fmgr_waf_profile – Web application firewall configuration.

Added in version 1.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

• Argument name before 3.0.0: var-name, var name, var.name

• New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values need to be adjusted to data sources before usage.

• Tested with FortiManager v6.x and v7.x.

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

• access_token -The token to access FortiManager without using username and password. type: str required: false
• bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
• enable_log - Enable/Disable logging for task. type: bool required: false default: False
• forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
• proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
• rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
• rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
• state - The directive to create, update or delete an object type: str required: true choices: present, absent
• workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
• workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
• adom - The parameter in requested url type: str required: true
• waf_profile - Web application firewall configuration. type: dict
• comment Comment. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• extended_log (Alias name: extended-log) Enable/disable extended logging. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• external Disable/enable external http inspection. type: str choices: [disable, enable] more...

  Supported Version Ranges: v6.0.0 -> latest

• name Waf profile name. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• url_access (Alias name: url-access) Url-access. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • access_pattern (Alias name: access-pattern) Access-pattern. type: list more...

    Supported Version Ranges: v6.0.0 -> latest

    • id Url access pattern id. type: int more...

      Supported Version Ranges: v6.0.0 -> latest

    • negate Enable/disable match negation. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.0.0 -> latest

    • pattern Url pattern. type: str more...

      Supported Version Ranges: v6.0.0 -> latest

    • regex Enable/disable regular expression based pattern match. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.0.0 -> latest

    • srcaddr Source address. type: str more...

      Supported Version Ranges: v6.0.0 -> latest

  • action Action. type: str choices: [bypass, permit, block] more...

    Supported Version Ranges: v6.0.0 -> latest

  • address Host address. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • id Url access id. type: int more...

    Supported Version Ranges: v6.0.0 -> latest

  • log Enable/disable logging. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.0.0 -> latest

  • severity Severity. type: str choices: [low, medium, high] more...

    Supported Version Ranges: v6.0.0 -> latest

• address_list (Alias name: address-list) type: dict
  • blocked_address (Alias name: blocked-address) Blocked address. type: list or str more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • blocked_log (Alias name: blocked-log) Enable/disable logging on blocked addresses. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • severity Severity. type: str choices: [low, medium, high] more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • status Status. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • trusted_address (Alias name: trusted-address) Trusted address. type: list or str more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

• constraint type: dict
  • content_length (Alias name: content-length) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • length Length of http content in bytes (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • exception Exception. type: list more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • address Host address. type: str more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • content_length (Alias name: content-length) Http content length in request. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • header_length (Alias name: header-length) Http header length in request. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • hostname Enable/disable hostname check. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • id Exception id. type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • line_length (Alias name: line-length) Http line length in request. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • malformed Enable/disable malformed http request check. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_cookie (Alias name: max-cookie) Maximum number of cookies in http request. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_header_line (Alias name: max-header-line) Maximum number of http header line. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_range_segment (Alias name: max-range-segment) Maximum number of range segments in http range line. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_url_param (Alias name: max-url-param) Maximum number of parameters in url. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • method Enable/disable http method check. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • param_length (Alias name: param-length) Maximum length of parameter in url, http post request or http body. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • pattern Url pattern. type: str more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • regex Enable/disable regular expression based pattern match. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • url_param_length (Alias name: url-param-length) Maximum length of parameter in url. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • version Enable/disable http version check. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • header_length (Alias name: header-length) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • length Length of http header in bytes (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • hostname type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • line_length (Alias name: line-length) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • length Length of http line in bytes (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • malformed type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • max_cookie (Alias name: max-cookie) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_cookie (Alias name: max-cookie) Maximum number of cookies in http request (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • max_header_line (Alias name: max-header-line) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_header_line (Alias name: max-header-line) Maximum number http header lines (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • max_range_segment (Alias name: max-range-segment) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_range_segment (Alias name: max-range-segment) Maximum number of range segments in http range line (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • max_url_param (Alias name: max-url-param) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • max_url_param (Alias name: max-url-param) Maximum number of parameters in url (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • method type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • param_length (Alias name: param-length) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • length Maximum length of parameter in url, http post request or http body in bytes (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • url_param_length (Alias name: url-param-length) type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • length Maximum length of url parameter in bytes (0 to 2147483647). type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • version type: dict
    • action Action. type: str choices: [allow, block] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Enable/disable the constraint. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

• method type: dict
  • default_allowed_methods (Alias name: default-allowed-methods) Methods. type: list choices: [delete, get, head, options, post, put, trace, others, connect] more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • log Enable/disable logging. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • method_policy (Alias name: method-policy) Method-policy. type: list more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • address Host address. type: str more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • allowed_methods (Alias name: allowed-methods) Allowed methods. type: list choices: [delete, get, head, options, post, put, trace, others, connect] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • id Http method policy id. type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • pattern Url pattern. type: str more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • regex Enable/disable regular expression based pattern match. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • severity Severity. type: str choices: [low, medium, high] more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • status Status. type: str choices: [disable, enable] more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

• signature type: dict
  • credit_card_detection_threshold (Alias name: credit-card-detection-threshold) The minimum number of credit cards to detect violation. type: int more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • custom_signature (Alias name: custom-signature) Custom-signature. type: list more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • action Action. type: str choices: [allow, block, erase] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • case_sensitivity (Alias name: case-sensitivity) Case sensitivity in pattern. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • direction Traffic direction. type: str choices: [request, response] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • name Signature name. type: str more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • pattern Match pattern. type: str more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Status. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • target Match http target. type: list choices: [arg, arg-name, req-body, req-cookie, req-cookie-name, req-filename, req-header, req-header-name, req-raw-uri, req-uri, resp-body, resp-hdr, resp-status] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • disabled_signature (Alias name: disabled-signature) Disabled signatures type: list or str more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • disabled_sub_class (Alias name: disabled-sub-class) Disabled signature subclasses. type: list or str more...

    Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

  • main_class (Alias name: main-class) type: dict
    • action Action. type: str choices: [allow, block, erase] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • id Main signature class id. type: int more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • log Enable/disable logging. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • severity Severity. type: str choices: [low, medium, high] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

    • status Status. type: str choices: [disable, enable] more...

      Supported Version Ranges: v6.2.8 -> v6.2.12, v6.4.5 -> latest

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state: present directive.

• To delete an object, use state: absent directive

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Web application firewall configuration.
      fortinet.fortimanager.fmgr_waf_profile:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        waf_profile:
          comment: <string>
          extended_log: <value in [disable, enable]>
          external: <value in [disable, enable]>
          name: <string>
          url_access:
            -
              access_pattern:
                -
                  id: <integer>
                  negate: <value in [disable, enable]>
                  pattern: <string>
                  regex: <value in [disable, enable]>
                  srcaddr: <string>
              action: <value in [bypass, permit, block]>
              address: <string>
              id: <integer>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
          address_list:
            blocked_address: <list or string>
            blocked_log: <value in [disable, enable]>
            severity: <value in [low, medium, high]>
            status: <value in [disable, enable]>
            trusted_address: <list or string>
          constraint:
            content_length:
              action: <value in [allow, block]>
              length: <integer>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            exception:
              -
                address: <string>
                content_length: <value in [disable, enable]>
                header_length: <value in [disable, enable]>
                hostname: <value in [disable, enable]>
                id: <integer>
                line_length: <value in [disable, enable]>
                malformed: <value in [disable, enable]>
                max_cookie: <value in [disable, enable]>
                max_header_line: <value in [disable, enable]>
                max_range_segment: <value in [disable, enable]>
                max_url_param: <value in [disable, enable]>
                method: <value in [disable, enable]>
                param_length: <value in [disable, enable]>
                pattern: <string>
                regex: <value in [disable, enable]>
                url_param_length: <value in [disable, enable]>
                version: <value in [disable, enable]>
            header_length:
              action: <value in [allow, block]>
              length: <integer>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            hostname:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            line_length:
              action: <value in [allow, block]>
              length: <integer>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            malformed:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            max_cookie:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              max_cookie: <integer>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            max_header_line:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              max_header_line: <integer>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            max_range_segment:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              max_range_segment: <integer>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            max_url_param:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              max_url_param: <integer>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            method:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            param_length:
              action: <value in [allow, block]>
              length: <integer>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            url_param_length:
              action: <value in [allow, block]>
              length: <integer>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
            version:
              action: <value in [allow, block]>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>
          method:
            default_allowed_methods:
              - delete
              - get
              - head
              - options
              - post
              - put
              - trace
              - others
              - connect
            log: <value in [disable, enable]>
            method_policy:
              -
                address: <string>
                allowed_methods:
                  - delete
                  - get
                  - head
                  - options
                  - post
                  - put
                  - trace
                  - others
                  - connect
                id: <integer>
                pattern: <string>
                regex: <value in [disable, enable]>
            severity: <value in [low, medium, high]>
            status: <value in [disable, enable]>
          signature:
            credit_card_detection_threshold: <integer>
            custom_signature:
              -
                action: <value in [allow, block, erase]>
                case_sensitivity: <value in [disable, enable]>
                direction: <value in [request, response]>
                log: <value in [disable, enable]>
                name: <string>
                pattern: <string>
                severity: <value in [low, medium, high]>
                status: <value in [disable, enable]>
                target:
                  - arg
                  - arg-name
                  - req-body
                  - req-cookie
                  - req-cookie-name
                  - req-filename
                  - req-header
                  - req-header-name
                  - req-raw-uri
                  - req-uri
                  - resp-body
                  - resp-hdr
                  - resp-status
            disabled_signature: <list or string>
            disabled_sub_class: <list or string>
            main_class:
              action: <value in [allow, block, erase]>
              id: <integer>
              log: <value in [disable, enable]>
              severity: <value in [low, medium, high]>
              status: <value in [disable, enable]>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• meta - The result of the request.returned: always type: dict
• request_url - The full url requested. returned: always type: str sample: /sys/login/user
• response_code - The status of api request. returned: always type: int sample: 0
• response_data - The data body of the api response. returned: optional type: list or dict
• response_message - The descriptive message of the api response. returned: always type: str sample: OK
• system_information - The information of the target system. returned: always type: dict
• rc - The status the request. returned: always type: int sample: 0
• version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)