fmgr_pkg_firewall_policy6 – Configure IPv6 policies.¶

New in version 2.10.

Synopsis
Requirements
FortiManager Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis ¶

This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

FortiManager Version Compatibility ¶

	`6.0.0`	`6.2.1`	`6.2.3`	`6.2.5`	`6.4.0`
pkg_firewall_policy6	yes	yes	yes	yes	yes

Parameters ¶

enable_log - Enable/Disable logging for task type: bool required: false default: False
forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0 type: str required: false
proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters type: bool required: false default: False
workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom adom including root
workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
state - The directive to create, update or delete an object type: str required: true choices: present, absent
adom - The parameter in requested url type: str required: true
pkg - The parameter in requested url type: str required: true
pkg_firewall_policy6 - no description type: dict

action - Policy action (allow/deny/ipsec). type: str choices: [deny, accept, ipsec, ssl-vpn] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

action True True True True True False False False False
app-category - Application category ID list. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

app-category True True True True True False False False False
application - Application ID list. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

application True True True True True False False False False
application-list - Name of an existing Application list. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

application-list True True True True True False False False False
auto-asic-offload - Enable/disable policy traffic ASIC offloading. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

auto-asic-offload True True True True True False False False False
av-profile - Name of an existing Antivirus profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

av-profile True True True True True False False False False
comments - Comment. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

comments True True True True True False False False False
custom-log-fields - Log field index numbers to append custom log fields to log messages for this policy. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

custom-log-fields True True True True True False False False False
devices - Names of devices or device groups that can be matched by the policy. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

devices True False False False False False False False False
diffserv-forward - Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

diffserv-forward True True True True True False False False False
diffserv-reverse - Enable to change packets reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

diffserv-reverse True True True True True False False False False
diffservcode-forward - Change packets DiffServ to this value. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

diffservcode-forward True True True True True False False False False
diffservcode-rev - Change packets reverse (reply) DiffServ to this value. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

diffservcode-rev True True True True True False False False False
dlp-sensor - Name of an existing DLP sensor. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dlp-sensor True True True True True False False False False
dscp-match - Enable DSCP check. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dscp-match True False False False False False False False False
dscp-negate - Enable negated DSCP match. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dscp-negate True False False False False False False False False
dscp-value - DSCP value. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dscp-value True False False False False False False False False
dsri - Enable DSRI to ignore HTTP server responses. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dsri True True True True True False False False False
dstaddr - Destination address and address group names. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dstaddr True True True True True False False False False
dstaddr-negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dstaddr-negate True True True True True False False False False
dstintf - Outgoing (egress) interface. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dstintf True True True True True False False False False
firewall-session-dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: [check-all, check-new] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

firewall-session-dirty True True True True True False False False False
fixedport - Enable to prevent source NAT from changing a sessions source port. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

fixedport True True True True True False False False False
global-label - Label for the policy that appears when the GUI is in Global View mode. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

global-label True True True True True False False False False
groups - Names of user groups that can authenticate with this policy. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

groups True True True True True False False False False
icap-profile - Name of an existing ICAP profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

icap-profile True True True True True False False False False
inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

inbound True True True True True False False False False
ippool - Enable to use IP Pools for source NAT. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ippool True True True True True False False False False
ips-sensor - Name of an existing IPS sensor. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ips-sensor True True True True True False False False False
label - Label for the policy that appears when the GUI is in Section View mode. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

label True True True True True False False False False
logtraffic - Enable or disable logging. type: str choices: [disable, enable, all, utm] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

logtraffic True True True True True False False False False
logtraffic-start - Record logs when a session starts and ends. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

logtraffic-start True True True True True False False False False
mms-profile - Name of an existing MMS profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

mms-profile True True True True False False False False False
name - Policy name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

name True True True True True False False False False
nat - Enable/disable source NAT. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

nat True True True True True False False False False
natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

natinbound True True True True True False False False False
natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

natoutbound True True True True True False False False False
np-accelation - Enable/disable UTM Network Processor acceleration. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

np-accelation True False False False False False False False False
outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

outbound True True True True True False False False False
per-ip-shaper - Per-IP traffic shaper. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

per-ip-shaper True True True True True False False False False
policyid - Policy ID. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

policyid True True True True True False False False False
poolname - IP Pool names. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

poolname True True True True True False False False False
profile-group - Name of profile group. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

profile-group True True True True True False False False False
profile-protocol-options - Name of an existing Protocol options profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

profile-protocol-options True True True True True False False False False
profile-type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: [single, group] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

profile-type True True True True True False False False False
replacemsg-override-group - Override the default replacement message group for this policy. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

replacemsg-override-group True True True True True False False False False
rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

rsso True True True True False False False False False
schedule - Schedule name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

schedule True True True True True False False False False
send-deny-packet - Enable/disable return of deny-packet. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

send-deny-packet True True True True True False False False False
service - Service and service group names. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

service True True True True True False False False False
service-negate - When enabled service specifies what the service must NOT be. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

service-negate True True True True True False False False False
session-ttl - Session TTL in seconds for sessions accepted by this policy. type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

session-ttl True True True True True False False False False
spamfilter-profile - Name of an existing Spam filter profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

spamfilter-profile True False False False False False False False False
srcaddr - Source address and address group names. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

srcaddr True True True True True False False False False
srcaddr-negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

srcaddr-negate True True True True True False False False False
srcintf - Incoming (ingress) interface. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

srcintf True True True True True False False False False
ssl-mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ssl-mirror True True True True False False False False False
ssl-mirror-intf - SSL mirror interface name. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ssl-mirror-intf True True True True False False False False False
ssl-ssh-profile - Name of an existing SSL SSH profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ssl-ssh-profile True True True True True False False False False
status - Enable or disable this policy. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

status True True True True True False False False False
tags - Names of object-tags applied to this policy. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tags True False False False False False False False False
tcp-mss-receiver - Receiver TCP maximum segment size (MSS). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tcp-mss-receiver True True True True True False False False False
tcp-mss-sender - Sender TCP maximum segment size (MSS). type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tcp-mss-sender True True True True True False False False False
tcp-session-without-syn - Enable/disable creation of TCP session without SYN flag. type: str choices: [all, data-only, disable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tcp-session-without-syn True True True True True False False False False
timeout-send-rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

timeout-send-rst True True True True True False False False False
traffic-shaper - Reverse traffic shaper. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

traffic-shaper True True True True True False False False False
traffic-shaper-reverse - Reverse traffic shaper. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

traffic-shaper-reverse True True True True True False False False False
url-category - URL category ID list. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

url-category True True True True True False False False False
users - Names of individual users that can authenticate with this policy. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

users True True True True True False False False False
utm-status - Enable AV/web/ips protection profile. type: str choices: [disable, enable] more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

utm-status True True True True True False False False False
uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

uuid True True True True True False False False False
vlan-cos-fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vlan-cos-fwd True True True True True False False False False
vlan-cos-rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest type: int more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vlan-cos-rev True True True True True False False False False
voip-profile - Name of an existing VoIP profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

voip-profile True True True True True False False False False
vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vpntunnel True True True True True False False False False
webfilter-profile - Name of an existing Web filter profile. type: str more...

6.0.0 6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

webfilter-profile True True True True True False False False False
anti-replay - Enable/disable anti-replay check. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

anti-replay True True True True False False False False
app-group - Application group names. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

app-group True True True True False False False False
cifs-profile - Name of an existing CIFS profile. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

cifs-profile True True True True False False False False
dnsfilter-profile - Name of an existing DNS filter profile. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

dnsfilter-profile True True True True False False False False
emailfilter-profile - Name of an existing email filter profile. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

emailfilter-profile True True True True False False False False
http-policy-redirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

http-policy-redirect True True True True False False False False
inspection-mode - Policy inspection mode (Flow/proxy). type: str choices: [proxy, flow] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

inspection-mode True True True True False False False False
np-acceleration - Enable/disable UTM Network Processor acceleration. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

np-acceleration True True True True False False False False
ssh-filter-profile - Name of an existing SSH filter profile. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ssh-filter-profile True True True True False False False False
ssh-policy-redirect - Redirect SSH traffic to matching transparent proxy policy. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

ssh-policy-redirect True True True True False False False False
tos - ToS (Type of Service) value used for comparison. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tos True True True True False False False False
tos-mask - Non-zero bit positions are used for comparison while zero bit positions are ignored. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tos-mask True True True True False False False False
tos-negate - Enable negated TOS match. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

tos-negate True True True True False False False False
vlan-filter - Set VLAN filters. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

vlan-filter True True True True False False False False
waf-profile - Name of an existing Web application firewall profile. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

waf-profile True True True True False False False False
webcache - Enable/disable web cache. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

webcache True True True True False False False False
webcache-https - Enable/disable web cache for HTTPS. type: str choices: [disable, enable] more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

webcache-https True True True True False False False False
webproxy-forward-server - Web proxy forward server name. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

webproxy-forward-server True True True True False False False False
webproxy-profile - Webproxy profile name. type: str more...

6.2.1 6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

webproxy-profile True True True True False False False False
fsso-groups - Names of FSSO groups. type: str more...

6.2.3 6.2.5 6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

fsso-groups True True True False False False False
decrypted-traffic-mirror - Decrypted traffic mirror. type: str more...

6.4.0 6.4.2 6.4.5 7.0.0 7.2.0

decrypted-traffic-mirror True False False False False

Notes ¶

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples ¶

- name: gathering fortimanager facts
  hosts: fortimanager00
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortimanager
  vars:
    ansible_httpapi_use_ssl: True
    ansible_httpapi_validate_certs: False
    ansible_httpapi_port: 443
  tasks:
   - name: retrieve all the IPv6 policies
     fmgr_fact:
       facts:
           selector: 'pkg_firewall_policy6'
           params:
               adom: 'ansible'
               pkg: 'ansible' # package name
               policy6: 'your_value'
- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure IPv6 policies.
     fmgr_pkg_firewall_policy6:
        bypass_validation: False
        adom: ansible
        pkg: ansible # package name
        state: present
        pkg_firewall_policy6:
           action: accept #<value in [deny, accept, ipsec, ...]>
           comments: ansible-comment
           dstaddr: all
           dstintf: any
           name: ansible-test-policy6
           nat: disable
           policyid: 1
           schedule: always
           service: ALL
           srcaddr: all
           srcintf: any
           status: disable

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

request_url - The full url requested returned: always type: str sample: /sys/login/user
response_code - The status of api request returned: always type: int sample: 0
response_message - The descriptive message of the api response returned: always type: str sample: OK
response_data - The data body of the api response returned: optional type: list or dict

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.