fmgr_pkg_header_policy – Configure IPv4/IPv6 policies.

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

Argument name before 3.0.0: var-name, var name, var.name
New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis 

This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v7.x.

Requirements 

The below requirements are needed on the host that executes this module.

ansible>=2.15.0

FortiManager Version Compatibility 

Supported Version Ranges: v6.0.0 -> latest

Parameters 

access_token -The token to access FortiManager without using username and password. type: str required: false
bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
enable_log - Enable/Disable logging for task. type: bool required: false default: False
forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
state - The directive to create, update or delete an object type: str required: true choices: present, absent
workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
pkg - The parameter in requested url type: str required: true
pkg_header_policy - Configure IPv4/IPv6 policies. type: dict

action Action. type: str choices: [deny, accept, ipsec, ssl-vpn, redirect, isolate] more...

Supported Version Ranges: v6.0.0 -> latest
active_auth_method (Alias name: active-auth-method) Active auth method. type: str choices: [ntlm, basic, digest, form] more...

Supported Version Ranges: v6.0.0 -> latest
anti_replay (Alias name: anti-replay) Anti replay. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
app_category (Alias name: app-category) App category. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
app_group (Alias name: app-group) App group. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
application Application. type: list more...

Supported Version Ranges: v6.0.0 -> latest
application_charts (Alias name: application-charts) Application charts. type: list choices: [top10-app, top10-p2p-user, top10-media-user] more...

Supported Version Ranges: v6.0.0 -> latest
application_list (Alias name: application-list) Application list. type: str more...

Supported Version Ranges: v6.0.0 -> latest
auth_cert (Alias name: auth-cert) Auth cert. type: str more...

Supported Version Ranges: v6.0.0 -> latest
auth_method (Alias name: auth-method) Auth method. type: str choices: [basic, digest, ntlm, fsae, form, fsso, rsso] more...

Supported Version Ranges: v6.0.0 -> latest
auth_path (Alias name: auth-path) Auth path. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
auth_portal (Alias name: auth-portal) Auth portal. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
auth_redirect_addr (Alias name: auth-redirect-addr) Auth redirect addr. type: str more...

Supported Version Ranges: v6.0.0 -> latest
auto_asic_offload (Alias name: auto-asic-offload) Auto asic offload. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
av_profile (Alias name: av-profile) Av profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
bandwidth Bandwidth. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
block_notification (Alias name: block-notification) Block notification. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
captive_portal_exempt (Alias name: captive-portal-exempt) Captive portal exempt. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
capture_packet (Alias name: capture-packet) Capture packet. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
casi_profile (Alias name: casi-profile) Casi profile. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
central_nat (Alias name: central-nat) Central nat. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
cifs_profile (Alias name: cifs-profile) Cifs profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
client_reputation (Alias name: client-reputation) Client reputation. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
client_reputation_mode (Alias name: client-reputation-mode) Client reputation mode. type: str choices: [learning, monitoring] more...

Supported Version Ranges: v6.0.0 -> latest
comments Comments. type: dict or str
custom_log_fields (Alias name: custom-log-fields) Custom log fields. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
deep_inspection_options (Alias name: deep-inspection-options) Deep inspection options. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
delay_tcp_npu_session (Alias name: delay-tcp-npu-session) Delay tcp npu session. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
delay_tcp_npu_sessoin (Alias name: delay-tcp-npu-sessoin) Delay tcp npu sessoin. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
device_detection_portal (Alias name: device-detection-portal) Device detection portal. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
devices Devices. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
diffserv_forward (Alias name: diffserv-forward) Diffserv forward. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
diffserv_reverse (Alias name: diffserv-reverse) Diffserv reverse. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
diffservcode_forward (Alias name: diffservcode-forward) Diffservcode forward. type: str more...

Supported Version Ranges: v6.0.0 -> latest
diffservcode_rev (Alias name: diffservcode-rev) Diffservcode rev. type: str more...

Supported Version Ranges: v6.0.0 -> latest
disclaimer Disclaimer. type: str choices: [disable, enable, user, domain, policy] more...

Supported Version Ranges: v6.0.0 -> latest
dlp_sensor (Alias name: dlp-sensor) Dlp sensor. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
dnsfilter_profile (Alias name: dnsfilter-profile) Dnsfilter profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
dponly Dponly. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
dscp_match (Alias name: dscp-match) Dscp match. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
dscp_negate (Alias name: dscp-negate) Dscp negate. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
dscp_value (Alias name: dscp-value) Dscp value. type: str more...

Supported Version Ranges: v6.0.0 -> latest
dsri Dsri. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
dstaddr Dstaddr. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
dstaddr_negate (Alias name: dstaddr-negate) Dstaddr negate. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
dstaddr6 Dstaddr6. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
dstintf Dstintf. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
dynamic_profile (Alias name: dynamic-profile) Dynamic profile. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
dynamic_profile_access (Alias name: dynamic-profile-access) Dynamic profile access. type: list choices: [imap, smtp, pop3, http, ftp, im, nntp, imaps, smtps, pop3s, https, ftps, ssh] more...

Supported Version Ranges: v6.0.0 -> latest
dynamic_profile_fallthrough (Alias name: dynamic-profile-fallthrough) Dynamic profile fallthrough. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
dynamic_profile_group (Alias name: dynamic-profile-group) Dynamic profile group. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
email_collect (Alias name: email-collect) Email collect. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
email_collection_portal (Alias name: email-collection-portal) Email collection portal. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
emailfilter_profile (Alias name: emailfilter-profile) Emailfilter profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
endpoint_check (Alias name: endpoint-check) Endpoint check. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
endpoint_compliance (Alias name: endpoint-compliance) Endpoint compliance. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
endpoint_keepalive_interface (Alias name: endpoint-keepalive-interface) Endpoint keepalive interface. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
endpoint_profile (Alias name: endpoint-profile) Endpoint profile. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
failed_connection (Alias name: failed-connection) Failed connection. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
fall_through_unauthenticated (Alias name: fall-through-unauthenticated) Fall through unauthenticated. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
firewall_session_dirty (Alias name: firewall-session-dirty) Firewall session dirty. type: str choices: [check-all, check-new] more...

Supported Version Ranges: v6.0.0 -> latest
fixedport Fixedport. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
forticlient_compliance_devices (Alias name: forticlient-compliance-devices) Forticlient compliance devices. type: list choices: [windows-pc, mac, iphone-ipad, android] more...

Supported Version Ranges: v6.0.0 -> latest
forticlient_compliance_enforcement_portal (Alias name: forticlient-compliance-enforcement-portal) Forticlient compliance enforcement portal. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
fsae Fsae. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
fsae_server_for_ntlm (Alias name: fsae-server-for-ntlm) Fsae server for ntlm. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
fsso Fsso. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
fsso_agent_for_ntlm (Alias name: fsso-agent-for-ntlm) Fsso agent for ntlm. type: str more...

Supported Version Ranges: v6.0.0 -> latest
geo_location (Alias name: geo-location) Geo location. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
geoip_anycast (Alias name: geoip-anycast) Geoip anycast. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
global_label (Alias name: global-label) Global label. type: str more...

Supported Version Ranges: v6.0.0 -> latest
groups Groups. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
gtp_profile (Alias name: gtp-profile) Gtp profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
http_policy_redirect (Alias name: http-policy-redirect) Http policy redirect. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
icap_profile (Alias name: icap-profile) Icap profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
identity_based (Alias name: identity-based) Identity based. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
identity_based_policy (Alias name: identity-based-policy) Identity based policy. type: list more...

Supported Version Ranges: v6.0.0 -> v6.2.0
- action Action. type: str choices: [deny, accept] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- application_charts (Alias name: application-charts) Application charts. type: list choices: [top10-app, top10-p2p-user, top10-media-user] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- application_list (Alias name: application-list) Application list. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- av_profile (Alias name: av-profile) Av profile. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- capture_packet (Alias name: capture-packet) Capture packet. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- deep_inspection_options (Alias name: deep-inspection-options) Deep inspection options. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- devices Devices. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- dlp_sensor (Alias name: dlp-sensor) Dlp sensor. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- dstaddr Dstaddr. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- dstaddr_negate (Alias name: dstaddr-negate) Dstaddr negate. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- endpoint_compliance (Alias name: endpoint-compliance) Endpoint compliance. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- groups Groups. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- icap_profile (Alias name: icap-profile) Icap profile. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- id Id. type: int more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- ips_sensor (Alias name: ips-sensor) Ips sensor. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- logtraffic Logtraffic. type: str choices: [disable, enable, all, utm] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- logtraffic_app (Alias name: logtraffic-app) Logtraffic app. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- logtraffic_start (Alias name: logtraffic-start) Logtraffic start. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- mms_profile (Alias name: mms-profile) Mms profile. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- per_ip_shaper (Alias name: per-ip-shaper) Per ip shaper. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- profile_group (Alias name: profile-group) Profile group. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- profile_protocol_options (Alias name: profile-protocol-options) Profile protocol options. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- profile_type (Alias name: profile-type) Profile type. type: str choices: [single, group] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- replacemsg_group (Alias name: replacemsg-group) Replacemsg group. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- schedule Schedule. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- send_deny_packet (Alias name: send-deny-packet) Send deny packet. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- service Service. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- service_negate (Alias name: service-negate) Service negate. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- spamfilter_profile (Alias name: spamfilter-profile) Spamfilter profile. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- sslvpn_portal (Alias name: sslvpn-portal) Sslvpn portal. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- sslvpn_realm (Alias name: sslvpn-realm) Sslvpn realm. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- traffic_shaper (Alias name: traffic-shaper) Traffic shaper. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- traffic_shaper_reverse (Alias name: traffic-shaper-reverse) Traffic shaper reverse. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- users Users. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- utm_status (Alias name: utm-status) Utm status. type: str choices: [disable, enable] more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- voip_profile (Alias name: voip-profile) Voip profile. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
- webfilter_profile (Alias name: webfilter-profile) Webfilter profile. type: str more...
  
  Supported Version Ranges: v6.0.0 -> v6.2.0
identity_based_route (Alias name: identity-based-route) Identity based route. type: str more...

Supported Version Ranges: v6.0.0 -> latest
identity_from (Alias name: identity-from) Identity from. type: str choices: [auth, device] more...

Supported Version Ranges: v6.0.0 -> latest
inbound Inbound. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
inspection_mode (Alias name: inspection-mode) Inspection mode. type: str choices: [proxy, flow] more...

Supported Version Ranges: v6.0.0 -> latest
internet_service (Alias name: internet-service) Internet service. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_custom (Alias name: internet-service-custom) Internet service custom. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_custom_group (Alias name: internet-service-custom-group) Internet service custom group. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_group (Alias name: internet-service-group) Internet service group. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_id (Alias name: internet-service-id) Internet service id. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_negate (Alias name: internet-service-negate) Internet service negate. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_src (Alias name: internet-service-src) Internet service src. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_src_custom (Alias name: internet-service-src-custom) Internet service src custom. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_src_custom_group (Alias name: internet-service-src-custom-group) Internet service src custom group. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_src_group (Alias name: internet-service-src-group) Internet service src group. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_src_id (Alias name: internet-service-src-id) Internet service src id. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
internet_service_src_negate (Alias name: internet-service-src-negate) Internet service src negate. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
ip_based (Alias name: ip-based) Ip based. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
ippool Ippool. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
ips_sensor (Alias name: ips-sensor) Ips sensor. type: str more...

Supported Version Ranges: v6.0.0 -> latest
label Label. type: str more...

Supported Version Ranges: v6.0.0 -> latest
learning_mode (Alias name: learning-mode) Learning mode. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
log_unmatched_traffic (Alias name: log-unmatched-traffic) Log unmatched traffic. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
logtraffic Logtraffic. type: str choices: [disable, enable, all, utm] more...

Supported Version Ranges: v6.0.0 -> latest
logtraffic_app (Alias name: logtraffic-app) Logtraffic app. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
logtraffic_start (Alias name: logtraffic-start) Logtraffic start. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
match_vip (Alias name: match-vip) Match vip. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
mms_profile (Alias name: mms-profile) Mms profile. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
name Name. type: str more...

Supported Version Ranges: v6.0.0 -> latest
nat Nat. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
natinbound Natinbound. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
natip Natip. type: str more...

Supported Version Ranges: v6.0.0 -> latest
natoutbound Natoutbound. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
np_acceleration (Alias name: np-acceleration) Np acceleration. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
ntlm Ntlm. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
ntlm_enabled_browsers (Alias name: ntlm-enabled-browsers) Ntlm enabled browsers. type: list more...

Supported Version Ranges: v6.0.0 -> latest
ntlm_guest (Alias name: ntlm-guest) Ntlm guest. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
outbound Outbound. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
per_ip_shaper (Alias name: per-ip-shaper) Per ip shaper. type: str more...

Supported Version Ranges: v6.0.0 -> latest
permit_any_host (Alias name: permit-any-host) Permit any host. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
permit_stun_host (Alias name: permit-stun-host) Permit stun host. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
policyid Policyid. type: int more...

Supported Version Ranges: v6.0.0 -> latest
poolname Poolname. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
profile_group (Alias name: profile-group) Profile group. type: str more...

Supported Version Ranges: v6.0.0 -> latest
profile_protocol_options (Alias name: profile-protocol-options) Profile protocol options. type: str more...

Supported Version Ranges: v6.0.0 -> latest
profile_type (Alias name: profile-type) Profile type. type: str choices: [single, group] more...

Supported Version Ranges: v6.0.0 -> latest
radius_mac_auth_bypass (Alias name: radius-mac-auth-bypass) Radius mac auth bypass. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
redirect_url (Alias name: redirect-url) Redirect url. type: str more...

Supported Version Ranges: v6.0.0 -> latest
replacemsg_group (Alias name: replacemsg-group) Replacemsg group. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
replacemsg_override_group (Alias name: replacemsg-override-group) Replacemsg override group. type: str more...

Supported Version Ranges: v6.0.0 -> latest
reputation_direction (Alias name: reputation-direction) Reputation direction. type: str choices: [source, destination] more...

Supported Version Ranges: v6.0.0 -> latest
reputation_minimum (Alias name: reputation-minimum) Reputation minimum. type: int more...

Supported Version Ranges: v6.0.0 -> latest
require_tfa (Alias name: require-tfa) Require tfa. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
rsso Rsso. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
rtp_addr (Alias name: rtp-addr) Rtp addr. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
rtp_nat (Alias name: rtp-nat) Rtp nat. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
scan_botnet_connections (Alias name: scan-botnet-connections) Scan botnet connections. type: str choices: [disable, block, monitor] more...

Supported Version Ranges: v6.0.0 -> latest
schedule Schedule. type: str more...

Supported Version Ranges: v6.0.0 -> latest
schedule_timeout (Alias name: schedule-timeout) Schedule timeout. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
send_deny_packet (Alias name: send-deny-packet) Send deny packet. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
service Service. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
service_negate (Alias name: service-negate) Service negate. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
session_ttl (Alias name: session-ttl) Session ttl. type: int or str more...

Supported Version Ranges: v6.0.0 -> latest
sessions Sessions. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
spamfilter_profile (Alias name: spamfilter-profile) Spamfilter profile. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
srcaddr Srcaddr. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
srcaddr_negate (Alias name: srcaddr-negate) Srcaddr negate. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
srcaddr6 Srcaddr6. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
srcintf Srcintf. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
ssh_filter_profile (Alias name: ssh-filter-profile) Ssh filter profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
ssh_policy_redirect (Alias name: ssh-policy-redirect) Ssh policy redirect. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
ssl_mirror (Alias name: ssl-mirror) Ssl mirror. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
ssl_mirror_intf (Alias name: ssl-mirror-intf) Ssl mirror intf. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
ssl_ssh_profile (Alias name: ssl-ssh-profile) Ssl ssh profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
sslvpn_auth (Alias name: sslvpn-auth) Sslvpn auth. type: str choices: [any, local, radius, ldap, tacacs+] more...

Supported Version Ranges: v6.0.0 -> latest
sslvpn_ccert (Alias name: sslvpn-ccert) Sslvpn ccert. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
sslvpn_cipher (Alias name: sslvpn-cipher) Sslvpn cipher. type: str choices: [any, high, medium] more...

Supported Version Ranges: v6.0.0 -> latest
sso_auth_method (Alias name: sso-auth-method) Sso auth method. type: str choices: [fsso, rsso] more...

Supported Version Ranges: v6.0.0 -> latest
status Status. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
tags Tags. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
tcp_mss_receiver (Alias name: tcp-mss-receiver) Tcp mss receiver. type: int more...

Supported Version Ranges: v6.0.0 -> latest
tcp_mss_sender (Alias name: tcp-mss-sender) Tcp mss sender. type: int more...

Supported Version Ranges: v6.0.0 -> latest
tcp_reset (Alias name: tcp-reset) Tcp reset. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
tcp_session_without_syn (Alias name: tcp-session-without-syn) Tcp session without syn. type: str choices: [all, data-only, disable] more...

Supported Version Ranges: v6.0.0 -> latest
timeout_send_rst (Alias name: timeout-send-rst) Timeout send rst. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
tos Tos. type: str more...

Supported Version Ranges: v6.0.0 -> latest
tos_mask (Alias name: tos-mask) Tos mask. type: str more...

Supported Version Ranges: v6.0.0 -> latest
tos_negate (Alias name: tos-negate) Tos negate. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
traffic_shaper (Alias name: traffic-shaper) Traffic shaper. type: str more...

Supported Version Ranges: v6.0.0 -> latest
traffic_shaper_reverse (Alias name: traffic-shaper-reverse) Traffic shaper reverse. type: str more...

Supported Version Ranges: v6.0.0 -> latest
transaction_based (Alias name: transaction-based) Transaction based. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
url_category (Alias name: url-category) Url category. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
users Users. type: list or str more...

Supported Version Ranges: v6.0.0 -> latest
utm_inspection_mode (Alias name: utm-inspection-mode) Utm inspection mode. type: str choices: [proxy, flow] more...

Supported Version Ranges: v6.0.0 -> latest
utm_status (Alias name: utm-status) Utm status. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
uuid Uuid. type: str more...

Supported Version Ranges: v6.0.0 -> latest
vlan_cos_fwd (Alias name: vlan-cos-fwd) Vlan cos fwd. type: int more...

Supported Version Ranges: v6.0.0 -> latest
vlan_cos_rev (Alias name: vlan-cos-rev) Vlan cos rev. type: int more...

Supported Version Ranges: v6.0.0 -> latest
vlan_filter (Alias name: vlan-filter) Vlan filter. type: str more...

Supported Version Ranges: v6.0.0 -> latest
voip_profile (Alias name: voip-profile) Voip profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
vpntunnel Vpntunnel. type: str more...

Supported Version Ranges: v6.0.0 -> latest
waf_profile (Alias name: waf-profile) Waf profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
wanopt Wanopt. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
wanopt_detection (Alias name: wanopt-detection) Wanopt detection. type: str choices: [active, passive, off] more...

Supported Version Ranges: v6.0.0 -> latest
wanopt_passive_opt (Alias name: wanopt-passive-opt) Wanopt passive opt. type: str choices: [default, transparent, non-transparent] more...

Supported Version Ranges: v6.0.0 -> latest
wanopt_peer (Alias name: wanopt-peer) Wanopt peer. type: str more...

Supported Version Ranges: v6.0.0 -> latest
wanopt_profile (Alias name: wanopt-profile) Wanopt profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
wccp Wccp. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
web_auth_cookie (Alias name: web-auth-cookie) Web auth cookie. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
webcache Webcache. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
webcache_https (Alias name: webcache-https) Webcache https. type: str choices: [disable, ssl-server, any, enable] more...

Supported Version Ranges: v6.0.0 -> latest
webfilter_profile (Alias name: webfilter-profile) Webfilter profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
webproxy_forward_server (Alias name: webproxy-forward-server) Webproxy forward server. type: str more...

Supported Version Ranges: v6.0.0 -> latest
webproxy_profile (Alias name: webproxy-profile) Webproxy profile. type: str more...

Supported Version Ranges: v6.0.0 -> latest
wsso Wsso. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.0.0 -> latest
fsso_groups (Alias name: fsso-groups) Fsso groups. type: list or str more...

Supported Version Ranges: v6.2.1 -> latest
match_vip_only (Alias name: match-vip-only) Match vip only. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.2.1 -> latest
np_accelation (Alias name: np-accelation) Np accelation. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.2.1 -> v6.4.15
best_route (Alias name: best-route) Best route. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.2.2 -> latest
decrypted_traffic_mirror (Alias name: decrypted-traffic-mirror) Decrypted traffic mirror. type: str more...

Supported Version Ranges: v6.4.0 -> latest
geoip_match (Alias name: geoip-match) Geoip match. type: str choices: [physical-location, registered-location] more...

Supported Version Ranges: v6.4.0 -> latest
internet_service_name (Alias name: internet-service-name) Internet service name. type: list or str more...

Supported Version Ranges: v6.4.0 -> latest
internet_service_src_name (Alias name: internet-service-src-name) Internet service src name. type: list or str more...

Supported Version Ranges: v6.4.0 -> latest
poolname6 Poolname6. type: list or str more...

Supported Version Ranges: v6.4.0 -> latest
src_vendor_mac (Alias name: src-vendor-mac) Src vendor mac. type: list or str more...

Supported Version Ranges: v6.4.0 -> latest
vendor_mac (Alias name: vendor-mac) Vendor mac. type: list or str more...

Supported Version Ranges: v6.4.0 -> latest
file_filter_profile (Alias name: file-filter-profile) File filter profile. type: str more...

Supported Version Ranges: v6.4.1 -> latest
cgn_eif (Alias name: cgn-eif) Enable/disable cgn endpoint independent filtering. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.2.7 -> v6.2.13, v6.4.3 -> latest
cgn_eim (Alias name: cgn-eim) Enable/disable cgn endpoint independent mapping type: str choices: [disable, enable] more...

Supported Version Ranges: v6.2.7 -> v6.2.13, v6.4.3 -> latest
cgn_log_server_grp (Alias name: cgn-log-server-grp) Np log server group name type: list or str more...

Supported Version Ranges: v6.2.7 -> v6.2.13, v6.4.3 -> latest
cgn_resource_quota (Alias name: cgn-resource-quota) Resource quota type: int more...

Supported Version Ranges: v6.2.7 -> v6.2.13, v6.4.3 -> latest
cgn_session_quota (Alias name: cgn-session-quota) Session quota type: int more...

Supported Version Ranges: v6.2.7 -> v6.2.13, v6.4.3 -> latest
policy_offload (Alias name: policy-offload) Enable/disable hardware session setup for cgnat. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.2.7 -> v6.2.13, v6.4.3 -> latest
dynamic_shaping (Alias name: dynamic-shaping) Enable/disable dynamic radius defined traffic shaping. type: str choices: [disable, enable] more...

Supported Version Ranges: v6.4.6 -> latest
passive_wan_health_measurement (Alias name: passive-wan-health-measurement) Enable/disable passive wan health measurement. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.0 -> latest
videofilter_profile (Alias name: videofilter-profile) Name of an existing videofilter profile. type: str more...

Supported Version Ranges: v7.0.0 -> latest
ztna_ems_tag (Alias name: ztna-ems-tag) Source ztna-ems-tag names. type: list or str more...

Supported Version Ranges: v7.0.0 -> latest
ztna_geo_tag (Alias name: ztna-geo-tag) Source ztna-geo-tag names. type: list or str more...

Supported Version Ranges: v7.0.0 -> latest
ztna_status (Alias name: ztna-status) Enable/disable zero trust access. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.0 -> latest
access_proxy (Alias name: access-proxy) Access proxy. type: list more...

Supported Version Ranges: v7.0.3 -> latest
dlp_profile (Alias name: dlp-profile) Name of an existing dlp profile. type: str more...

Supported Version Ranges: v7.2.0 -> latest
dynamic_bypass (Alias name: dynamic-bypass) Dynamic bypass. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.3 -> latest
fec Enable/disable forward error correction on traffic matching this policy on a fec device. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.2 -> latest
force_proxy (Alias name: force-proxy) Force proxy. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.3 -> latest
http_tunnel_auth (Alias name: http-tunnel-auth) Http tunnel auth. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.3 -> latest
ia_profile (Alias name: ia-profile) Ia profile. type: list more...

Supported Version Ranges: v7.0.3 -> latest
isolator_server (Alias name: isolator-server) Isolator server. type: list more...

Supported Version Ranges: v7.0.3 -> latest
log_http_transaction (Alias name: log-http-transaction) Log http transaction. type: str choices: [disable, enable, all, utm] more...

Supported Version Ranges: v7.0.3 -> latest
max_session_per_user (Alias name: max-session-per-user) Max session per user. type: int more...

Supported Version Ranges: v7.0.3 -> latest
nat46 Enable/disable nat46. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.1 -> latest
nat64 Enable/disable nat64. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.1 -> latest
pass_through (Alias name: pass-through) Pass through. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.3 -> latest
pfcp_profile (Alias name: pfcp-profile) Pfcp profile. type: str more...

Supported Version Ranges: v7.0.1 -> latest
policy_expiry (Alias name: policy-expiry) Enable/disable policy expiry. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.0 -> latest
policy_expiry_date (Alias name: policy-expiry-date) Policy expiry date (yyyy-mm-dd hh:mm:ss). type: str more...

Supported Version Ranges: v7.2.0 -> latest
reverse_cache (Alias name: reverse-cache) Reverse cache. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.3 -> latest
sctp_filter_profile (Alias name: sctp-filter-profile) Name of an existing sctp filter profile. type: str more...

Supported Version Ranges: v7.0.1 -> latest
sgt Security group tags. type: list more...

Supported Version Ranges: v7.0.1 -> latest
sgt_check (Alias name: sgt-check) Enable/disable security group tags (sgt) check. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.1 -> latest
tcp_timeout_pid (Alias name: tcp-timeout-pid) Tcp timeout profile id type: list more...

Supported Version Ranges: v7.0.3 -> latest
transparent Transparent. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.3 -> latest
type Type. type: str choices: [explicit-web, transparent, explicit-ftp, ssh-tunnel, ssh, wanopt, access-proxy] more...

Supported Version Ranges: v7.0.3 -> latest
udp_timeout_pid (Alias name: udp-timeout-pid) Udp timeout profile id type: list more...

Supported Version Ranges: v7.0.3 -> latest
ztna_tags_match_logic (Alias name: ztna-tags-match-logic) Ztna tags match logic. type: str choices: [or, and] more...

Supported Version Ranges: v7.0.3 -> latest
uuid_idx (Alias name: uuid-idx) Uuid idx. type: int more...

Supported Version Ranges: v7.0.1 -> latest
device_ownership (Alias name: device-ownership) Device ownership. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.5 -> v7.0.13, v7.2.1 -> latest
ssh_policy_check (Alias name: ssh-policy-check) Ssh policy check. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.5 -> v7.0.13, v7.2.1 -> latest
extended_log (Alias name: extended-log) Extended log. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.0.11 -> v7.0.13, v7.2.5 -> v7.2.8, v7.4.1 -> latest
diffserv_copy (Alias name: diffserv-copy) Enable to copy packets diffserv values from sessions original direction to its reply direction. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.1 -> latest
dstaddr6_negate (Alias name: dstaddr6-negate) When enabled dstaddr6 specifies what the destination address must not be. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6 (Alias name: internet-service6) Enable/disable use of ipv6 internet services for this policy. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_custom (Alias name: internet-service6-custom) Custom ipv6 internet service name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_custom_group (Alias name: internet-service6-custom-group) Custom internet service6 group name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_group (Alias name: internet-service6-group) Internet service group name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_name (Alias name: internet-service6-name) Ipv6 internet service name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_negate (Alias name: internet-service6-negate) When enabled internet-service6 specifies what the service must not be. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_src (Alias name: internet-service6-src) Enable/disable use of ipv6 internet services in source for this policy. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_src_custom (Alias name: internet-service6-src-custom) Custom ipv6 internet service source name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_src_custom_group (Alias name: internet-service6-src-custom-group) Custom internet service6 source group name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_src_group (Alias name: internet-service6-src-group) Internet service6 source group name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_src_name (Alias name: internet-service6-src-name) Ipv6 internet service source name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
internet_service6_src_negate (Alias name: internet-service6-src-negate) When enabled internet-service6-src specifies what the service must not be. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.1 -> latest
network_service_dynamic (Alias name: network-service-dynamic) Dynamic network service name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
network_service_src_dynamic (Alias name: network-service-src-dynamic) Dynamic network service source name. type: list more...

Supported Version Ranges: v7.2.1 -> latest
reputation_direction6 (Alias name: reputation-direction6) Direction of the initial traffic for ipv6 reputation to take effect. type: str choices: [source, destination] more...

Supported Version Ranges: v7.2.1 -> latest
reputation_minimum6 (Alias name: reputation-minimum6) Ipv6 minimum reputation to take action. type: int more...

Supported Version Ranges: v7.2.1 -> latest
srcaddr6_negate (Alias name: srcaddr6-negate) When enabled srcaddr6 specifies what the source address must not be. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.1 -> latest
_policy_block Assigned policy block. type: int more...

Supported Version Ranges: v7.2.2 -> latest
isolator_profile (Alias name: isolator-profile) Isolator profile. type: list more...

Supported Version Ranges: v7.2.2 -> latest
policy_expiry_date_utc (Alias name: policy-expiry-date-utc) Policy expiry date and time, in epoch format. type: str more...

Supported Version Ranges: v7.2.2 -> latest
ztna_device_ownership (Alias name: ztna-device-ownership) Enable/disable zero trust device ownership. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.2 -> latest
ztna_policy_redirect (Alias name: ztna-policy-redirect) Redirect ztna traffic to matching access-proxy proxy-policy. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.2.2 -> latest
ip_version_type (Alias name: ip-version-type) Ip version of the policy. type: str more...

Supported Version Ranges: v7.2.3 -> latest
ips_voip_filter (Alias name: ips-voip-filter) Name of an existing voip (ips) profile. type: str more...

Supported Version Ranges: v7.2.3 -> latest
policy_behaviour_type (Alias name: policy-behaviour-type) Behaviour of the policy. type: str more...

Supported Version Ranges: v7.2.3 -> latest
pcp_inbound (Alias name: pcp-inbound) Enable/disable pcp inbound dnat. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.4.0 -> latest
pcp_outbound (Alias name: pcp-outbound) Enable/disable pcp outbound snat. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.4.0 -> latest
pcp_poolname (Alias name: pcp-poolname) Pcp pool names. type: list more...

Supported Version Ranges: v7.4.0 -> latest
ztna_ems_tag_secondary (Alias name: ztna-ems-tag-secondary) Source ztna-ems-tag-secondary names. type: list more...

Supported Version Ranges: v7.4.0 -> latest
casb_profile (Alias name: casb-profile) Name of an existing casb profile. type: str more...

Supported Version Ranges: v7.4.1 -> latest
implicit_proxy_detection (Alias name: implicit-proxy-detection) Implicit proxy detection. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.4.1 -> latest
virtual_patch_profile (Alias name: virtual-patch-profile) Name of an existing virtual-patch profile. type: str more...

Supported Version Ranges: v7.4.1 -> latest
detect_https_in_http_request (Alias name: detect-https-in-http-request) Detect https in http request. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.4.2 -> latest
diameter_filter_profile (Alias name: diameter-filter-profile) Name of an existing diameter filter profile. type: str more...

Supported Version Ranges: v7.4.2 -> latest
redirect_profile (Alias name: redirect-profile) Redirect profile. type: list more...

Supported Version Ranges: v7.4.2 -> latest
port_preserve (Alias name: port-preserve) Enable/disable preservation of the original source port from source nat if it has not been used. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.4.3 -> latest
cgn_sw_eif_ctrl (Alias name: cgn-sw-eif-ctrl) Enable/disable software endpoint independent filtering control. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.6.0 -> latest
eif_check (Alias name: eif-check) Enable/disable check endpoint-independent-filtering pinhole. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.6.0 -> latest
eif_learn (Alias name: eif-learn) Enable/disable learning of end-point-independent filtering pinhole. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.6.0 -> latest
radius_ip_auth_bypass (Alias name: radius-ip-auth-bypass) Enable ip authentication bypass. type: str choices: [disable, enable] more...

Supported Version Ranges: v7.6.0 -> latest
url_risk (Alias name: url-risk) Url risk. type: list more...

Supported Version Ranges: v7.4.4 -> v7.4.5

Notes 

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples 

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure IPv4 header policies.
      fortinet.fortimanager.fmgr_pkg_header_policy:
        bypass_validation: false
        pkg: ansible
        state: present
        pkg_header_policy:
          action: accept # <value in [deny, accept, ipsec, ...]>
          comments: "ansible-comment"
          dstaddr: gall
          dstintf: any
          name: ansible-test-header
          policyid: 1073741826 # must larger than 2^30(1074741824), since header/footer policy is a special policy
          schedule: galways
          service: gALL
          srcaddr: gall
          srcintf: any
          status: disable

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the IPv4 header policies
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "pkg_header_policy"
          params:
            pkg: "ansible"
            policy: "your_value"

Return Values 

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

meta - The result of the request.returned: always type: dict

request_url - The full url requested. returned: always type: str sample: /sys/login/user
response_code - The status of api request. returned: always type: int sample: 0
response_data - The data body of the api response. returned: optional type: list or dict
response_message - The descriptive message of the api response. returned: always type: str sample: OK
system_information - The information of the target system. returned: always type: dict

rc - The status the request. returned: always type: int sample: 0
version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status 

This module is not guaranteed to have a backwards compatible interface.

Authors 

Xinwei Du (@dux-fortinet)
Xing Li (@lix-fortinet)
Jie Xue (@JieX19)
Link Zheng (@chillancezen)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)