fmgr_pkg_firewall_explicitproxypolicy – Configure Explicit proxy policies.¶

New in version 2.2.0.

Synopsis
Requirements
FortiManager Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis ¶

This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v6.x and v7.x.

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

FortiManager Version Compatibility ¶

`6.0.0`
False
`6.2.0`	`6.2.1`	`6.2.2`	`6.2.3`	`6.2.5`	`6.2.6`	`6.2.7`	`6.2.8`	`6.2.9`	`6.2.10`
True	True	True	True	True	True	True	True	True	True
`6.4.0`	`6.4.1`	`6.4.2`	`6.4.3`	`6.4.4`	`6.4.5`	`6.4.6`	`6.4.7`	`6.4.8`	`6.4.9`	`6.4.10`	`6.4.11`
False	False	False	False	False	False	False	False	False	False	False	False
`7.0.0`	`7.0.1`	`7.0.2`	`7.0.3`	`7.0.4`	`7.0.5`	`7.0.6`	`7.0.7`
False	False	False	False	False	False	False	False
`7.2.0`	`7.2.1`	`7.2.2`
False	False	False
`7.4.0`
False

Parameters ¶

access_token -The token to access FortiManager without using username and password. type: str required: false
bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
enable_log - Enable/Disable logging for task. type: bool required: false default: False
forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
state - The directive to create, update or delete an object type: str required: true choices: present, absent
workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
adom - The parameter in requested url type: str required: true
pkg - The parameter in requested url type: str required: true
pkg_firewall_explicitproxypolicy - Configure Explicit proxy policies. type: dict

action - Policy action. type: str choices: [deny, accept] more...

active-auth-method - Active authentication method. type: str choices: [ntlm, basic, digest, form, none, negotiate] more...

application-list - Application list. type: str more...

av-profile - Antivirus profile. type: str more...

casi-profile - CASI profile. type: str more...

comments - Comment. type: str more...

disclaimer - Web proxy disclaimer setting. type: str choices: [disable, domain, policy, user] more...

dlp-sensor - DLP sensor. type: str more...

dstaddr - Destination address name. type: str more...

dstaddr-negate - Enable/disable negated destination address match. type: str choices: [disable, enable] more...

dstaddr6 - IPv6 destination address (web proxy only). type: str more...

dstintf - Destination interface name. type: str more...

global-label - Label for global view. type: str more...

icap-profile - ICAP profile. type: str more...

identity-based - Enable/disable identity-based policy. type: str choices: [disable, enable] more...

identity-based-policy - No description for the parameter type: array more...

application-list - Application list. type: str more...

av-profile - Antivirus profile. type: str more...

casi-profile - CASI profile. type: str more...

disclaimer - Web proxy disclaimer setting. type: str choices: [disable, domain, policy, user] more...

dlp-sensor - DLP sensor. type: str more...

groups - Group name. type: str more...

icap-profile - ICAP profile. type: str more...

id - ID. type: int more...

ips-sensor - IPS sensor. type: str more...

logtraffic - Enable/disable policy log traffic. type: str choices: [disable, all, utm] more...

logtraffic-start - Enable/disable policy log traffic start. type: str choices: [disable, enable] more...

mms-profile - mms profile type: str more...

profile-group - profile group type: str more...

profile-protocol-options - Profile protocol options. type: str more...

profile-type - profile type type: str choices: [single, group] more...

replacemsg-override-group - Specify authentication replacement message override group. type: str more...

scan-botnet-connections - Enable/disable scanning of connections to Botnet servers. type: str choices: [disable, block, monitor] more...

schedule - Schedule name. type: str more...

spamfilter-profile - Spam filter profile. type: str more...

ssl-ssh-profile - SSL SSH Profile. type: str more...

users - User name. type: str more...

utm-status - Enable AV/web/IPS protection profile. type: str choices: [disable, enable] more...

waf-profile - Web application firewall profile. type: str more...

webfilter-profile - Web filter profile. type: str more...

ip-based - Enable/disable IP-based authentication. type: str choices: [disable, enable] more...

ips-sensor - IPS sensor. type: str more...

label - Label for section view. type: str more...

logtraffic - Enable/disable policy log traffic. type: str choices: [disable, all, utm] more...

logtraffic-start - Enable/disable policy log traffic start. type: str choices: [disable, enable] more...

mms-profile - mms profile type: str more...

policyid - Policy ID. type: int more...

profile-group - profile group type: str more...

profile-protocol-options - Profile protocol options. type: str more...

profile-type - profile type type: str choices: [single, group] more...

proxy - Explicit proxy type. type: str choices: [web, ftp, wanopt] more...

replacemsg-override-group - Specify authentication replacement message override group. type: str more...

require-tfa - Enable/disable requirement of 2-factor authentication. type: str choices: [disable, enable] more...

scan-botnet-connections - Enable/disable scanning of connections to Botnet servers. type: str choices: [disable, block, monitor] more...

schedule - Schedule name. type: str more...

service - Service name. type: str more...

service-negate - Enable/disable negated service match. type: str choices: [disable, enable] more...

spamfilter-profile - Spam filter profile. type: str more...

srcaddr - Source address name. type: str more...

srcaddr-negate - Enable/disable negated source address match. type: str choices: [disable, enable] more...

srcaddr6 - IPv6 source address (web proxy only). type: str more...

ssl-ssh-profile - SSL SSH Profile. type: str more...

sso-auth-method - SSO authentication method. type: str choices: [fsso, rsso, none] more...

status - Enable/disable policy status. type: str choices: [disable, enable] more...

tags - Applied object tags. type: str more...

transaction-based - Enable/disable transaction based authentication. type: str choices: [disable, enable] more...

transparent - Use IP address of client to connect to server. type: str choices: [disable, enable] more...

utm-status - Enable AV/web/IPS protection profile. type: str choices: [disable, enable] more...

uuid - Universally Unique IDentifier. type: str more...

waf-profile - Web application firewall profile. type: str more...

web-auth-cookie - Enable/disable Web authentication cookie. type: str choices: [disable, enable] more...

webcache - Enable/disable web cache. type: str choices: [disable, enable] more...

webcache-https - Enable/disable web cache for HTTPS. type: str choices: [disable, any, enable] more...

webfilter-profile - Web filter profile. type: str more...

webproxy-forward-server - Web proxy forward server. type: str more...

webproxy-profile - Web proxy profile. type: str more...

Notes ¶

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples ¶

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure Explicit proxy policies.
     fmgr_pkg_firewall_explicitproxypolicy:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        pkg: <your own value>
        state: <value in [present, absent]>
        pkg_firewall_explicitproxypolicy:
           action: <value in [deny, accept]>
           active-auth-method: <value in [ntlm, basic, digest, ...]>
           application-list: <value of string>
           av-profile: <value of string>
           casi-profile: <value of string>
           comments: <value of string>
           disclaimer: <value in [disable, domain, policy, ...]>
           dlp-sensor: <value of string>
           dstaddr: <value of string>
           dstaddr-negate: <value in [disable, enable]>
           dstaddr6: <value of string>
           dstintf: <value of string>
           global-label: <value of string>
           icap-profile: <value of string>
           identity-based: <value in [disable, enable]>
           identity-based-policy:
             -
                 application-list: <value of string>
                 av-profile: <value of string>
                 casi-profile: <value of string>
                 disclaimer: <value in [disable, domain, policy, ...]>
                 dlp-sensor: <value of string>
                 groups: <value of string>
                 icap-profile: <value of string>
                 id: <value of integer>
                 ips-sensor: <value of string>
                 logtraffic: <value in [disable, all, utm]>
                 logtraffic-start: <value in [disable, enable]>
                 mms-profile: <value of string>
                 profile-group: <value of string>
                 profile-protocol-options: <value of string>
                 profile-type: <value in [single, group]>
                 replacemsg-override-group: <value of string>
                 scan-botnet-connections: <value in [disable, block, monitor]>
                 schedule: <value of string>
                 spamfilter-profile: <value of string>
                 ssl-ssh-profile: <value of string>
                 users: <value of string>
                 utm-status: <value in [disable, enable]>
                 waf-profile: <value of string>
                 webfilter-profile: <value of string>
           ip-based: <value in [disable, enable]>
           ips-sensor: <value of string>
           label: <value of string>
           logtraffic: <value in [disable, all, utm]>
           logtraffic-start: <value in [disable, enable]>
           mms-profile: <value of string>
           policyid: <value of integer>
           profile-group: <value of string>
           profile-protocol-options: <value of string>
           profile-type: <value in [single, group]>
           proxy: <value in [web, ftp, wanopt]>
           replacemsg-override-group: <value of string>
           require-tfa: <value in [disable, enable]>
           scan-botnet-connections: <value in [disable, block, monitor]>
           schedule: <value of string>
           service: <value of string>
           service-negate: <value in [disable, enable]>
           spamfilter-profile: <value of string>
           srcaddr: <value of string>
           srcaddr-negate: <value in [disable, enable]>
           srcaddr6: <value of string>
           ssl-ssh-profile: <value of string>
           sso-auth-method: <value in [fsso, rsso, none]>
           status: <value in [disable, enable]>
           tags: <value of string>
           transaction-based: <value in [disable, enable]>
           transparent: <value in [disable, enable]>
           utm-status: <value in [disable, enable]>
           uuid: <value of string>
           waf-profile: <value of string>
           web-auth-cookie: <value in [disable, enable]>
           webcache: <value in [disable, enable]>
           webcache-https: <value in [disable, any, enable]>
           webfilter-profile: <value of string>
           webproxy-forward-server: <value of string>
           webproxy-profile: <value of string>

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

meta - The result of the request.returned: always type: dict

request_url - The full url requested. returned: always type: str sample: /sys/login/user
response_code - The status of api request. returned: always type: int sample: 0
response_data - The data body of the api response. returned: optional type: list or dict
response_message - The descriptive message of the api response. returned: always type: str sample: OK
system_information - The information of the target system. returned: always type: dict

rc - The status the request. returned: always type: int 0
version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least on parameter mpt supported by the current FortiManager version type: list 0

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Xinwei Du (@dux-fortinet)
Xing Li (@lix-fortinet)
Jie Xue (@JieX19)
Link Zheng (@chillancezen)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.