fmgr_antivirus_profile_contentdisarm – AV Content Disarm and Reconstruction settings.

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

• Argument name before 3.0.0: var-name, var name, var.name

• New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values need to be adjusted to data sources before usage.

• Tested with FortiManager v6.x and v7.x.

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

• access_token -The token to access FortiManager without using username and password. type: str required: false
• bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
• enable_log - Enable/Disable logging for task. type: bool required: false default: False
• forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
• proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
• rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
• rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
• workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
• workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
• adom - The parameter in requested url type: str required: true
• profile - The parameter in requested url type: str required: true
• antivirus_profile_contentdisarm - AV Content Disarm and Reconstruction settings. type: dict
• cover_page (Alias name: cover-page) Enable/disable inserting a cover page into the disarmed document. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• detect_only (Alias name: detect-only) Enable/disable only detect disarmable files, do not alter content. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• office_embed (Alias name: office-embed) Enable/disable stripping of embedded objects in microsoft office documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• office_hylink (Alias name: office-hylink) Enable/disable stripping of hyperlinks in microsoft office documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• office_linked (Alias name: office-linked) Enable/disable stripping of linked objects in microsoft office documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• office_macro (Alias name: office-macro) Enable/disable stripping of macros in microsoft office documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• original_file_destination (Alias name: original-file-destination) Destination to send original file if active content is removed. type: str choices: [fortisandbox, quarantine, discard] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_act_form (Alias name: pdf-act-form) Enable/disable stripping of actions that submit data to other targets in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_act_gotor (Alias name: pdf-act-gotor) Enable/disable stripping of links to other pdfs in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_act_java (Alias name: pdf-act-java) Enable/disable stripping of actions that execute javascript code in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_act_launch (Alias name: pdf-act-launch) Enable/disable stripping of links to external applications in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_act_movie (Alias name: pdf-act-movie) Enable/disable stripping of embedded movies in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_act_sound (Alias name: pdf-act-sound) Enable/disable stripping of embedded sound files in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_embedfile (Alias name: pdf-embedfile) Enable/disable stripping of embedded files in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_hyperlink (Alias name: pdf-hyperlink) Enable/disable stripping of hyperlinks from pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• pdf_javacode (Alias name: pdf-javacode) Enable/disable stripping of javascript code in pdf documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• office_action (Alias name: office-action) Enable/disable stripping of powerpoint action events in microsoft office documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.2.0 -> latest

• office_dde (Alias name: office-dde) Enable/disable stripping of dynamic data exchange events in microsoft office documents. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.2.0 -> latest

• error_action (Alias name: error-action) Action to be taken if cdr engine encounters an unrecoverable error. type: str choices: [block, log-only, ignore] more...

  Supported Version Ranges: v6.4.2 -> latest

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state: present directive.

• To delete an object, use state: absent directive

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: AV Content Disarm and Reconstruction settings.
      fortinet.fortimanager.fmgr_antivirus_profile_contentdisarm:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        profile: <your own value>
        antivirus_profile_contentdisarm:
          cover_page: <value in [disable, enable]>
          detect_only: <value in [disable, enable]>
          office_embed: <value in [disable, enable]>
          office_hylink: <value in [disable, enable]>
          office_linked: <value in [disable, enable]>
          office_macro: <value in [disable, enable]>
          original_file_destination: <value in [fortisandbox, quarantine, discard]>
          pdf_act_form: <value in [disable, enable]>
          pdf_act_gotor: <value in [disable, enable]>
          pdf_act_java: <value in [disable, enable]>
          pdf_act_launch: <value in [disable, enable]>
          pdf_act_movie: <value in [disable, enable]>
          pdf_act_sound: <value in [disable, enable]>
          pdf_embedfile: <value in [disable, enable]>
          pdf_hyperlink: <value in [disable, enable]>
          pdf_javacode: <value in [disable, enable]>
          office_action: <value in [disable, enable]>
          office_dde: <value in [disable, enable]>
          error_action: <value in [block, log-only, ignore]>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• meta - The result of the request.returned: always type: dict
• request_url - The full url requested. returned: always type: str sample: /sys/login/user
• response_code - The status of api request. returned: always type: int sample: 0
• response_data - The data body of the api response. returned: optional type: list or dict
• response_message - The descriptive message of the api response. returned: always type: str sample: OK
• system_information - The information of the target system. returned: always type: dict
• rc - The status the request. returned: always type: int sample: 0
• version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)