fmgr_pkg_header_policy6 – Configure IPv6 policies.
Added in version 2.0.0.
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
Argument name before 3.0.0:
var-name
,var name
,var.name
New argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiManager Version Compatibility
Supported Version Ranges: v6.0.0 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- pkg - The parameter in requested url type: str required: true
- pkg_header_policy6 - Configure IPv6 policies. type: dict
- action Action. type: str choices: [deny, accept, ipsec, ssl-vpn] more...
- anti_replay (Alias name: anti-replay) Anti replay. type: str choices: [disable, enable] more...
- app_category (Alias name: app-category) App category. type: list or str more...
- app_group (Alias name: app-group) App group. type: list or str more...
- application Application. type: list more...
- application_charts (Alias name: application-charts) Application charts. type: list choices: [top10-app, top10-p2p-user, top10-media-user] more...
- application_list (Alias name: application-list) Application list. type: list or str more...
- auto_asic_offload (Alias name: auto-asic-offload) Auto asic offload. type: str choices: [disable, enable] more...
- av_profile (Alias name: av-profile) Av profile. type: list or str more...
- casi_profile (Alias name: casi-profile) Casi profile. type: list or str more...
- cifs_profile (Alias name: cifs-profile) Cifs profile. type: list or str more...
- comments Comments. type: str more...
- custom_log_fields (Alias name: custom-log-fields) Custom log fields. type: list or str more...
- deep_inspection_options (Alias name: deep-inspection-options) Deep inspection options. type: list or str more...
- device_detection_portal (Alias name: device-detection-portal) Device detection portal. type: str choices: [disable, enable] more...
- devices Devices. type: list or str more...
- diffserv_forward (Alias name: diffserv-forward) Diffserv forward. type: str choices: [disable, enable] more...
- diffserv_reverse (Alias name: diffserv-reverse) Diffserv reverse. type: str choices: [disable, enable] more...
- diffservcode_forward (Alias name: diffservcode-forward) Diffservcode forward. type: str more...
- diffservcode_rev (Alias name: diffservcode-rev) Diffservcode rev. type: str more...
- dlp_sensor (Alias name: dlp-sensor) Dlp sensor. type: list or str more...
- dnsfilter_profile (Alias name: dnsfilter-profile) Dnsfilter profile. type: list or str more...
- dscp_match (Alias name: dscp-match) Dscp match. type: str choices: [disable, enable] more...
- dscp_negate (Alias name: dscp-negate) Dscp negate. type: str choices: [disable, enable] more...
- dscp_value (Alias name: dscp-value) Dscp value. type: str more...
- dsri Dsri. type: str choices: [disable, enable] more...
- dstaddr Dstaddr. type: list or str more...
- dstaddr_negate (Alias name: dstaddr-negate) Dstaddr negate. type: str choices: [disable, enable] more...
- dstintf Dstintf. type: list or str more...
- dynamic_profile (Alias name: dynamic-profile) Dynamic profile. type: str choices: [disable, enable] more...
- dynamic_profile_access (Alias name: dynamic-profile-access) Dynamic profile access. type: list choices: [imap, smtp, pop3, http, ftp, im, nntp, imaps, smtps, pop3s, https, ftps] more...
- dynamic_profile_group (Alias name: dynamic-profile-group) Dynamic profile group. type: list or str more...
- email_collection_portal (Alias name: email-collection-portal) Email collection portal. type: str choices: [disable, enable] more...
- emailfilter_profile (Alias name: emailfilter-profile) Emailfilter profile. type: list or str more...
- firewall_session_dirty (Alias name: firewall-session-dirty) Firewall session dirty. type: str choices: [check-all, check-new] more...
- fixedport Fixedport. type: str choices: [disable, enable] more...
- fsae Fsae. type: str choices: [disable, enable] more...
- global_label (Alias name: global-label) Global label. type: str more...
- groups Groups. type: list or str more...
- http_policy_redirect (Alias name: http-policy-redirect) Http policy redirect. type: str choices: [disable, enable] more...
- icap_profile (Alias name: icap-profile) Icap profile. type: list or str more...
- identity_based (Alias name: identity-based) Identity based. type: str choices: [disable, enable] more...
- identity_based_policy6 (Alias name: identity-based-policy6) Identity based policy6. type: list
more...
- action Action. type: str choices: [deny, accept] more...
- application_list (Alias name: application-list) Application list. type: str more...
- av_profile (Alias name: av-profile) Av profile. type: str more...
- deep_inspection_options (Alias name: deep-inspection-options) Deep inspection options. type: str more...
- devices Devices. type: str more...
- dlp_sensor (Alias name: dlp-sensor) Dlp sensor. type: str more...
- endpoint_compliance (Alias name: endpoint-compliance) Endpoint compliance. type: str choices: [disable, enable] more...
- groups Groups. type: str more...
- icap_profile (Alias name: icap-profile) Icap profile. type: str more...
- id Id. type: int more...
- ips_sensor (Alias name: ips-sensor) Ips sensor. type: str more...
- logtraffic Logtraffic. type: str choices: [disable, enable, all, utm] more...
- mms_profile (Alias name: mms-profile) Mms profile. type: str more...
- per_ip_shaper (Alias name: per-ip-shaper) Per ip shaper. type: str more...
- profile_group (Alias name: profile-group) Profile group. type: str more...
- profile_protocol_options (Alias name: profile-protocol-options) Profile protocol options. type: str more...
- profile_type (Alias name: profile-type) Profile type. type: str choices: [single, group] more...
- replacemsg_group (Alias name: replacemsg-group) Replacemsg group. type: str more...
- schedule Schedule. type: str more...
- send_deny_packet (Alias name: send-deny-packet) Send deny packet. type: str choices: [disable, enable] more...
- service Service. type: str more...
- service_negate (Alias name: service-negate) Service negate. type: str choices: [disable, enable] more...
- spamfilter_profile (Alias name: spamfilter-profile) Spamfilter profile. type: str more...
- sslvpn_portal (Alias name: sslvpn-portal) Sslvpn portal. type: str more...
- sslvpn_realm (Alias name: sslvpn-realm) Sslvpn realm. type: str more...
- traffic_shaper (Alias name: traffic-shaper) Traffic shaper. type: str more...
- traffic_shaper_reverse (Alias name: traffic-shaper-reverse) Traffic shaper reverse. type: str more...
- utm_status (Alias name: utm-status) Utm status. type: str choices: [disable, enable] more...
- voip_profile (Alias name: voip-profile) Voip profile. type: str more...
- webfilter_profile (Alias name: webfilter-profile) Webfilter profile. type: str more...
- identity_from (Alias name: identity-from) Identity from. type: str choices: [auth, device] more...
- inbound Inbound. type: str choices: [disable, enable] more...
- inspection_mode (Alias name: inspection-mode) Inspection mode. type: str choices: [proxy, flow] more...
- ippool Ippool. type: str choices: [disable, enable] more...
- ips_sensor (Alias name: ips-sensor) Ips sensor. type: list or str more...
- label Label. type: str more...
- logtraffic Logtraffic. type: str choices: [disable, enable, all, utm] more...
- logtraffic_start (Alias name: logtraffic-start) Logtraffic start. type: str choices: [disable, enable] more...
- mms_profile (Alias name: mms-profile) Mms profile. type: list or str more...
- name Name. type: str more...
- nat Nat. type: str choices: [disable, enable] more...
- natinbound Natinbound. type: str choices: [disable, enable] more...
- natoutbound Natoutbound. type: str choices: [disable, enable] more...
- np_accelation (Alias name: np-accelation) Np accelation. type: str choices: [disable, enable] more...
- np_acceleration (Alias name: np-acceleration) Np acceleration. type: str choices: [disable, enable] more...
- outbound Outbound. type: str choices: [disable, enable] more...
- per_ip_shaper (Alias name: per-ip-shaper) Per ip shaper. type: list or str more...
- policyid Policyid. type: int more...
- poolname Poolname. type: list or str more...
- profile_group (Alias name: profile-group) Profile group. type: list or str more...
- profile_protocol_options (Alias name: profile-protocol-options) Profile protocol options. type: list or str more...
- profile_type (Alias name: profile-type) Profile type. type: str choices: [single, group] more...
- replacemsg_group (Alias name: replacemsg-group) Replacemsg group. type: list or str more...
- replacemsg_override_group (Alias name: replacemsg-override-group) Replacemsg override group. type: list or str more...
- rsso Rsso. type: str choices: [disable, enable] more...
- schedule Schedule. type: list or str more...
- send_deny_packet (Alias name: send-deny-packet) Send deny packet. type: str choices: [disable, enable] more...
- service Service. type: list or str more...
- service_negate (Alias name: service-negate) Service negate. type: str choices: [disable, enable] more...
- session_ttl (Alias name: session-ttl) Session ttl. type: int or str more...
- spamfilter_profile (Alias name: spamfilter-profile) Spamfilter profile. type: list or str more...
- srcaddr Srcaddr. type: list or str more...
- srcaddr_negate (Alias name: srcaddr-negate) Srcaddr negate. type: str choices: [disable, enable] more...
- srcintf Srcintf. type: list or str more...
- ssh_filter_profile (Alias name: ssh-filter-profile) Ssh filter profile. type: list or str more...
- ssh_policy_redirect (Alias name: ssh-policy-redirect) Ssh policy redirect. type: str choices: [disable, enable] more...
- ssl_mirror (Alias name: ssl-mirror) Ssl mirror. type: str choices: [disable, enable] more...
- ssl_mirror_intf (Alias name: ssl-mirror-intf) Ssl mirror intf. type: list or str more...
- ssl_ssh_profile (Alias name: ssl-ssh-profile) Ssl ssh profile. type: list or str more...
- sslvpn_auth (Alias name: sslvpn-auth) Sslvpn auth. type: str choices: [any, local, radius, ldap, tacacs+] more...
- sslvpn_ccert (Alias name: sslvpn-ccert) Sslvpn ccert. type: str choices: [disable, enable] more...
- sslvpn_cipher (Alias name: sslvpn-cipher) Sslvpn cipher. type: str choices: [any, high, medium] more...
- status Status. type: str choices: [disable, enable] more...
- tags Tags. type: list or str more...
- tcp_mss_receiver (Alias name: tcp-mss-receiver) Tcp mss receiver. type: int more...
- tcp_mss_sender (Alias name: tcp-mss-sender) Tcp mss sender. type: int more...
- tcp_session_without_syn (Alias name: tcp-session-without-syn) Tcp session without syn. type: str choices: [all, data-only, disable] more...
- timeout_send_rst (Alias name: timeout-send-rst) Timeout send rst. type: str choices: [disable, enable] more...
- tos Tos. type: str more...
- tos_mask (Alias name: tos-mask) Tos mask. type: str more...
- tos_negate (Alias name: tos-negate) Tos negate. type: str choices: [disable, enable] more...
- traffic_shaper (Alias name: traffic-shaper) Traffic shaper. type: list or str more...
- traffic_shaper_reverse (Alias name: traffic-shaper-reverse) Traffic shaper reverse. type: list or str more...
- url_category (Alias name: url-category) Url category. type: list or str more...
- users Users. type: list or str more...
- utm_inspection_mode (Alias name: utm-inspection-mode) Utm inspection mode. type: str choices: [proxy, flow] more...
- utm_status (Alias name: utm-status) Utm status. type: str choices: [disable, enable] more...
- uuid Uuid. type: str more...
- vlan_cos_fwd (Alias name: vlan-cos-fwd) Vlan cos fwd. type: int more...
- vlan_cos_rev (Alias name: vlan-cos-rev) Vlan cos rev. type: int more...
- vlan_filter (Alias name: vlan-filter) Vlan filter. type: str more...
- voip_profile (Alias name: voip-profile) Voip profile. type: list or str more...
- vpntunnel Vpntunnel. type: list or str more...
- webfilter_profile (Alias name: webfilter-profile) Webfilter profile. type: list or str more...
- waf_profile (Alias name: waf-profile) Waf profile. type: list or str more...
- webcache Webcache. type: str choices: [disable, enable] more...
- webcache_https (Alias name: webcache-https) Webcache https. type: str choices: [disable, enable] more...
- webproxy_forward_server (Alias name: webproxy-forward-server) Webproxy forward server. type: list or str more...
- webproxy_profile (Alias name: webproxy-profile) Webproxy profile. type: list or str more...
- fsso_groups (Alias name: fsso-groups) Fsso groups. type: list or str more...
- decrypted_traffic_mirror (Alias name: decrypted-traffic-mirror) Decrypted traffic mirror. type: list or str more...
- file_filter_profile (Alias name: file-filter-profile) File filter profile. type: list or str more...
- cgn_log_server_grp (Alias name: cgn-log-server-grp) Np log server group name type: str more...
- policy_offload (Alias name: policy-offload) Enable/disable offloading policy configuration to cp processors. type: str choices: [disable, enable] more...
- _policy_block Assigned policy block. type: int more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 header policies.
fortinet.fortimanager.fmgr_pkg_header_policy6:
bypass_validation: false
pkg: ansible
state: present
pkg_header_policy6:
action: accept # <value in [deny, accept, ipsec, ...]>
comments: ansible-comment
dstaddr: gall
dstintf: any
name: ansible-test2-header
policyid: 1073741827 # must larger than 2^30(1074741824), since header/footer policy is a special policy
schedule: galways
service: gALL
srcaddr: gall
srcintf: any
status: enable
- name: Gathering fortimanager facts
hosts: fortimanagers
gather_facts: false
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Retrieve all the IPv6 header policies
fortinet.fortimanager.fmgr_fact:
facts:
selector: "pkg_header_policy6"
params:
pkg: "ansible"
policy6: "your_value"
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.