fmgr_move – Reorder Two Objects.

Added in version 2.0.0.

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • Tested with FortiManager v6.x and v7.x.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.15.0

Parameters

  • access_token -The token to access FortiManager without using username and password. type: str required: false
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
  • move - Reorder Two Objects. type: dict
    • action - Direction to indicate where to move an object entry. type: str required: true choices: before, after
    • selector - Selector of the moved object. type: str choices:

      • apcfgprofile_commandlist - available versions: v6.4.6->latest
      • application_casi_profile_entries - available versions: v6.2.0->v6.2.12
      • application_list_defaultnetworkservices - available versions: v6.2.0->latest
      • application_list_entries - available versions: v6.0.0->latest
      • application_list_entries_parameters - available versions: v6.0.0->latest
      • bonjourprofile_policylist - available versions: v6.0.0->latest
      • casb_profile - available versions: v7.4.1->latest
      • casb_saasapplication - available versions: v7.4.1->latest
      • casb_useractivity - available versions: v7.4.1->latest
      • cifs_profile_filefilter_entries - available versions: v6.2.0->latest
      • dlp_dictionary_entries - available versions: v7.2.0->latest
      • dlp_filepattern_entries - available versions: v6.0.0->latest
      • dlp_profile_rule - available versions: v7.2.0->latest
      • dlp_sensor_entries - available versions: v7.2.0->latest
      • dlp_sensor_filter - available versions: v6.0.0->latest
      • dnsfilter_domainfilter_entries - available versions: v6.0.0->latest
      • dnsfilter_urlfilter_entries - available versions: v6.2.0->v6.2.12
      • emailfilter_blockallowlist_entries - available versions: v7.0.0->latest
      • emailfilter_bwl_entries - available versions: v6.2.0->latest
      • emailfilter_bword_entries - available versions: v6.2.0->latest
      • emailfilter_profile_filefilter_entries - available versions: v6.2.0->latest
      • endpointcontrol_fctems - available versions: v7.0.2->latest
      • extendercontroller_extenderprofile_cellular_smsnotification_receiver - available versions: v7.0.2->latest
      • extendercontroller_extenderprofile_lanextension_backhaul - available versions: v7.0.2->latest
      • extensioncontroller_extenderprofile_cellular_smsnotification_receiver - available versions: v7.2.1->latest
      • extensioncontroller_extenderprofile_lanextension_backhaul - available versions: v7.2.1->latest
      • filefilter_profile_rules - available versions: v6.4.1->latest
      • firewall_accessproxy - available versions: v7.0.0->latest
      • firewall_accessproxy6 - available versions: v7.2.1->latest
      • firewall_accessproxysshclientcert - available versions: v7.4.2->latest
      • firewall_accessproxyvirtualhost - available versions: v7.0.1->latest
      • firewall_carrierendpointbwl_entries - available versions: v6.0.0->latest
      • firewall_casbprofile - available versions: v7.4.1->v7.4.1
      • firewall_identitybasedroute - available versions: v6.0.0->latest
      • firewall_profileprotocoloptions_cifs_filefilter_entries - available versions: v6.4.2->latest
      • firewall_service_category - available versions: v6.0.0->latest
      • firewall_service_custom - available versions: v6.0.0->latest
      • firewall_shapingprofile_shapingentries - available versions: v6.0.0->latest
      • firewall_vip - available versions: v6.0.0->latest
      • firewall_vip6 - available versions: v6.0.0->latest
      • ips_sensor_entries - available versions: v6.0.0->latest
      • ips_sensor_filter - available versions: v6.0.0->v6.2.0
      • mpskprofile_mpskgroup - available versions: v6.4.2->latest
      • mpskprofile_mpskgroup_mpskkey - available versions: v6.4.2->latest
      • pkg_authentication_rule - available versions: v6.2.1->latest
      • pkg_central_dnat - available versions: v6.0.0->latest
      • pkg_central_dnat6 - available versions: v6.4.2->latest
      • pkg_firewall_acl - available versions: v7.2.0->v7.2.0
      • pkg_firewall_acl6 - available versions: v7.2.0->v7.2.0
      • pkg_firewall_centralsnatmap - available versions: v6.0.0->latest
      • pkg_firewall_consolidated_policy - available versions: v6.2.0->latest
      • pkg_firewall_dospolicy - available versions: v6.0.0->latest
      • pkg_firewall_dospolicy6 - available versions: v6.0.0->latest
      • pkg_firewall_explicitproxypolicy - available versions: v6.2.0->v6.2.12
      • pkg_firewall_explicitproxypolicy_identitybasedpolicy - available versions: v6.2.0->v6.2.12
      • pkg_firewall_hyperscalepolicy - available versions: v6.4.7->v6.4.14, v7.0.1->v7.2.0
      • pkg_firewall_hyperscalepolicy46 - available versions: v6.4.7->v6.4.14, v7.0.1->v7.2.0
      • pkg_firewall_hyperscalepolicy6 - available versions: v6.4.7->v6.4.14, v7.0.1->v7.2.0
      • pkg_firewall_hyperscalepolicy64 - available versions: v6.4.7->v6.4.14, v7.0.1->v7.2.0
      • pkg_firewall_interfacepolicy - available versions: v6.0.0->v7.2.2
      • pkg_firewall_interfacepolicy6 - available versions: v6.0.0->v7.2.2
      • pkg_firewall_localinpolicy - available versions: v6.0.0->latest
      • pkg_firewall_localinpolicy6 - available versions: v6.0.0->latest
      • pkg_firewall_multicastpolicy - available versions: v6.0.0->latest
      • pkg_firewall_multicastpolicy6 - available versions: v6.0.0->latest
      • pkg_firewall_policy - available versions: v6.0.0->latest
      • pkg_firewall_policy46 - available versions: v6.0.0->latest
      • pkg_firewall_policy6 - available versions: v6.0.0->latest
      • pkg_firewall_policy64 - available versions: v6.0.0->latest
      • pkg_firewall_proxypolicy - available versions: v6.0.0->latest
      • pkg_firewall_securitypolicy - available versions: v6.2.1->latest
      • pkg_firewall_shapingpolicy - available versions: v6.0.0->latest
      • pkg_user_nacpolicy - available versions: v7.2.1->latest
      • pm_config_pblock_firewall_consolidated_policy - available versions: v7.0.3->latest
      • pm_config_pblock_firewall_policy - available versions: v7.0.3->latest
      • pm_config_pblock_firewall_policy6 - available versions: v7.0.3->latest
      • pm_config_pblock_firewall_securitypolicy - available versions: v7.0.3->latest
      • spamfilter_bwl_entries - available versions: v6.0.0->v7.2.1
      • spamfilter_bword_entries - available versions: v6.0.0->v7.2.1
      • sshfilter_profile_filefilter_entries - available versions: v6.2.2->latest
      • sshfilter_profile_shellcommands - available versions: v6.0.0->latest
      • switchcontroller_dynamicportpolicy_policy - available versions: v7.2.1->latest
      • switchcontroller_managedswitch - available versions: v6.0.0->latest
      • system_sdnconnector_compartmentlist - available versions: v7.4.0->latest
      • system_sdnconnector_externalaccountlist - available versions: v7.0.3->latest
      • system_sdnconnector_externalip - available versions: v6.0.0->latest
      • system_sdnconnector_forwardingrule - available versions: v7.0.2->latest
      • system_sdnconnector_gcpprojectlist - available versions: v6.4.7->v6.4.14, v7.0.2->latest
      • system_sdnconnector_nic - available versions: v6.0.0->latest
      • system_sdnconnector_nic_ip - available versions: v6.0.0->latest
      • system_sdnconnector_ociregionlist - available versions: v7.4.0->latest
      • system_sdnconnector_route - available versions: v6.0.0->latest
      • system_sdnconnector_routetable - available versions: v6.0.0->latest
      • system_sdnconnector_routetable_route - available versions: v6.0.0->latest
      • user_deviceaccesslist_devicelist - available versions: v6.2.2->v7.2.1
      • vap_vlanname - available versions: v7.0.3->latest
      • videofilter_profile_filters - available versions: v7.4.2->latest
      • videofilter_profile_fortiguardcategory_filters - available versions: v7.0.0->latest
      • videofilter_youtubechannelfilter_entries - available versions: v7.0.0->latest
      • vpn_ipsec_fec_mappings - available versions: v7.2.0->latest
      • vpn_ssl_settings_authenticationrule - available versions: v6.2.6->v6.2.12, v6.4.2->latest
      • vpnsslweb_portal_bookmarkgroup - available versions: v6.0.0->latest
      • vpnsslweb_portal_bookmarkgroup_bookmarks - available versions: v6.0.0->latest
      • vpnsslweb_portal_splitdns - available versions: v6.0.0->latest
      • wanprof_system_sdwan_members - available versions: v6.4.1->latest
      • wanprof_system_sdwan_service - available versions: v6.4.1->latest
      • wanprof_system_sdwan_service_sla - available versions: v6.4.1->latest
      • wanprof_system_sdwan_zone - available versions: v6.4.1->latest
      • wanprof_system_virtualwanlink_members - available versions: v6.0.0->latest
      • wanprof_system_virtualwanlink_service - available versions: v6.0.0->latest
      • wanprof_system_virtualwanlink_service_sla - available versions: v6.0.0->latest
      • webfilter_contentheader_entries - available versions: v6.0.0->latest
      • webfilter_profile_filefilter_entries - available versions: v6.2.0->latest
      • webfilter_urlfilter_entries - available versions: v6.0.0->latest
      • wireless_accesscontrollist_layer3ipv4rules - available versions: v7.2.1->latest
      • wireless_accesscontrollist_layer3ipv6rules - available versions: v7.2.1->latest
    • self - The parameter for each selector. type: dict choices:

      • params for apcfgprofile_commandlist:
        • adom
        • apcfg-profile
        • command-list
      • params for application_casi_profile_entries:
        • adom
        • profile
        • entries
      • params for application_list_defaultnetworkservices:
        • adom
        • list
        • default-network-services
      • params for application_list_entries:
        • adom
        • list
        • entries
      • params for application_list_entries_parameters:
        • adom
        • list
        • entries
        • parameters
      • params for bonjourprofile_policylist:
        • adom
        • bonjour-profile
        • policy-list
      • params for casb_profile:
        • adom
        • profile
      • params for casb_saasapplication:
        • adom
        • saas-application
      • params for casb_useractivity:
        • adom
        • user-activity
      • params for cifs_profile_filefilter_entries:
        • adom
        • profile
        • entries
      • params for dlp_dictionary_entries:
        • adom
        • dictionary
        • entries
      • params for dlp_filepattern_entries:
        • adom
        • filepattern
        • entries
      • params for dlp_profile_rule:
        • adom
        • profile
        • rule
      • params for dlp_sensor_entries:
        • adom
        • sensor
        • entries
      • params for dlp_sensor_filter:
        • adom
        • sensor
        • filter
      • params for dnsfilter_domainfilter_entries:
        • adom
        • domain-filter
        • entries
      • params for dnsfilter_urlfilter_entries:
        • adom
        • urlfilter
        • entries
      • params for emailfilter_blockallowlist_entries:
        • adom
        • block-allow-list
        • entries
      • params for emailfilter_bwl_entries:
        • adom
        • bwl
        • entries
      • params for emailfilter_bword_entries:
        • adom
        • bword
        • entries
      • params for emailfilter_profile_filefilter_entries:
        • adom
        • profile
        • entries
      • params for endpointcontrol_fctems:
        • adom
        • fctems
      • params for extendercontroller_extenderprofile_cellular_smsnotification_receiver:
        • adom
        • extender-profile
        • receiver
      • params for extendercontroller_extenderprofile_lanextension_backhaul:
        • adom
        • extender-profile
        • backhaul
      • params for extensioncontroller_extenderprofile_cellular_smsnotification_receiver:
        • adom
        • extender-profile
        • receiver
      • params for extensioncontroller_extenderprofile_lanextension_backhaul:
        • adom
        • extender-profile
        • backhaul
      • params for filefilter_profile_rules:
        • adom
        • profile
        • rules
      • params for firewall_accessproxy:
        • adom
        • access-proxy
      • params for firewall_accessproxy6:
        • adom
        • access-proxy6
      • params for firewall_accessproxysshclientcert:
        • adom
        • access-proxy-ssh-client-cert
      • params for firewall_accessproxyvirtualhost:
        • adom
        • access-proxy-virtual-host
      • params for firewall_carrierendpointbwl_entries:
        • adom
        • carrier-endpoint-bwl
        • entries
      • params for firewall_casbprofile:
        • adom
        • casb-profile
      • params for firewall_identitybasedroute:
        • adom
        • identity-based-route
      • params for firewall_profileprotocoloptions_cifs_filefilter_entries:
        • adom
        • profile-protocol-options
        • entries
      • params for firewall_service_category:
        • adom
        • category
      • params for firewall_service_custom:
        • adom
        • custom
      • params for firewall_shapingprofile_shapingentries:
        • adom
        • shaping-profile
        • shaping-entries
      • params for firewall_vip:
        • adom
        • vip
      • params for firewall_vip6:
        • adom
        • vip6
      • params for ips_sensor_entries:
        • adom
        • sensor
        • entries
      • params for ips_sensor_filter:
        • adom
        • sensor
        • filter
      • params for mpskprofile_mpskgroup:
        • adom
        • mpsk-profile
        • mpsk-group
      • params for mpskprofile_mpskgroup_mpskkey:
        • adom
        • mpsk-profile
        • mpsk-group
        • mpsk-key
      • params for pkg_authentication_rule:
        • adom
        • pkg
        • rule
      • params for pkg_central_dnat:
        • adom
        • pkg
        • dnat
      • params for pkg_central_dnat6:
        • adom
        • pkg
        • dnat6
      • params for pkg_firewall_acl:
        • adom
        • pkg
        • acl
      • params for pkg_firewall_acl6:
        • adom
        • pkg
        • acl6
      • params for pkg_firewall_centralsnatmap:
        • adom
        • pkg
        • central-snat-map
      • params for pkg_firewall_consolidated_policy:
        • adom
        • pkg
        • policy
      • params for pkg_firewall_dospolicy:
        • adom
        • pkg
        • DoS-policy
      • params for pkg_firewall_dospolicy6:
        • adom
        • pkg
        • DoS-policy6
      • params for pkg_firewall_explicitproxypolicy:
        • adom
        • pkg
        • explicit-proxy-policy
      • params for pkg_firewall_explicitproxypolicy_identitybasedpolicy:
        • adom
        • pkg
        • explicit-proxy-policy
        • identity-based-policy
      • params for pkg_firewall_hyperscalepolicy:
        • adom
        • pkg
        • hyperscale-policy
      • params for pkg_firewall_hyperscalepolicy46:
        • adom
        • pkg
        • hyperscale-policy46
      • params for pkg_firewall_hyperscalepolicy6:
        • adom
        • pkg
        • hyperscale-policy6
      • params for pkg_firewall_hyperscalepolicy64:
        • adom
        • pkg
        • hyperscale-policy64
      • params for pkg_firewall_interfacepolicy:
        • adom
        • pkg
        • interface-policy
      • params for pkg_firewall_interfacepolicy6:
        • adom
        • pkg
        • interface-policy6
      • params for pkg_firewall_localinpolicy:
        • adom
        • pkg
        • local-in-policy
      • params for pkg_firewall_localinpolicy6:
        • adom
        • pkg
        • local-in-policy6
      • params for pkg_firewall_multicastpolicy:
        • adom
        • pkg
        • multicast-policy
      • params for pkg_firewall_multicastpolicy6:
        • adom
        • pkg
        • multicast-policy6
      • params for pkg_firewall_policy:
        • adom
        • pkg
        • policy
      • params for pkg_firewall_policy46:
        • adom
        • pkg
        • policy46
      • params for pkg_firewall_policy6:
        • adom
        • pkg
        • policy6
      • params for pkg_firewall_policy64:
        • adom
        • pkg
        • policy64
      • params for pkg_firewall_proxypolicy:
        • adom
        • pkg
        • proxy-policy
      • params for pkg_firewall_securitypolicy:
        • adom
        • pkg
        • security-policy
      • params for pkg_firewall_shapingpolicy:
        • adom
        • pkg
        • shaping-policy
      • params for pkg_user_nacpolicy:
        • adom
        • pkg
        • nac-policy
      • params for pm_config_pblock_firewall_consolidated_policy:
        • adom
        • pblock
        • policy
      • params for pm_config_pblock_firewall_policy:
        • adom
        • pblock
        • policy
      • params for pm_config_pblock_firewall_policy6:
        • adom
        • pblock
        • policy6
      • params for pm_config_pblock_firewall_securitypolicy:
        • adom
        • pblock
        • security-policy
      • params for spamfilter_bwl_entries:
        • adom
        • bwl
        • entries
      • params for spamfilter_bword_entries:
        • adom
        • bword
        • entries
      • params for sshfilter_profile_filefilter_entries:
        • adom
        • profile
        • entries
      • params for sshfilter_profile_shellcommands:
        • adom
        • profile
        • shell-commands
      • params for switchcontroller_dynamicportpolicy_policy:
        • adom
        • dynamic-port-policy
        • policy
      • params for switchcontroller_managedswitch:
        • adom
        • managed-switch
      • params for system_sdnconnector_compartmentlist:
        • adom
        • sdn-connector
        • compartment-list
      • params for system_sdnconnector_externalaccountlist:
        • adom
        • sdn-connector
        • external-account-list
      • params for system_sdnconnector_externalip:
        • adom
        • sdn-connector
        • external-ip
      • params for system_sdnconnector_forwardingrule:
        • adom
        • sdn-connector
        • forwarding-rule
      • params for system_sdnconnector_gcpprojectlist:
        • adom
        • sdn-connector
        • gcp-project-list
      • params for system_sdnconnector_nic:
        • adom
        • sdn-connector
        • nic
      • params for system_sdnconnector_nic_ip:
        • adom
        • sdn-connector
        • nic
        • ip
      • params for system_sdnconnector_ociregionlist:
        • adom
        • sdn-connector
        • oci-region-list
      • params for system_sdnconnector_route:
        • adom
        • sdn-connector
        • route
      • params for system_sdnconnector_routetable:
        • adom
        • sdn-connector
        • route-table
      • params for system_sdnconnector_routetable_route:
        • adom
        • sdn-connector
        • route-table
        • route
      • params for user_deviceaccesslist_devicelist:
        • adom
        • device-access-list
        • device-list
      • params for vap_vlanname:
        • adom
        • vap
        • vlan-name
      • params for videofilter_profile_filters:
        • adom
        • profile
        • filters
      • params for videofilter_profile_fortiguardcategory_filters:
        • adom
        • profile
        • filters
      • params for videofilter_youtubechannelfilter_entries:
        • adom
        • youtube-channel-filter
        • entries
      • params for vpn_ipsec_fec_mappings:
        • adom
        • fec
        • mappings
      • params for vpn_ssl_settings_authenticationrule:
        • device
        • vdom
        • authentication-rule
      • params for vpnsslweb_portal_bookmarkgroup:
        • adom
        • portal
        • bookmark-group
      • params for vpnsslweb_portal_bookmarkgroup_bookmarks:
        • adom
        • portal
        • bookmark-group
        • bookmarks
      • params for vpnsslweb_portal_splitdns:
        • adom
        • portal
        • split-dns
      • params for wanprof_system_sdwan_members:
        • adom
        • wanprof
        • members
      • params for wanprof_system_sdwan_service:
        • adom
        • wanprof
        • service
      • params for wanprof_system_sdwan_service_sla:
        • adom
        • wanprof
        • service
        • sla
      • params for wanprof_system_sdwan_zone:
        • adom
        • wanprof
        • zone
      • params for wanprof_system_virtualwanlink_members:
        • adom
        • wanprof
        • members
      • params for wanprof_system_virtualwanlink_service:
        • adom
        • wanprof
        • service
      • params for wanprof_system_virtualwanlink_service_sla:
        • adom
        • wanprof
        • service
        • sla
      • params for webfilter_contentheader_entries:
        • adom
        • content-header
        • entries
      • params for webfilter_profile_filefilter_entries:
        • adom
        • profile
        • entries
      • params for webfilter_urlfilter_entries:
        • adom
        • urlfilter
        • entries
      • params for wireless_accesscontrollist_layer3ipv4rules:
        • adom
        • access-control-list
        • layer3-ipv4-rules
      • params for wireless_accesscontrollist_layer3ipv6rules:
        • adom
        • access-control-list
        • layer3-ipv6-rules
    • target - Key to the target entry. type: str required: true

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • Selector is a mandatory parameter for the module, and the params is varying depending on the selector.

  • Semantic description for the module: move self action(before or after) target

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Move an object
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Move a firewall vip object
      fortinet.fortimanager.fmgr_move:
        move:
          selector: "firewall_vip"
          target: "ansible-test-vip_first"
          action: "before"
          self:
            adom: "root"
            vip: "ansible-test-vip_second"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least on parameter mpt supported by the current FortiManager version type: list 0

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.