fmgr_pkg_header_policy6 – Configure IPv6 policies.

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

  • Argument name before 3.0.0: var-name, var name, var.name

  • New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • Tested with FortiManager v7.x.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

  • access_token -The token to access FortiManager without using username and password. type: str required: false
  • bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
  • proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
  • state - The directive to create, update or delete an object type: str required: true choices: present, absent
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
  • pkg - The parameter in requested url type: str required: true
  • pkg_header_policy6 - Configure IPv6 policies. type: dict
    • action Action. type: str choices: [deny, accept, ipsec, ssl-vpn] more...
    • anti_replay (Alias name: anti-replay) Anti replay. type: str choices: [disable, enable] more...
    • app_category (Alias name: app-category) App category. type: list or str more...
    • app_group (Alias name: app-group) App group. type: list or str more...
    • application Application. type: list more...
    • application_charts (Alias name: application-charts) Application charts. type: list choices: [top10-app, top10-p2p-user, top10-media-user] more...
    • application_list (Alias name: application-list) Application list. type: list or str more...
    • auto_asic_offload (Alias name: auto-asic-offload) Auto asic offload. type: str choices: [disable, enable] more...
    • av_profile (Alias name: av-profile) Av profile. type: list or str more...
    • casi_profile (Alias name: casi-profile) Casi profile. type: list or str more...
    • cifs_profile (Alias name: cifs-profile) Cifs profile. type: list or str more...
    • comments Comments. type: str more...
    • custom_log_fields (Alias name: custom-log-fields) Custom log fields. type: list or str more...
    • deep_inspection_options (Alias name: deep-inspection-options) Deep inspection options. type: list or str more...
    • device_detection_portal (Alias name: device-detection-portal) Device detection portal. type: str choices: [disable, enable] more...
    • devices Devices. type: list or str more...
    • diffserv_forward (Alias name: diffserv-forward) Diffserv forward. type: str choices: [disable, enable] more...
    • diffserv_reverse (Alias name: diffserv-reverse) Diffserv reverse. type: str choices: [disable, enable] more...
    • diffservcode_forward (Alias name: diffservcode-forward) Diffservcode forward. type: str more...
    • diffservcode_rev (Alias name: diffservcode-rev) Diffservcode rev. type: str more...
    • dlp_sensor (Alias name: dlp-sensor) Dlp sensor. type: list or str more...
    • dnsfilter_profile (Alias name: dnsfilter-profile) Dnsfilter profile. type: list or str more...
    • dscp_match (Alias name: dscp-match) Dscp match. type: str choices: [disable, enable] more...
    • dscp_negate (Alias name: dscp-negate) Dscp negate. type: str choices: [disable, enable] more...
    • dscp_value (Alias name: dscp-value) Dscp value. type: str more...
    • dsri Dsri. type: str choices: [disable, enable] more...
    • dstaddr Dstaddr. type: list or str more...
    • dstaddr_negate (Alias name: dstaddr-negate) Dstaddr negate. type: str choices: [disable, enable] more...
    • dstintf Dstintf. type: list or str more...
    • dynamic_profile (Alias name: dynamic-profile) Dynamic profile. type: str choices: [disable, enable] more...
    • dynamic_profile_access (Alias name: dynamic-profile-access) Dynamic profile access. type: list choices: [imap, smtp, pop3, http, ftp, im, nntp, imaps, smtps, pop3s, https, ftps] more...
    • dynamic_profile_group (Alias name: dynamic-profile-group) Dynamic profile group. type: list or str more...
    • email_collection_portal (Alias name: email-collection-portal) Email collection portal. type: str choices: [disable, enable] more...
    • emailfilter_profile (Alias name: emailfilter-profile) Emailfilter profile. type: list or str more...
    • firewall_session_dirty (Alias name: firewall-session-dirty) Firewall session dirty. type: str choices: [check-all, check-new] more...
    • fixedport Fixedport. type: str choices: [disable, enable] more...
    • fsae Fsae. type: str choices: [disable, enable] more...
    • global_label (Alias name: global-label) Global label. type: str more...
    • groups Groups. type: list or str more...
    • http_policy_redirect (Alias name: http-policy-redirect) Http policy redirect. type: str choices: [disable, enable] more...
    • icap_profile (Alias name: icap-profile) Icap profile. type: list or str more...
    • identity_based (Alias name: identity-based) Identity based. type: str choices: [disable, enable] more...
    • identity_based_policy6 (Alias name: identity-based-policy6) Identity based policy6. type: list more...
      • action Action. type: str choices: [deny, accept] more...
      • application_list (Alias name: application-list) Application list. type: str more...
      • av_profile (Alias name: av-profile) Av profile. type: str more...
      • deep_inspection_options (Alias name: deep-inspection-options) Deep inspection options. type: str more...
      • devices Devices. type: str more...
      • dlp_sensor (Alias name: dlp-sensor) Dlp sensor. type: str more...
      • endpoint_compliance (Alias name: endpoint-compliance) Endpoint compliance. type: str choices: [disable, enable] more...
      • groups Groups. type: str more...
      • icap_profile (Alias name: icap-profile) Icap profile. type: str more...
      • id Id. type: int more...
      • ips_sensor (Alias name: ips-sensor) Ips sensor. type: str more...
      • logtraffic Logtraffic. type: str choices: [disable, enable, all, utm] more...
      • mms_profile (Alias name: mms-profile) Mms profile. type: str more...
      • per_ip_shaper (Alias name: per-ip-shaper) Per ip shaper. type: str more...
      • profile_group (Alias name: profile-group) Profile group. type: str more...
      • profile_protocol_options (Alias name: profile-protocol-options) Profile protocol options. type: str more...
      • profile_type (Alias name: profile-type) Profile type. type: str choices: [single, group] more...
      • replacemsg_group (Alias name: replacemsg-group) Replacemsg group. type: str more...
      • schedule Schedule. type: str more...
      • send_deny_packet (Alias name: send-deny-packet) Send deny packet. type: str choices: [disable, enable] more...
      • service Service. type: str more...
      • service_negate (Alias name: service-negate) Service negate. type: str choices: [disable, enable] more...
      • spamfilter_profile (Alias name: spamfilter-profile) Spamfilter profile. type: str more...
      • sslvpn_portal (Alias name: sslvpn-portal) Sslvpn portal. type: str more...
      • sslvpn_realm (Alias name: sslvpn-realm) Sslvpn realm. type: str more...
      • traffic_shaper (Alias name: traffic-shaper) Traffic shaper. type: str more...
      • traffic_shaper_reverse (Alias name: traffic-shaper-reverse) Traffic shaper reverse. type: str more...
      • utm_status (Alias name: utm-status) Utm status. type: str choices: [disable, enable] more...
      • voip_profile (Alias name: voip-profile) Voip profile. type: str more...
      • webfilter_profile (Alias name: webfilter-profile) Webfilter profile. type: str more...
    • identity_from (Alias name: identity-from) Identity from. type: str choices: [auth, device] more...
    • inbound Inbound. type: str choices: [disable, enable] more...
    • inspection_mode (Alias name: inspection-mode) Inspection mode. type: str choices: [proxy, flow] more...
    • ippool Ippool. type: str choices: [disable, enable] more...
    • ips_sensor (Alias name: ips-sensor) Ips sensor. type: list or str more...
    • label Label. type: str more...
    • logtraffic Logtraffic. type: str choices: [disable, enable, all, utm] more...
    • logtraffic_start (Alias name: logtraffic-start) Logtraffic start. type: str choices: [disable, enable] more...
    • mms_profile (Alias name: mms-profile) Mms profile. type: list or str more...
    • name Name. type: str more...
    • nat Nat. type: str choices: [disable, enable] more...
    • natinbound Natinbound. type: str choices: [disable, enable] more...
    • natoutbound Natoutbound. type: str choices: [disable, enable] more...
    • np_accelation (Alias name: np-accelation) Np accelation. type: str choices: [disable, enable] more...
    • np_acceleration (Alias name: np-acceleration) Np acceleration. type: str choices: [disable, enable] more...
    • outbound Outbound. type: str choices: [disable, enable] more...
    • per_ip_shaper (Alias name: per-ip-shaper) Per ip shaper. type: list or str more...
    • policyid Policyid. type: int more...
    • poolname Poolname. type: list or str more...
    • profile_group (Alias name: profile-group) Profile group. type: list or str more...
    • profile_protocol_options (Alias name: profile-protocol-options) Profile protocol options. type: list or str more...
    • profile_type (Alias name: profile-type) Profile type. type: str choices: [single, group] more...
    • replacemsg_group (Alias name: replacemsg-group) Replacemsg group. type: list or str more...
    • replacemsg_override_group (Alias name: replacemsg-override-group) Replacemsg override group. type: list or str more...
    • rsso Rsso. type: str choices: [disable, enable] more...
    • schedule Schedule. type: list or str more...
    • send_deny_packet (Alias name: send-deny-packet) Send deny packet. type: str choices: [disable, enable] more...
    • service Service. type: list or str more...
    • service_negate (Alias name: service-negate) Service negate. type: str choices: [disable, enable] more...
    • session_ttl (Alias name: session-ttl) Session ttl. type: int or str more...
    • spamfilter_profile (Alias name: spamfilter-profile) Spamfilter profile. type: list or str more...
    • srcaddr Srcaddr. type: list or str more...
    • srcaddr_negate (Alias name: srcaddr-negate) Srcaddr negate. type: str choices: [disable, enable] more...
    • srcintf Srcintf. type: list or str more...
    • ssh_filter_profile (Alias name: ssh-filter-profile) Ssh filter profile. type: list or str more...
    • ssh_policy_redirect (Alias name: ssh-policy-redirect) Ssh policy redirect. type: str choices: [disable, enable] more...
    • ssl_mirror (Alias name: ssl-mirror) Ssl mirror. type: str choices: [disable, enable] more...
    • ssl_mirror_intf (Alias name: ssl-mirror-intf) Ssl mirror intf. type: list or str more...
    • ssl_ssh_profile (Alias name: ssl-ssh-profile) Ssl ssh profile. type: list or str more...
    • sslvpn_auth (Alias name: sslvpn-auth) Sslvpn auth. type: str choices: [any, local, radius, ldap, tacacs+] more...
    • sslvpn_ccert (Alias name: sslvpn-ccert) Sslvpn ccert. type: str choices: [disable, enable] more...
    • sslvpn_cipher (Alias name: sslvpn-cipher) Sslvpn cipher. type: str choices: [any, high, medium] more...
    • status Status. type: str choices: [disable, enable] more...
    • tags Tags. type: list or str more...
    • tcp_mss_receiver (Alias name: tcp-mss-receiver) Tcp mss receiver. type: int more...
    • tcp_mss_sender (Alias name: tcp-mss-sender) Tcp mss sender. type: int more...
    • tcp_session_without_syn (Alias name: tcp-session-without-syn) Tcp session without syn. type: str choices: [all, data-only, disable] more...
    • timeout_send_rst (Alias name: timeout-send-rst) Timeout send rst. type: str choices: [disable, enable] more...
    • tos Tos. type: str more...
    • tos_mask (Alias name: tos-mask) Tos mask. type: str more...
    • tos_negate (Alias name: tos-negate) Tos negate. type: str choices: [disable, enable] more...
    • traffic_shaper (Alias name: traffic-shaper) Traffic shaper. type: list or str more...
    • traffic_shaper_reverse (Alias name: traffic-shaper-reverse) Traffic shaper reverse. type: list or str more...
    • url_category (Alias name: url-category) Url category. type: list or str more...
    • users Users. type: list or str more...
    • utm_inspection_mode (Alias name: utm-inspection-mode) Utm inspection mode. type: str choices: [proxy, flow] more...
    • utm_status (Alias name: utm-status) Utm status. type: str choices: [disable, enable] more...
    • uuid Uuid. type: str more...
    • vlan_cos_fwd (Alias name: vlan-cos-fwd) Vlan cos fwd. type: int more...
    • vlan_cos_rev (Alias name: vlan-cos-rev) Vlan cos rev. type: int more...
    • vlan_filter (Alias name: vlan-filter) Vlan filter. type: str more...
    • voip_profile (Alias name: voip-profile) Voip profile. type: list or str more...
    • vpntunnel Vpntunnel. type: list or str more...
    • webfilter_profile (Alias name: webfilter-profile) Webfilter profile. type: list or str more...
    • waf_profile (Alias name: waf-profile) Waf profile. type: list or str more...
    • webcache Webcache. type: str choices: [disable, enable] more...
    • webcache_https (Alias name: webcache-https) Webcache https. type: str choices: [disable, enable] more...
    • webproxy_forward_server (Alias name: webproxy-forward-server) Webproxy forward server. type: list or str more...
    • webproxy_profile (Alias name: webproxy-profile) Webproxy profile. type: list or str more...
    • fsso_groups (Alias name: fsso-groups) Fsso groups. type: list or str more...
    • decrypted_traffic_mirror (Alias name: decrypted-traffic-mirror) Decrypted traffic mirror. type: list or str more...
    • file_filter_profile (Alias name: file-filter-profile) File filter profile. type: list or str more...
    • cgn_log_server_grp (Alias name: cgn-log-server-grp) Np log server group name type: str more...
    • policy_offload (Alias name: policy-offload) Enable/disable offloading policy configuration to cp processors. type: str choices: [disable, enable] more...
    • _policy_block Assigned policy block. type: int more...

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state: present directive.

  • To delete an object, use state: absent directive

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure IPv6 header policies.
      fortinet.fortimanager.fmgr_pkg_header_policy6:
        bypass_validation: false
        pkg: ansible
        state: present
        pkg_header_policy6:
          action: accept # <value in [deny, accept, ipsec, ...]>
          comments: ansible-comment
          dstaddr: gall
          dstintf: any
          name: ansible-test2-header
          policyid: 1073741827 # must larger than 2^30(1074741824), since header/footer policy is a special policy
          schedule: galways
          service: gALL
          srcaddr: gall
          srcintf: any
          status: enable

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the IPv6 header policies
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "pkg_header_policy6"
          params:
            pkg: "ansible"
            policy6: "your_value"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)