAP) timeout (sec). type: int default: 10
- search-all-adoms - Enable/Disable Search all ADOMs for where-used query. type: str choices: [disable, enable] default: disable
- ssl-low-encryption - SSL low-grade encryption. type: str choices: [disable, enable] default: disable
- ssl-protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3]
- ssl-static-key-ciphers - Enable/disable SSL static key ciphers. type: str choices: [disable, enable] default: enable
- task-list-size - Maximum number of completed tasks to keep. type: int default: 2000
- tftp - Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: str choices: [disable, enable] default: disable
- timezone - Time zone. type: str choices: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89] default: 04
- tunnel-mtu - Maximum transportation unit(68 - 9000). type: int default: 1500
- usg - Enable/disable Fortiguard server restriction. type: str choices: [disable, enable] default: disable
- vdom-mirror - VDOM mirror. type: str choices: [disable, enable] default: disable
- webservice-proto - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2]
- workflow-max-sessions - Maximum number of workflow sessions per ADOM (minimum 100). type: int default: 500
- workspace-mode - Set workspace mode (ADOM Locking). type: str choices: [disabled, normal, workflow] default: disabled
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /CLI/SYSTEM/GLOBAL
fmgr_system_global:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
params:
-
data:
admin-lockout-duration: <value of integer default: 60>
admin-lockout-threshold: <value of integer default: 3>
adom-mode: <value in [normal, advanced] default: 'normal'>
adom-rev-auto-delete: <value in [disable, by-revisions, by-days] default: 'by-revisions'>
adom-rev-max-backup-revisions: <value of integer default: 5>
adom-rev-max-days: <value of integer default: 30>
adom-rev-max-revisions: <value of integer default: 120>
adom-select: <value in [disable, enable] default: 'enable'>
adom-status: <value in [disable, enable] default: 'disable'>
clt-cert-req: <value in [disable, enable, optional] default: 'disable'>
console-output: <value in [standard, more] default: 'standard'>
country-flag: <value in [disable, enable] default: 'enable'>
create-revision: <value in [disable, enable] default: 'disable'>
daylightsavetime: <value in [disable, enable] default: 'enable'>
default-disk-quota: <value of integer default: 1000>
detect-unregistered-log-device: <value in [disable, enable] default: 'enable'>
device-view-mode: <value in [regular, tree] default: 'regular'>
dh-params: <value in [1024, 1536, 2048, ...] default: '2048'>
disable-module:
- <value in [fortiview-noc]>
enc-algorithm: <value in [low, medium, high] default: 'high'>
faz-status: <value in [disable, enable] default: 'disable'>
fgfm-local-cert: <value of string>
fgfm-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...] default: 'tlsv1.2'>
ha-member-auto-grouping: <value in [disable, enable] default: 'enable'>
hitcount_concurrent: <value of integer default: 100>
hitcount_interval: <value of integer default: 300>
hostname: <value of string default: 'FMG-VM64'>
import-ignore-addr-cmt: <value in [disable, enable] default: 'disable'>
language: <value in [english, simch, japanese, ...] default: 'english'>
latitude: <value of string>
ldap-cache-timeout: <value of integer default: 86400>
ldapconntimeout: <value of integer default: 60000>
lock-preempt: <value in [disable, enable] default: 'disable'>
log-checksum: <value in [none, md5, md5-auth] default: 'none'>
log-forward-cache-size: <value of integer default: 0>
longitude: <value of string>
max-log-forward: <value of integer default: 5>
max-running-reports: <value of integer default: 1>
oftp-ssl-protocol: <value in [sslv3, tlsv1.0, tlsv1.1, ...] default: 'tlsv1.2'>
partial-install: <value in [disable, enable] default: 'disable'>
partial-install-force: <value in [disable, enable] default: 'disable'>
partial-install-rev: <value in [disable, enable] default: 'disable'>
perform-improve-by-ha: <value in [disable, enable] default: 'disable'>
policy-hit-count: <value in [disable, enable] default: 'disable'>
policy-object-in-dual-pane: <value in [disable, enable] default: 'disable'>
pre-login-banner: <value in [disable, enable] default: 'disable'>
pre-login-banner-message: <value of string>
remoteauthtimeout: <value of integer default: 10>
search-all-adoms: <value in [disable, enable] default: 'disable'>
ssl-low-encryption: <value in [disable, enable] default: 'disable'>
ssl-protocol:
- <value in [tlsv1.2, tlsv1.1, tlsv1.0, ...]>
ssl-static-key-ciphers: <value in [disable, enable] default: 'enable'>
task-list-size: <value of integer default: 2000>
tftp: <value in [disable, enable] default: 'disable'>
timezone: <value in [00, 01, 02, ...] default: '04'>
tunnel-mtu: <value of integer default: 1500>
usg: <value in [disable, enable] default: 'disable'>
vdom-mirror: <value in [disable, enable] default: 'disable'>
webservice-proto:
- <value in [tlsv1.2, tlsv1.1, tlsv1.0, ...]>
workflow-max-sessions: <value of integer default: 500>
workspace-mode: <value in [disabled, normal, workflow] default: 'disabled'>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- admin-lockout-duration - Lockout duration(sec) for administration. type: int example: 60
- admin-lockout-threshold - Lockout threshold for administration. type: int example: 3
- adom-mode - ADOM mode. type: str example: normal
- adom-rev-auto-delete - Auto delete features for old ADOM revisions. type: str example: by-revisions
- adom-rev-max-backup-revisions - Maximum number of ADOM revisions to backup. type: int example: 5
- adom-rev-max-days - Number of days to keep old ADOM revisions. type: int example: 30
- adom-rev-max-revisions - Maximum number of ADOM revisions to keep. type: int example: 120
- adom-select - Enable/disable select ADOM after login. type: str example: enable
- adom-status - ADOM status. type: str example: disable
- clt-cert-req - Require client certificate for GUI login. type: str example: disable
- console-output - Console output mode. type: str example: standard
- country-flag - Country flag Status. type: str example: enable
- create-revision - Enable/disable create revision by default. type: str example: disable
- daylightsavetime - Enable/disable daylight saving time. type: str example: enable
- default-disk-quota - Default disk quota for registered device (MB). type: int example: 1000
- detect-unregistered-log-device - Detect unregistered logging device from log message. type: str example: enable
- device-view-mode - Set devices/groups view mode. type: str example: regular
- dh-params - Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). type: str example: 2048
- disable-module - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- enc-algorithm - SSL communication encryption algorithms. type: str example: high
- faz-status - FAZ status. type: str example: disable
- fgfm-local-cert - set the fgfm local certificate. type: str
- fgfm-ssl-protocol - set the lowest SSL protocols for fgfmsd. type: str example: tlsv1.2
- ha-member-auto-grouping - Enable/disable automatically group HA members feature type: str example: enable
- hitcount_concurrent - The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int example: 100
- hitcount_interval - The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). type: int example: 300
- hostname - System hostname. type: str example: FMG-VM64
- import-ignore-addr-cmt - Enable/Disable import ignore of address comments. type: str example: disable
- language - System global language. type: str example: english
- latitude - fmg location latitude type: str
- ldap-cache-timeout - LDAP browser cache timeout (seconds). type: int example: 86400
- ldapconntimeout - LDAP connection timeout (msec). type: int example: 60000
- lock-preempt - Enable/disable ADOM lock override. type: str example: disable
- log-checksum - Record log file hash value, timestamp, and authentication code at transmission or rolling. type: str example: none
- log-forward-cache-size - Log forwarding disk cache size (GB). type: int example: 0
- longitude - fmg location longitude type: str
- max-log-forward - Maximum number of log-forward and aggregation settings. type: int example: 5
- max-running-reports - Maximum number of reports generating at one time. type: int example: 1
- oftp-ssl-protocol - set the lowest SSL protocols for oftpd. type: str example: tlsv1.2
- partial-install - Enable/Disable partial install (install some objects). type: str example: disable
- partial-install-force - Enable/Disable partial install when devdb is modified. type: str example: disable
- partial-install-rev - Enable/Disable auto creating adom revision for partial install. type: str example: disable
- perform-improve-by-ha - Enable/Disable performance improvement by distributing tasks to HA slaves. type: str example: disable
- policy-hit-count - show policy hit count. type: str example: disable
- policy-object-in-dual-pane - show policies and objects in dual pane. type: str example: disable
- pre-login-banner - Enable/disable pre-login banner. type: str example: disable
- pre-login-banner-message - Pre-login banner message. type: str
- remoteauthtimeout - Remote authentication (RADIUS/LDAP) timeout (sec). type: int example: 10
- search-all-adoms - Enable/Disable Search all ADOMs for where-used query. type: str example: disable
- ssl-low-encryption - SSL low-grade encryption. type: str example: disable
- ssl-protocol - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ssl-static-key-ciphers - Enable/disable SSL static key ciphers. type: str example: enable
- task-list-size - Maximum number of completed tasks to keep. type: int example: 2000
- tftp - Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: str example: disable
- timezone - Time zone. type: str example: 04
- tunnel-mtu - Maximum transportation unit(68 - 9000). type: int example: 1500
- usg - Enable/disable Fortiguard server restriction. type: str example: disable
- vdom-mirror - VDOM mirror. type: str example: disable
- webservice-proto - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- workflow-max-sessions - Maximum number of workflow sessions per ADOM (minimum 100). type: int example: 500
- workspace-mode - Set workspace mode (ADOM Locking). type: str example: disabled
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/global
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/global
fmgr_system_ha – HA configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get, set, update] the following FortiManager json-rpc urls.
- /cli/global/system/ha
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [get] - HA configuration.
- parameters for method: [set, update] - HA configuration.
- data - No description for the parameter type: dict
- clusterid - Cluster ID range (1 - 64). type: int default: 1
- file-quota - File quota in MB (2048 - 20480). type: int default: 4096
- hb-interval - Heartbeat interval (1 - 255). type: int default: 5
- hb-lost-threshold - Heartbeat lost threshold (1 - 255). type: int default: 3
- mode - Mode. type: str choices: [standalone, master, slave] default: standalone
- password - No description for the parameter type: array
- {no-name} - No description for the parameter type: str default: ENC Njg3MTI2ODY4ODEyMzY2NtF8Bgn7rP641A/Sf8QzaQhOnUfyVTFTNoFxfoZ5gzjrvXiDpQmIecJchwHMf6cMUMYR/EPxGUXBEohaVdi4YNK74+fWHu9m1Hd8UTU4tZ9UtBelMIOQUT1HMDGLFwqwKg/NXibio9aMJDW6WYPLMYpBnPng
- peer - No description for the parameter type: array
- id - Id. type: int default: 0
- ip - IP address of peer. type: str default: 0.0.0.0
- ip6 - IP address (V6) of peer. type: str default: ::
- serial-number - Serial number of peer. type: str
- status - Peer admin status. type: str choices: [disable, enable] default: enable
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /CLI/SYSTEM/HA
fmgr_system_ha:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
params:
-
data:
clusterid: <value of integer default: 1>
file-quota: <value of integer default: 4096>
hb-interval: <value of integer default: 5>
hb-lost-threshold: <value of integer default: 3>
mode: <value in [standalone, master, slave] default: 'standalone'>
password:
- <value of string default: 'ENC Njg3MTI2ODY4ODEyMzY2NtF8Bgn7rP641A/Sf8QzaQhOnUfyVTFTNoFxfoZ5gzjrvXiDpQmI...'>
peer:
-
id: <value of integer default: 0>
ip: <value of string default: '0.0.0.0'>
ip6: <value of string default: '::'>
serial-number: <value of string>
status: <value in [disable, enable] default: 'enable'>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- clusterid - Cluster ID range (1 - 64). type: int example: 1
- file-quota - File quota in MB (2048 - 20480). type: int example: 4096
- hb-interval - Heartbeat interval (1 - 255). type: int example: 5
- hb-lost-threshold - Heartbeat lost threshold (1 - 255). type: int example: 3
- mode - Mode. type: str example: standalone
- password - No description for the parameter type: array
- {no-name} - No description for the parameter type: str example: ENC Njg3MTI2ODY4ODEyMzY2NtF8Bgn7rP641A/Sf8QzaQhOnUfyVTFTNoFxfoZ5gzjrvXiDpQmIecJchwHMf6cMUMYR/EPxGUXBEohaVdi4YNK74+fWHu9m1Hd8UTU4tZ9UtBelMIOQUT1HMDGLFwqwKg/NXibio9aMJDW6WYPLMYpBnPng
- peer - No description for the parameter type: array
- id - Id. type: int example: 0
- ip - IP address of peer. type: str example: 0.0.0.0
- ip6 - IP address (V6) of peer. type: str example: ::
- serial-number - Serial number of peer. type: str
- status - Peer admin status. type: str example: enable
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/ha
- return values for method: [set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/ha
fmgr_system_ha_peer – Peer.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /cli/global/system/ha/peer
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [add, set, update] - Peer.
- data - No description for the parameter type: array
- id - Id. type: int default: 0
- ip - IP address of peer. type: str default: 0.0.0.0
- ip6 - IP address (V6) of peer. type: str default: ::
- serial-number - Serial number of peer. type: str
- status - Peer admin status. type: str choices: [disable, enable] default: enable
- parameters for method: [get] - Peer.
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [id, ip, ip6, serial-number, status]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, syntax]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /CLI/SYSTEM/HA/PEER
fmgr_system_ha_peer:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
params:
-
data:
-
id: <value of integer default: 0>
ip: <value of string default: '0.0.0.0'>
ip6: <value of string default: '::'>
serial-number: <value of string>
status: <value in [disable, enable] default: 'enable'>
- name: REQUESTING /CLI/SYSTEM/HA/PEER
fmgr_system_ha_peer:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
params:
-
fields:
-
- <value in [id, ip, ip6, ...]>
filter:
- <value of string>
loadsub: <value of integer>
option: <value in [count, syntax]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/ha/peer
- return values for method: [get]
- data
- No description for the parameter type: array
- id - Id. type: int example: 0
- ip - IP address of peer. type: str example: 0.0.0.0
- ip6 - IP address (V6) of peer. type: str example: ::
- serial-number - Serial number of peer. type: str
- status - Peer admin status. type: str example: enable
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/ha/peer
fmgr_system_interface – Interface configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /cli/global/system/interface
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [add, set, update] - Interface configuration.
- data - No description for the parameter type: array
- alias - Alias. type: str
- allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ping, https, ssh, snmp, http, webservice, https-logging]
- description - Description. type: str
- ip - IP address of interface. type: str default: 0.0.0.0 0.0.0.0
- ipv6
- ip6-address - IPv6 address/prefix of interface. type: str default: ::/0
- ip6-allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ping, https, ssh, snmp, http, webservice, https-logging]
- ip6-autoconf - Enable/disable address auto config (SLAAC). type: str choices: [disable, enable] default: enable
- mtu - Maximum transportation unit(68 - 9000). type: int default: 1500
- name - Interface name. type: str
- serviceaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [fgtupdates, fclupdates, webfilter-antispam]
- speed - Speed. type: str choices: [auto, 10full, 10half, 100full, 100half, 1000full, 10000full] default: auto
- status - Interface status. type: str choices: [down, up] default: up
- parameters for method: [get] - Interface configuration.
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [alias, allowaccess, description, ip, mtu, name, serviceaccess, speed, status]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, syntax]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /CLI/SYSTEM/INTERFACE
fmgr_system_interface:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
params:
-
data:
-
alias: <value of string>
allowaccess:
- <value in [ping, https, ssh, ...]>
description: <value of string>
ip: <value of string default: '0.0.0.0 0.0.0.0'>
ipv6:
ip6-address: <value of string default: '::/0'>
ip6-allowaccess:
- <value in [ping, https, ssh, ...]>
ip6-autoconf: <value in [disable, enable] default: 'enable'>
mtu: <value of integer default: 1500>
name: <value of string>
serviceaccess:
- <value in [fgtupdates, fclupdates, webfilter-antispam]>
speed: <value in [auto, 10full, 10half, ...] default: 'auto'>
status: <value in [down, up] default: 'up'>
- name: REQUESTING /CLI/SYSTEM/INTERFACE
fmgr_system_interface:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
params:
-
fields:
-
- <value in [alias, allowaccess, description, ...]>
filter:
- <value of string>
loadsub: <value of integer>
option: <value in [count, syntax]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/interface
- return values for method: [get]
- data
- No description for the parameter type: array
- alias - Alias. type: str
- allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- description - Description. type: str
- ip - IP address of interface. type: str example: 0.0.0.0 0.0.0.0
- ipv6
- ip6-address - IPv6 address/prefix of interface. type: str example: ::/0
- ip6-allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ip6-autoconf - Enable/disable address auto config (SLAAC). type: str example: enable
- mtu - Maximum transportation unit(68 - 9000). type: int example: 1500
- name - Interface name. type: str
- serviceaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- speed - Speed. type: str example: auto
- status - Interface status. type: str example: up
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/interface
fmgr_system_interface_obj – Interface configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [delete, get, set, update] the following FortiManager json-rpc urls.
- /cli/global/system/interface/{interface}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- interface - the object name type: str
- parameters for method: [delete, get] - Interface configuration.
- parameters for method: [set, update] - Interface configuration.
- data - No description for the parameter type: dict
- alias - Alias. type: str
- allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ping, https, ssh, snmp, http, webservice, https-logging]
- description - Description. type: str
- ip - IP address of interface. type: str default: 0.0.0.0 0.0.0.0
- ipv6
- ip6-address - IPv6 address/prefix of interface. type: str default: ::/0
- ip6-allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [ping, https, ssh, snmp, http, webservice, https-logging]
- ip6-autoconf - Enable/disable address auto config (SLAAC). type: str choices: [disable, enable] default: enable
- mtu - Maximum transportation unit(68 - 9000). type: int default: 1500
- name - Interface name. type: str
- serviceaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [fgtupdates, fclupdates, webfilter-antispam]
- speed - Speed. type: str choices: [auto, 10full, 10half, 100full, 100half, 1000full, 10000full] default: auto
- status - Interface status. type: str choices: [down, up] default: up
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /CLI/SYSTEM/INTERFACE/{INTERFACE}
fmgr_system_interface_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [set, update]>
url_params:
interface: <value of string>
params:
-
data:
alias: <value of string>
allowaccess:
- <value in [ping, https, ssh, ...]>
description: <value of string>
ip: <value of string default: '0.0.0.0 0.0.0.0'>
ipv6:
ip6-address: <value of string default: '::/0'>
ip6-allowaccess:
- <value in [ping, https, ssh, ...]>
ip6-autoconf: <value in [disable, enable] default: 'enable'>
mtu: <value of integer default: 1500>
name: <value of string>
serviceaccess:
- <value in [fgtupdates, fclupdates, webfilter-antispam]>
speed: <value in [auto, 10full, 10half, ...] default: 'auto'>
status: <value in [down, up] default: 'up'>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/interface/{interface}
- return values for method: [get]
- data
- No description for the parameter type: dict
- alias - Alias. type: str
- allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- description - Description. type: str
- ip - IP address of interface. type: str example: 0.0.0.0 0.0.0.0
- ipv6
- ip6-address - IPv6 address/prefix of interface. type: str example: ::/0
- ip6-allowaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ip6-autoconf - Enable/disable address auto config (SLAAC). type: str example: enable
- mtu - Maximum transportation unit(68 - 9000). type: int example: 1500
- name - Interface name. type: str
- serviceaccess - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- speed - Speed. type: str example: auto
- status - Interface status. type: str example: up
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /cli/global/system/interface/{interface}
fmgr_task_task – Read-only table containing the 10000 most recent tasks of the system.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get] the following FortiManager json-rpc urls.
- /task/task
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- parameters for method: [get] - Read-only table containing the 10000 most recent tasks of the system. This table can be used for tracking non-blocking tasks initiated by the Device Manager Command and Security Console modules.
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [adom, end_tm, flags, id, num_done, num_err, num_lines, num_warn, percent, pid, src, start_tm, state, title, tot_percent, user]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /TASK/TASK
fmgr_task_task:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
params:
-
fields:
-
- <value in [adom, end_tm, flags, ...]>
filter:
- <value of string>
loadsub: <value of integer>
option: <value in [count, syntax]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: array
- adom - No description for the parameter type: int example: 0
- end_tm - No description for the parameter type: int example: 0
- flags - No description for the parameter type: int example: 0
- history - No description for the parameter type: array
- detail - No description for the parameter type: str
- name - No description for the parameter type: str
- percent - No description for the parameter type: int example: 0
- vdom - No description for the parameter type: str
- id - No description for the parameter type: int
- line - No description for the parameter type: array
- detail - No description for the parameter type: str
- err - No description for the parameter type: int example: 0
- ip - No description for the parameter type: str
- name - No description for the parameter type: str
- oid - No description for the parameter type: int example: 0
- percent - No description for the parameter type: int example: 0
- state - No description for the parameter type: str example: pending
- vdom - No description for the parameter type: str
- num_done - No description for the parameter type: int example: 0
- num_err - No description for the parameter type: int example: 0
- num_lines - No description for the parameter type: int example: 0
- num_warn - No description for the parameter type: int example: 0
- percent - No description for the parameter type: int example: 0
- pid - No description for the parameter type: int example: 0
- src - No description for the parameter type: str example: device manager
- start_tm - No description for the parameter type: int example: 0
- state - No description for the parameter type: str example: pending
- title - No description for the parameter type: str
- tot_percent - No description for the parameter type: int example: 0
- user - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /task/task
fmgr_task_task_obj – Read-only table containing the 10000 most recent tasks of the system.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [get] the following FortiManager json-rpc urls.
- /task/task/{task}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- task - the object name type: str
- parameters for method: [get] - Read-only table containing the 10000 most recent tasks of the system. This table can be used for tracking non-blocking tasks initiated by the Device Manager Command and Security Console modules.
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [get]
- data
- No description for the parameter type: dict
- adom - No description for the parameter type: int example: 0
- end_tm - No description for the parameter type: int example: 0
- flags - No description for the parameter type: int example: 0
- history - No description for the parameter type: array
- detail - No description for the parameter type: str
- name - No description for the parameter type: str
- percent - No description for the parameter type: int example: 0
- vdom - No description for the parameter type: str
- id - No description for the parameter type: int
- line - No description for the parameter type: array
- detail - No description for the parameter type: str
- err - No description for the parameter type: int example: 0
- ip - No description for the parameter type: str
- name - No description for the parameter type: str
- oid - No description for the parameter type: int example: 0
- percent - No description for the parameter type: int example: 0
- state - No description for the parameter type: str example: pending
- vdom - No description for the parameter type: str
- num_done - No description for the parameter type: int example: 0
- num_err - No description for the parameter type: int example: 0
- num_lines - No description for the parameter type: int example: 0
- num_warn - No description for the parameter type: int example: 0
- percent - No description for the parameter type: int example: 0
- pid - No description for the parameter type: int example: 0
- src - No description for the parameter type: str example: device manager
- start_tm - No description for the parameter type: int example: 0
- state - No description for the parameter type: str example: pending
- title - No description for the parameter type: str
- tot_percent - No description for the parameter type: int example: 0
- user - No description for the parameter type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /task/task/{task}
fmgr_voip_profile – Configure VoIP profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/voip/profile
- /pm/config/global/obj/voip/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure VoIP profiles.
- data - No description for the parameter type: array
- comment - Comment. type: str
- name - Profile name. type: str
- parameters for method: [get] - Configure VoIP profiles.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [comment, name]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/VOIP/PROFILE
fmgr_voip_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
comment: <value of string>
name: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/VOIP/PROFILE
fmgr_voip_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [comment, name]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/voip/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- comment - Comment. type: str
- name - Profile name. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/voip/profile
fmgr_voip_profile_obj – Configure VoIP profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/voip/profile/{profile}
- /pm/config/global/obj/voip/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Configure VoIP profiles.
- data - No description for the parameter type: dict
- comment - Comment. type: str
- name - Profile name. type: str
- parameters for method: [delete] - Configure VoIP profiles.
- parameters for method: [get] - Configure VoIP profiles.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/VOIP/PROFILE/{PROFILE}
fmgr_voip_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
comment: <value of string>
name: <value of string>
- name: REQUESTING /PM/CONFIG/OBJ/VOIP/PROFILE/{PROFILE}
fmgr_voip_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/voip/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- comment - Comment. type: str
- name - Profile name. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/voip/profile/{profile}
fmgr_waf_profile – Web application firewall configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/waf/profile
- /pm/config/global/obj/waf/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Web application firewall configuration.
- data - No description for the parameter type: array
- comment - Comment. type: str
- extended-log - Enable/disable extended logging. type: str choices: [disable, enable]
- external - Disable/Enable external HTTP Inspection. type: str choices: [disable, enable]
- name - WAF Profile name. type: str
- url-access - No description for the parameter type: array
- access-pattern - No description for the parameter type: array
- id - URL access pattern ID. type: int
- negate - Enable/disable match negation. type: str choices: [disable, enable]
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str choices: [disable, enable]
- srcaddr - Source address. type: str
- action - Action. type: str choices: [bypass, permit, block]
- address - Host address. type: str
- id - URL access ID. type: int
- log - Enable/disable logging. type: str choices: [disable, enable]
- severity - Severity. type: str choices: [low, medium, high]
- access-pattern - No description for the parameter type: array
- parameters for method: [get] - Web application firewall configuration.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [comment, extended-log, external, name]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WAF/PROFILE
fmgr_waf_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
comment: <value of string>
extended-log: <value in [disable, enable]>
external: <value in [disable, enable]>
name: <value of string>
url-access:
-
access-pattern:
-
id: <value of integer>
negate: <value in [disable, enable]>
pattern: <value of string>
regex: <value in [disable, enable]>
srcaddr: <value of string>
action: <value in [bypass, permit, block]>
address: <value of string>
id: <value of integer>
log: <value in [disable, enable]>
severity: <value in [low, medium, high]>
- name: REQUESTING /PM/CONFIG/OBJ/WAF/PROFILE
fmgr_waf_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [comment, extended-log, external, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/waf/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- comment - Comment. type: str
- extended-log - Enable/disable extended logging. type: str
- external - Disable/Enable external HTTP Inspection. type: str
- name - WAF Profile name. type: str
- url-access - No description for the parameter type: array
- access-pattern - No description for the parameter type: array
- id - URL access pattern ID. type: int
- negate - Enable/disable match negation. type: str
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str
- srcaddr - Source address. type: str
- action - Action. type: str
- address - Host address. type: str
- id - URL access ID. type: int
- log - Enable/disable logging. type: str
- severity - Severity. type: str
- access-pattern - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/waf/profile
fmgr_waf_profile_obj – Web application firewall configuration.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/waf/profile/{profile}
- /pm/config/global/obj/waf/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Web application firewall configuration.
- data - No description for the parameter type: dict
- comment - Comment. type: str
- extended-log - Enable/disable extended logging. type: str choices: [disable, enable]
- external - Disable/Enable external HTTP Inspection. type: str choices: [disable, enable]
- name - WAF Profile name. type: str
- url-access - No description for the parameter type: array
- access-pattern - No description for the parameter type: array
- id - URL access pattern ID. type: int
- negate - Enable/disable match negation. type: str choices: [disable, enable]
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str choices: [disable, enable]
- srcaddr - Source address. type: str
- action - Action. type: str choices: [bypass, permit, block]
- address - Host address. type: str
- id - URL access ID. type: int
- log - Enable/disable logging. type: str choices: [disable, enable]
- severity - Severity. type: str choices: [low, medium, high]
- access-pattern - No description for the parameter type: array
- parameters for method: [delete] - Web application firewall configuration.
- parameters for method: [get] - Web application firewall configuration.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WAF/PROFILE/{PROFILE}
fmgr_waf_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
comment: <value of string>
extended-log: <value in [disable, enable]>
external: <value in [disable, enable]>
name: <value of string>
url-access:
-
access-pattern:
-
id: <value of integer>
negate: <value in [disable, enable]>
pattern: <value of string>
regex: <value in [disable, enable]>
srcaddr: <value of string>
action: <value in [bypass, permit, block]>
address: <value of string>
id: <value of integer>
log: <value in [disable, enable]>
severity: <value in [low, medium, high]>
- name: REQUESTING /PM/CONFIG/OBJ/WAF/PROFILE/{PROFILE}
fmgr_waf_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/waf/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- comment - Comment. type: str
- extended-log - Enable/disable extended logging. type: str
- external - Disable/Enable external HTTP Inspection. type: str
- name - WAF Profile name. type: str
- url-access - No description for the parameter type: array
- access-pattern - No description for the parameter type: array
- id - URL access pattern ID. type: int
- negate - Enable/disable match negation. type: str
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str
- srcaddr - Source address. type: str
- action - Action. type: str
- address - Host address. type: str
- id - URL access ID. type: int
- log - Enable/disable logging. type: str
- severity - Severity. type: str
- access-pattern - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/waf/profile/{profile}
fmgr_wanopt_profile – Configure WAN optimization profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/wanopt/profile
- /pm/config/global/obj/wanopt/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure WAN optimization profiles.
- data - No description for the parameter type: array
- auth-group - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. type: str
- comments - Comment. type: str
- name - Profile name. type: str
- transparent - Enable/disable transparent mode. type: str choices: [disable, enable]
- parameters for method: [get] - Configure WAN optimization profiles.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [auth-group, comments, name, transparent]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WANOPT/PROFILE
fmgr_wanopt_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
auth-group: <value of string>
comments: <value of string>
name: <value of string>
transparent: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/WANOPT/PROFILE
fmgr_wanopt_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [auth-group, comments, name, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/wanopt/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- auth-group - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. type: str
- comments - Comment. type: str
- name - Profile name. type: str
- transparent - Enable/disable transparent mode. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/wanopt/profile
fmgr_wanopt_profile_obj – Configure WAN optimization profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/wanopt/profile/{profile}
- /pm/config/global/obj/wanopt/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Configure WAN optimization profiles.
- data - No description for the parameter type: dict
- auth-group - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. type: str
- comments - Comment. type: str
- name - Profile name. type: str
- transparent - Enable/disable transparent mode. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure WAN optimization profiles.
- parameters for method: [get] - Configure WAN optimization profiles.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WANOPT/PROFILE/{PROFILE}
fmgr_wanopt_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
auth-group: <value of string>
comments: <value of string>
name: <value of string>
transparent: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/WANOPT/PROFILE/{PROFILE}
fmgr_wanopt_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/wanopt/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- auth-group - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. type: str
- comments - Comment. type: str
- name - Profile name. type: str
- transparent - Enable/disable transparent mode. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/wanopt/profile/{profile}
fmgr_webfilter_profile – Configure Web filter profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/webfilter/profile
- /pm/config/global/obj/webfilter/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure Web filter profiles.
- data - No description for the parameter type: array
- comment - Optional comments. type: str
- extended-log - Enable/disable extended logging for web filtering. type: str choices: [disable, enable]
- https-replacemsg - Enable replacement messages for HTTPS. type: str choices: [disable, enable]
- inspection-mode - Web filtering inspection mode. type: str choices: [proxy, flow-based, dns]
- log-all-url - Enable/disable logging all URLs visited. type: str choices: [disable, enable]
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [block-invalid-url, jscript, js, vbs, unknown, wf-referer, https-scan, intrinsic, wf-cookie, per-user-bwl, activexfilter, cookiefilter, https-url-scan, javafilter, rangeblock, contenttype-check]
- ovrd-perm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [bannedword-override, urlfilter-override, fortiguard-wf-override, contenttype-check-override]
- post-action - Action taken for HTTP POST traffic. type: str choices: [normal, comfort, block]
- replacemsg-group - Replacement message group. type: str
- web-content-log - Enable/disable logging logging blocked web content. type: str choices: [disable, enable]
- web-extended-all-action-log - Enable/disable extended any filter action logging for web filtering. type: str choices: [disable, enable]
- web-filter-activex-log - Enable/disable logging ActiveX. type: str choices: [disable, enable]
- web-filter-applet-log - Enable/disable logging Java applets. type: str choices: [disable, enable]
- web-filter-command-block-log - Enable/disable logging blocked commands. type: str choices: [disable, enable]
- web-filter-cookie-log - Enable/disable logging cookie filtering. type: str choices: [disable, enable]
- web-filter-cookie-removal-log - Enable/disable logging blocked cookies. type: str choices: [disable, enable]
- web-filter-js-log - Enable/disable logging Java scripts. type: str choices: [disable, enable]
- web-filter-jscript-log - Enable/disable logging JScripts. type: str choices: [disable, enable]
- web-filter-referer-log - Enable/disable logging referrers. type: str choices: [disable, enable]
- web-filter-unknown-log - Enable/disable logging unknown scripts. type: str choices: [disable, enable]
- web-filter-vbs-log - Enable/disable logging VBS scripts. type: str choices: [disable, enable]
- web-ftgd-err-log - Enable/disable logging rating errors. type: str choices: [disable, enable]
- web-ftgd-quota-usage - Enable/disable logging daily quota usage. type: str choices: [disable, enable]
- web-invalid-domain-log - Enable/disable logging invalid domain names. type: str choices: [disable, enable]
- web-url-log - Enable/disable logging URL filtering. type: str choices: [disable, enable]
- wisp - Enable/disable web proxy WISP. type: str choices: [disable, enable]
- wisp-algorithm - WISP server selection algorithm. type: str choices: [auto-learning, primary-secondary, round-robin]
- wisp-servers - WISP servers. type: str
- youtube-channel-filter - No description for the parameter type: array
- channel-id - YouTube channel ID to be filtered. type: str
- comment - Comment. type: str
- id - ID. type: int
- youtube-channel-status - YouTube channel filter status. type: str choices: [disable, blacklist, whitelist]
- parameters for method: [get] - Configure Web filter profiles.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [comment, extended-log, https-replacemsg, inspection-mode, log-all-url, name, options, ovrd-perm, post-action, replacemsg-group, web-content-log, web-extended-all-action-log, web-filter-activex-log, web-filter-applet-log, web-filter-command-block-log, web-filter-cookie-log, web-filter-cookie-removal-log, web-filter-js-log, web-filter-jscript-log, web-filter-referer-log, web-filter-unknown-log, web-filter-vbs-log, web-ftgd-err-log, web-ftgd-quota-usage, web-invalid-domain-log, web-url-log, wisp, wisp-algorithm, wisp-servers, youtube-channel-status]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WEBFILTER/PROFILE
fmgr_webfilter_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
comment: <value of string>
extended-log: <value in [disable, enable]>
https-replacemsg: <value in [disable, enable]>
inspection-mode: <value in [proxy, flow-based, dns]>
log-all-url: <value in [disable, enable]>
name: <value of string>
options:
- <value in [block-invalid-url, jscript, js, ...]>
ovrd-perm:
- <value in [bannedword-override, urlfilter-override, fortiguard-wf-override, ...]>
post-action: <value in [normal, comfort, block]>
replacemsg-group: <value of string>
web-content-log: <value in [disable, enable]>
web-extended-all-action-log: <value in [disable, enable]>
web-filter-activex-log: <value in [disable, enable]>
web-filter-applet-log: <value in [disable, enable]>
web-filter-command-block-log: <value in [disable, enable]>
web-filter-cookie-log: <value in [disable, enable]>
web-filter-cookie-removal-log: <value in [disable, enable]>
web-filter-js-log: <value in [disable, enable]>
web-filter-jscript-log: <value in [disable, enable]>
web-filter-referer-log: <value in [disable, enable]>
web-filter-unknown-log: <value in [disable, enable]>
web-filter-vbs-log: <value in [disable, enable]>
web-ftgd-err-log: <value in [disable, enable]>
web-ftgd-quota-usage: <value in [disable, enable]>
web-invalid-domain-log: <value in [disable, enable]>
web-url-log: <value in [disable, enable]>
wisp: <value in [disable, enable]>
wisp-algorithm: <value in [auto-learning, primary-secondary, round-robin]>
wisp-servers: <value of string>
youtube-channel-filter:
-
channel-id: <value of string>
comment: <value of string>
id: <value of integer>
youtube-channel-status: <value in [disable, blacklist, whitelist]>
- name: REQUESTING /PM/CONFIG/OBJ/WEBFILTER/PROFILE
fmgr_webfilter_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [comment, extended-log, https-replacemsg, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/webfilter/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- comment - Optional comments. type: str
- extended-log - Enable/disable extended logging for web filtering. type: str
- https-replacemsg - Enable replacement messages for HTTPS. type: str
- inspection-mode - Web filtering inspection mode. type: str
- log-all-url - Enable/disable logging all URLs visited. type: str
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ovrd-perm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- post-action - Action taken for HTTP POST traffic. type: str
- replacemsg-group - Replacement message group. type: str
- web-content-log - Enable/disable logging logging blocked web content. type: str
- web-extended-all-action-log - Enable/disable extended any filter action logging for web filtering. type: str
- web-filter-activex-log - Enable/disable logging ActiveX. type: str
- web-filter-applet-log - Enable/disable logging Java applets. type: str
- web-filter-command-block-log - Enable/disable logging blocked commands. type: str
- web-filter-cookie-log - Enable/disable logging cookie filtering. type: str
- web-filter-cookie-removal-log - Enable/disable logging blocked cookies. type: str
- web-filter-js-log - Enable/disable logging Java scripts. type: str
- web-filter-jscript-log - Enable/disable logging JScripts. type: str
- web-filter-referer-log - Enable/disable logging referrers. type: str
- web-filter-unknown-log - Enable/disable logging unknown scripts. type: str
- web-filter-vbs-log - Enable/disable logging VBS scripts. type: str
- web-ftgd-err-log - Enable/disable logging rating errors. type: str
- web-ftgd-quota-usage - Enable/disable logging daily quota usage. type: str
- web-invalid-domain-log - Enable/disable logging invalid domain names. type: str
- web-url-log - Enable/disable logging URL filtering. type: str
- wisp - Enable/disable web proxy WISP. type: str
- wisp-algorithm - WISP server selection algorithm. type: str
- wisp-servers - WISP servers. type: str
- youtube-channel-filter - No description for the parameter type: array
- channel-id - YouTube channel ID to be filtered. type: str
- comment - Comment. type: str
- id - ID. type: int
- youtube-channel-status - YouTube channel filter status. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/webfilter/profile
fmgr_webfilter_profile_obj – Configure Web filter profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/webfilter/profile/{profile}
- /pm/config/global/obj/webfilter/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Configure Web filter profiles.
- data - No description for the parameter type: dict
- comment - Optional comments. type: str
- extended-log - Enable/disable extended logging for web filtering. type: str choices: [disable, enable]
- https-replacemsg - Enable replacement messages for HTTPS. type: str choices: [disable, enable]
- inspection-mode - Web filtering inspection mode. type: str choices: [proxy, flow-based, dns]
- log-all-url - Enable/disable logging all URLs visited. type: str choices: [disable, enable]
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [block-invalid-url, jscript, js, vbs, unknown, wf-referer, https-scan, intrinsic, wf-cookie, per-user-bwl, activexfilter, cookiefilter, https-url-scan, javafilter, rangeblock, contenttype-check]
- ovrd-perm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [bannedword-override, urlfilter-override, fortiguard-wf-override, contenttype-check-override]
- post-action - Action taken for HTTP POST traffic. type: str choices: [normal, comfort, block]
- replacemsg-group - Replacement message group. type: str
- web-content-log - Enable/disable logging logging blocked web content. type: str choices: [disable, enable]
- web-extended-all-action-log - Enable/disable extended any filter action logging for web filtering. type: str choices: [disable, enable]
- web-filter-activex-log - Enable/disable logging ActiveX. type: str choices: [disable, enable]
- web-filter-applet-log - Enable/disable logging Java applets. type: str choices: [disable, enable]
- web-filter-command-block-log - Enable/disable logging blocked commands. type: str choices: [disable, enable]
- web-filter-cookie-log - Enable/disable logging cookie filtering. type: str choices: [disable, enable]
- web-filter-cookie-removal-log - Enable/disable logging blocked cookies. type: str choices: [disable, enable]
- web-filter-js-log - Enable/disable logging Java scripts. type: str choices: [disable, enable]
- web-filter-jscript-log - Enable/disable logging JScripts. type: str choices: [disable, enable]
- web-filter-referer-log - Enable/disable logging referrers. type: str choices: [disable, enable]
- web-filter-unknown-log - Enable/disable logging unknown scripts. type: str choices: [disable, enable]
- web-filter-vbs-log - Enable/disable logging VBS scripts. type: str choices: [disable, enable]
- web-ftgd-err-log - Enable/disable logging rating errors. type: str choices: [disable, enable]
- web-ftgd-quota-usage - Enable/disable logging daily quota usage. type: str choices: [disable, enable]
- web-invalid-domain-log - Enable/disable logging invalid domain names. type: str choices: [disable, enable]
- web-url-log - Enable/disable logging URL filtering. type: str choices: [disable, enable]
- wisp - Enable/disable web proxy WISP. type: str choices: [disable, enable]
- wisp-algorithm - WISP server selection algorithm. type: str choices: [auto-learning, primary-secondary, round-robin]
- wisp-servers - WISP servers. type: str
- youtube-channel-filter - No description for the parameter type: array
- channel-id - YouTube channel ID to be filtered. type: str
- comment - Comment. type: str
- id - ID. type: int
- youtube-channel-status - YouTube channel filter status. type: str choices: [disable, blacklist, whitelist]
- parameters for method: [delete] - Configure Web filter profiles.
- parameters for method: [get] - Configure Web filter profiles.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WEBFILTER/PROFILE/{PROFILE}
fmgr_webfilter_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
comment: <value of string>
extended-log: <value in [disable, enable]>
https-replacemsg: <value in [disable, enable]>
inspection-mode: <value in [proxy, flow-based, dns]>
log-all-url: <value in [disable, enable]>
name: <value of string>
options:
- <value in [block-invalid-url, jscript, js, ...]>
ovrd-perm:
- <value in [bannedword-override, urlfilter-override, fortiguard-wf-override, ...]>
post-action: <value in [normal, comfort, block]>
replacemsg-group: <value of string>
web-content-log: <value in [disable, enable]>
web-extended-all-action-log: <value in [disable, enable]>
web-filter-activex-log: <value in [disable, enable]>
web-filter-applet-log: <value in [disable, enable]>
web-filter-command-block-log: <value in [disable, enable]>
web-filter-cookie-log: <value in [disable, enable]>
web-filter-cookie-removal-log: <value in [disable, enable]>
web-filter-js-log: <value in [disable, enable]>
web-filter-jscript-log: <value in [disable, enable]>
web-filter-referer-log: <value in [disable, enable]>
web-filter-unknown-log: <value in [disable, enable]>
web-filter-vbs-log: <value in [disable, enable]>
web-ftgd-err-log: <value in [disable, enable]>
web-ftgd-quota-usage: <value in [disable, enable]>
web-invalid-domain-log: <value in [disable, enable]>
web-url-log: <value in [disable, enable]>
wisp: <value in [disable, enable]>
wisp-algorithm: <value in [auto-learning, primary-secondary, round-robin]>
wisp-servers: <value of string>
youtube-channel-filter:
-
channel-id: <value of string>
comment: <value of string>
id: <value of integer>
youtube-channel-status: <value in [disable, blacklist, whitelist]>
- name: REQUESTING /PM/CONFIG/OBJ/WEBFILTER/PROFILE/{PROFILE}
fmgr_webfilter_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/webfilter/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- comment - Optional comments. type: str
- extended-log - Enable/disable extended logging for web filtering. type: str
- https-replacemsg - Enable replacement messages for HTTPS. type: str
- inspection-mode - Web filtering inspection mode. type: str
- log-all-url - Enable/disable logging all URLs visited. type: str
- name - Profile name. type: str
- options - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- ovrd-perm - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- post-action - Action taken for HTTP POST traffic. type: str
- replacemsg-group - Replacement message group. type: str
- web-content-log - Enable/disable logging logging blocked web content. type: str
- web-extended-all-action-log - Enable/disable extended any filter action logging for web filtering. type: str
- web-filter-activex-log - Enable/disable logging ActiveX. type: str
- web-filter-applet-log - Enable/disable logging Java applets. type: str
- web-filter-command-block-log - Enable/disable logging blocked commands. type: str
- web-filter-cookie-log - Enable/disable logging cookie filtering. type: str
- web-filter-cookie-removal-log - Enable/disable logging blocked cookies. type: str
- web-filter-js-log - Enable/disable logging Java scripts. type: str
- web-filter-jscript-log - Enable/disable logging JScripts. type: str
- web-filter-referer-log - Enable/disable logging referrers. type: str
- web-filter-unknown-log - Enable/disable logging unknown scripts. type: str
- web-filter-vbs-log - Enable/disable logging VBS scripts. type: str
- web-ftgd-err-log - Enable/disable logging rating errors. type: str
- web-ftgd-quota-usage - Enable/disable logging daily quota usage. type: str
- web-invalid-domain-log - Enable/disable logging invalid domain names. type: str
- web-url-log - Enable/disable logging URL filtering. type: str
- wisp - Enable/disable web proxy WISP. type: str
- wisp-algorithm - WISP server selection algorithm. type: str
- wisp-servers - WISP servers. type: str
- youtube-channel-filter - No description for the parameter type: array
- channel-id - YouTube channel ID to be filtered. type: str
- comment - Comment. type: str
- id - ID. type: int
- youtube-channel-status - YouTube channel filter status. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/webfilter/profile/{profile}
fmgr_webproxy_profile – Configure web proxy profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [add, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/web-proxy/profile
- /pm/config/global/obj/web-proxy/profile
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- parameters for method: [add, set, update] - Configure web proxy profiles.
- data - No description for the parameter type: array
- header-client-ip - Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-front-end-https - Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-via-request - Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-via-response - Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-x-authenticated-groups - Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-x-authenticated-user - Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-x-forwarded-for - Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- headers - No description for the parameter type: array
- action - Action when HTTP the header forwarded. type: str choices: [add-to-request, add-to-response, remove-from-request, remove-from-response]
- content - HTTP headers content. type: str
- id - HTTP forwarded header id. type: int
- name - HTTP forwarded header name. type: str
- log-header-change - Enable/disable logging HTTP header changes. type: str choices: [disable, enable]
- name - Profile name. type: str
- strip-encoding - Enable/disable stripping unsupported encoding from the request header. type: str choices: [disable, enable]
- parameters for method: [get] - Configure web proxy profiles.
- attr - The name of the attribute to retrieve its datasource. type: str
- fields - No description for the parameter type: array
- {no-name} - No description for the parameter type: array
- {no-name} - No description for the parameter type: str choices: [header-client-ip, header-front-end-https, header-via-request, header-via-response, header-x-authenticated-groups, header-x-authenticated-user, header-x-forwarded-for, log-header-change, name, strip-encoding]
- {no-name} - No description for the parameter type: array
- filter - No description for the parameter type: array
- {no-name} - No description for the parameter type: str
- get used - No description for the parameter type: int
- loadsub - Enable or disable the return of any sub-objects. type: int
- option - Set fetch option for the request. type: str choices: [count, object member, datasrc, get reserved, syntax]
- range - No description for the parameter type: array
- {no-name} - No description for the parameter type: int
- sortings - No description for the parameter type: array
- {attr_name} - No description for the parameter type: int choices: [1, -1]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WEB-PROXY/PROFILE
fmgr_webproxy_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [add, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
data:
-
header-client-ip: <value in [pass, add, remove]>
header-front-end-https: <value in [pass, add, remove]>
header-via-request: <value in [pass, add, remove]>
header-via-response: <value in [pass, add, remove]>
header-x-authenticated-groups: <value in [pass, add, remove]>
header-x-authenticated-user: <value in [pass, add, remove]>
header-x-forwarded-for: <value in [pass, add, remove]>
headers:
-
action: <value in [add-to-request, add-to-response, remove-from-request, ...]>
content: <value of string>
id: <value of integer>
name: <value of string>
log-header-change: <value in [disable, enable]>
name: <value of string>
strip-encoding: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/WEB-PROXY/PROFILE
fmgr_webproxy_profile:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
params:
-
attr: <value of string>
fields:
-
- <value in [header-client-ip, header-front-end-https, header-via-request, ...]>
filter:
- <value of string>
get used: <value of integer>
loadsub: <value of integer>
option: <value in [count, object member, datasrc, ...]>
range:
- <value of integer>
sortings:
-
varidic.attr_name: <value in [1, -1]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [add, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/web-proxy/profile
- return values for method: [get]
- data
- No description for the parameter type: array
- header-client-ip - Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-front-end-https - Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-via-request - Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-via-response - Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header. type: str
- header-x-authenticated-groups - Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-x-authenticated-user - Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-x-forwarded-for - Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- headers - No description for the parameter type: array
- action - Action when HTTP the header forwarded. type: str
- content - HTTP headers content. type: str
- id - HTTP forwarded header id. type: int
- name - HTTP forwarded header name. type: str
- log-header-change - Enable/disable logging HTTP header changes. type: str
- name - Profile name. type: str
- strip-encoding - Enable/disable stripping unsupported encoding from the request header. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/web-proxy/profile
fmgr_webproxy_profile_obj – Configure web proxy profiles.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/web-proxy/profile/{profile}
- /pm/config/global/obj/web-proxy/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
Parameters¶
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Configure web proxy profiles.
- data - No description for the parameter type: dict
- header-client-ip - Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-front-end-https - Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-via-request - Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-via-response - Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-x-authenticated-groups - Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-x-authenticated-user - Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- header-x-forwarded-for - Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: [pass, add, remove]
- headers - No description for the parameter type: array
- action - Action when HTTP the header forwarded. type: str choices: [add-to-request, add-to-response, remove-from-request, remove-from-response]
- content - HTTP headers content. type: str
- id - HTTP forwarded header id. type: int
- name - HTTP forwarded header name. type: str
- log-header-change - Enable/disable logging HTTP header changes. type: str choices: [disable, enable]
- name - Profile name. type: str
- strip-encoding - Enable/disable stripping unsupported encoding from the request header. type: str choices: [disable, enable]
- parameters for method: [delete] - Configure web proxy profiles.
- parameters for method: [get] - Configure web proxy profiles.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Notes¶
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WEB-PROXY/PROFILE/{PROFILE}
fmgr_webproxy_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
header-client-ip: <value in [pass, add, remove]>
header-front-end-https: <value in [pass, add, remove]>
header-via-request: <value in [pass, add, remove]>
header-via-response: <value in [pass, add, remove]>
header-x-authenticated-groups: <value in [pass, add, remove]>
header-x-authenticated-user: <value in [pass, add, remove]>
header-x-forwarded-for: <value in [pass, add, remove]>
headers:
-
action: <value in [add-to-request, add-to-response, remove-from-request, ...]>
content: <value of string>
id: <value of integer>
name: <value of string>
log-header-change: <value in [disable, enable]>
name: <value of string>
strip-encoding: <value in [disable, enable]>
- name: REQUESTING /PM/CONFIG/OBJ/WEB-PROXY/PROFILE/{PROFILE}
fmgr_webproxy_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/web-proxy/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- header-client-ip - Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-front-end-https - Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-via-request - Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-via-response - Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header. type: str
- header-x-authenticated-groups - Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-x-authenticated-user - Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- header-x-forwarded-for - Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str
- headers - No description for the parameter type: array
- action - Action when HTTP the header forwarded. type: str
- content - HTTP headers content. type: str
- id - HTTP forwarded header id. type: int
- name - HTTP forwarded header name. type: str
- log-header-change - Enable/disable logging HTTP header changes. type: str
- name - Profile name. type: str
- strip-encoding - Enable/disable stripping unsupported encoding from the request header. type: str
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/web-proxy/profile/{profile}